Phishing and Computer Security
I am sure everyone has received an email advising them that their bank has introduced some new security method which requires them to enter passwords and other security details into a web page or face discontinuation of a service.
This is called PHISHING and is usually carried out by criminals to persuade innocent victims to give away information that they may use to gain access to bank accounts, credit card accounts or other financial accounts.
It usually starts with an email
'The xyz bank has recently upgraded its security systems to make your account more secure and to protect your account from unauthorised access. To ensure that these new security measures are applied to your account you must change your password.
Click on the link www.any1bank.co.uk.'
If you click on the link you are taken to a web-site which looks remarkably like the web-site for your bank, cheekily, it may even have a warning on it that you should take care to make sure any information you provide is secure. You are invited to enter your security details. By doing this you have provided the phisher with information to permit theft of your money.
No bank or other financial institution would ever ask you to enter these details on an email.
If in any doubt carry out the following:
Phishing is the number one method at the moment for fund generation by criminals.
Don't fall for it
This is called PHISHING and is usually carried out by criminals to persuade innocent victims to give away information that they may use to gain access to bank accounts, credit card accounts or other financial accounts.
It usually starts with an email
'The xyz bank has recently upgraded its security systems to make your account more secure and to protect your account from unauthorised access. To ensure that these new security measures are applied to your account you must change your password.
Click on the link www.any1bank.co.uk.'
If you click on the link you are taken to a web-site which looks remarkably like the web-site for your bank, cheekily, it may even have a warning on it that you should take care to make sure any information you provide is secure. You are invited to enter your security details. By doing this you have provided the phisher with information to permit theft of your money.
No bank or other financial institution would ever ask you to enter these details on an email.
If in any doubt carry out the following:
- Never put passwords into an email (email is not secure)
- If asked to click on a link, hover your mouse over then link and see if the link is the same as the hover information
- If possible type in the web information you hold already for your bank
- On a bank website look for the closed padlock symbol which shows that the site is secure
- If it looks at all suspicious don't do anything with it
- Forward the email to your bank for them to deal with it
- Telephone your bank and ask if the email is genuine
- If you have been fooled and do enter information into a phishing web-site contact your bank immediately and them what you have done. This may mean that your account is frozen while action is taken. You will have to change passwords of course.
Phishing is the number one method at the moment for fund generation by criminals.
Don't fall for it
Labels: computer security, phishing
Posted: Thursday, 30 August 2007
Business Continuity Planning
The flooding in July has shown that companies with proper business continuity plans have done well with little or no interruption in services. Those companies with no business continuity plans in place have fared less well. Some of these have been caught napping and their systems went down with uncertainty about resumption dates and doubts about insurance cover may mean that some companies ceased to trade.
A basic Business Continuity Plan looks at possible threats to the company and what action would be appropriate in these circumstances, moreover the actions are tested before disaster strikes and any corrective actions incorporated.
Plans that are put in place but are untested often fall at the first fence; an example of this is the company that has an uninterruptible power supply in place to deal with mains power loss, but takes no account of an interruption lasting an hour or more when the UPS power is exhausted.
Most of the planning is just common sense, but tell that to those companies facing ruin.
A basic Business Continuity Plan looks at possible threats to the company and what action would be appropriate in these circumstances, moreover the actions are tested before disaster strikes and any corrective actions incorporated.
Plans that are put in place but are untested often fall at the first fence; an example of this is the company that has an uninterruptible power supply in place to deal with mains power loss, but takes no account of an interruption lasting an hour or more when the UPS power is exhausted.
Most of the planning is just common sense, but tell that to those companies facing ruin.
Labels: Business Continuity Planning, ISO27001
Posted: Wednesday, 22 August 2007
0 Comments:
Post a Comment