Violations such as Sony's PlayStation Network hack to bear spear phishing attacks, which target individuals and more dangerous than ordinary varieties. It is not clear how much personal data perpetrators hack the Sony PlayStation Network is obtained, but clearly much worse that the data breach earlier this month Epsilon. The Epsilon exposed to violations of just names and email addresses, information that is fairly easy to obtain. PSN exposed to violations of the full name, password, email address, home address, and purchase history. This may have been exposed credit card numbers too, although Sony reports that credit card data was encrypted.
If you have not seen the costs outlined on your bill yet, maybe they do not get your credit card number. However, the wealth of other personal data exposed to allow criminals to create phishing messages are far more convincing. Types of attacks have been aimed dubbed "spear phishing." They will get a credit card yet, if you're not careful.
Eternal Vigilance
Vigilance is key to staying safe from spear phishing attacks. Do not let any personal information in a quiet close your messages into a false sense of security. Here are some examples:
Just because a message containing your home address does not mean it is valid. In fact, a legitimate letter from a bank or vendors generally do not have to include this information, unless the notification delivery to that address. You may be surprised how easy it is to get anyone's home address using a tool such as ZabaSearch or Spokeo
The presence of your home phone number in the message means nothing. In addition to those lookup website, there's always the phone book.
Only the vendor knows the password of your website, right? So the message contains a password and a warning to change it must be valid? Wrong! A legitimate vendor will never send your password in an email.
An email message that contains a social security number (or last four digits) should be examined carefully. This information is not too difficult to obtain, and once again a legitimate sender will not expose it in an email.
Fundamental Things Apply
The point is, you do not have to automatically trust the message email. These rules apply even if the fundamentals of email messages that look legitimate because they already have some of your personal information.
Here they are:
Do not click on links in e-mails claiming to be from your bank. If the message warned of the problem accounts that require your attention, run your browser and go directly to the bank site.
If you are at all suspicious links in e-mail message, mouse over the link. Most of the e-mail client will reveal the URL destination. A URL link that does not fit with other objectives link is a red flag.
Note the URL in the Address bar browser. Many phishing sites do not even try to use a trusted URL. Others use a misleading version of the URL is correct, perhaps paypla.com or ebay.something.com. If the URL looks wrong, leaving the site and enter the real URL by hand.
Do not submit your data. Yes, you can save time on multiple vendor Web sites to register with your credit card and other personal details. But it puts your data at the mercy of hackers who breach security vendors.
Go for green! modern browser address bar green when they have been validated a site EV (Extended Validation) certificates of safety. A green address bar means that the site is legitimate.
Use a password management tool such as LastPass 1.72 Premium to store your login. The utility will automatically fill in your credentials at the correct Web site but not on a counterfeit copy.
Install a security suite that includes an effective phishing protection. Norton Internet Security 2011 and BitDefender Total Security 2011 is the best in phishing detection.
Data breach gives the bad guys ammo to phishing attacks. Phishing attacks, in turn, can lead to violations of the new data. It is a vicious circle that will only stop when we all started paying attention.
How to Avoid Phishing Attacks
0 nhận xét:
Đăng nhận xét