Tuesday 6 October 2009

Phish and Chips?

Do you use Windows Live/MSN/Hotmail/Windows Passport?  What about Google, AOL and Yahoo services?  If so, you may be well changing your password.  A large list of user accounts are believed to have been ‘phished’ from Internet users across the globe, originally thought to be centered on the Windows Live services, but now appears to be spread across many of the top companies.

Now, Phishing is quite a common occurrence related to IT security, but it certainly serves as a reminder that you should follow a few simple rules on the Internet and in Email.

  • Always use different, complex passwords on each service you register for.
  • Change those passwords on a regular basis
  • Never respond to requests for information, either via email or pop-up messages.  If you receive an email from a company that you do business with, go to their website directly – NEVER EVER EVER click on a link provided by email.
  • Engage brain before operating hand or mouth – Stop, take a deep breath and think about what you’re being asked for.  Don’t give it out and if you feel like you have to, why not give false information instead?
  • Check your statements/accounts regularly for any irregularities, and if you spot anything, contact the company IMMEDIATLY.
  • Many companies have a contact us area which you can report phishy emails to.  They will be able to investigate on your behalf and notify the relevant authorities.  Again,  visit their website by entering the address manually in the browser rather than clicking a link.

If you have difficulty remembering your passwords or building complex passwords to use,  why not investigate the KeePass utility.   This is a secure password vault in which you can store a database of usernames, sites and passwords in a safe, encrypted manor. I’ve started using it on my home computer and also on my mobile phone whilst at work (with synchronised databases) and allows me to keep a record of all of the websites Ive registered for and the secure password associated with it.  That way, all I have to do is remember one secure password to unlock the vault rather than 50-100 or use the same password across multiple services.  You should just remember to back it up regularly to ensure that you don’t loose all your passwords in one fell swoop!

The BBC have an article on the attack HERE.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)