Hello and welcome to the first NetPass Blog post for 2010.  We hope you all had a safe and enjoyable holiday.  To ensure you stay safer online in the new year, we’re gearing this post towards one of the biggest security threats online, phishing, and how you can protect yourself and your business.

Often, phishing involves the use of e-mail whose source is disguised as one from an established legitimate enterprise sent to users in an attempt to scam them into providing personal information that may collected and used for identity theft purposes.  In many cases, phishing scams direct users to click links within these e-mails to websites that have also been disguised to appear legitimate where they are prompted to “update” personal information such as usernames, passwords, credit card info, social security numbers, etc.  that the legitimate enterprise already has.  The bogus website then forwards that information to the scammers who use it to steal identities and/or make unauthorized purchases.

While this is a very common occurrence (many of you have received some sort of phishing scam in your e-mail box at some point or another), there may soon be a boom in phishing attempts as a result of the new ICANN (International Corporation for Assigned Names and Numbers) policy approved in October, 2009 that opens the domain registry to include IDN’s (Internationalized Domain Names) whereby domain names may be represented by local language characters or scripts other than Latin such as Chinese or Arabic.

The premise behind this new policy is most certainly a welcome one and we applaud ICANN and all parties involved in the process for their diligence in making it a reality.  After all, making IDN’s available ensures a more global Internet community for all opening new business connections through decreased language barriers.

The concern lies in how these character-labeled domain names translate within browser spot checks, as some of these letters have the same appearance in different languages, while actually being a different character from the computers interpretation.  For example, a URL within an e-mail may say www.legitimatesite.com and when clicked, the URL might translate a character based URL into www.legitimatesite.com even though it’s a dummy site set up to “phish” for the unauthorized collection of personal information for illegal use making it more difficult to discern if you are on a legitimate site or not.

So how do you protect yourself?  There are a few common practices you can adopt that will help protect you from becoming a victim of phishing-based identity theft as follows:

(1)    Always read the privacy and terms of use policies of those companies with whom you do business online.  These policies should include information about how these companies will contact you, what information they will typically request from you (pay particular attention to what they will commonly request by e-mail – most will not send you “change information” e-mails), how your personal information is stored and to whom (if anyone) it may be distributed.

(2)    Even if you feel 100% confident that the e-mail you received is legitimately from the company it says it’s from, never ‘click’ a link within an e-mail.  Instead, we highly recommend you copy and paste the URL from the e-mail directly into your browser.  Even better, simply visit the main website of the company using the known URL and locate the area of interest from there.

(3)    If you receive a suspicious looking e-mail (or even one that looks legitimate) that encourages you to click a link to “change” personal information, you may want to contact the actual company by phone (call numbers that are authentic, not those – if any – that are provided in the e-mail) to validate the request and/or report prospective fraud.

Remember, some phishing based e-mails may look so real that it’s hard for even the legitimate company they claim to be to tell whether or not it’s real so always be on guard.

Now that you’re protecting yourself from potential identity theft, are you protecting your personal computer from spyware and viruses?  While you should always be sure that your anti-virus software is active and virus definitions are up-to-date, the beginning of a new year is an excellent time to double check.  Bear in mind that many antivirus and spyware programs are subscription based, so unless your subscription is current, you may not be protected against new threats.  Don’t have anti-virus software installed on your computer?  You should… period.  There are a number of reliable products available for sale including Norton by Symantec and McAfee.  There are also several reliable no-cost anti-virus options available including:

1. Microsoft’s Security Essentials – this antivirus suite is available for FREE from Microsoft and available for Windows XP, Vista and Windows 7 users.  Get more information at http://www.microsoft.com/Security_Essentials/.
2. Avast Home Edition – a completely FREE for non-commercial home use.  Home edition does not include anti-spyware capabilities.  For this feature, Avast also makes available a fee-based Professional Edition.  For more information on Avast products, visit http://www.avast.com.
3. ClamWin – a completely FREE antivirus software program for Windows 7, Vista, XP, ME, 2000, 98 and Windows Server 2003 and 2008.  ClamWin is a viable no-cost antivirus solution, but note that ClamWin does NOT offer on-access real-time scanning.  All scans must be manually done on a file by file basis  to detect viruses or spyware when using ClamWin.  To learn more, visit http://www.clamwin.com/.

Note: NetPass does not endorse nor does it vouch for any claims or statements made by the manufacturer and/or distributor of any of the products mentioned herein.  We strongly suggest you do your own research to determine what, if any, of these options may be suitable for you.

Lastly, don’t forget to protect your business, your customers and potential customers by updating the code behind your website and other online products.  Just like anything, keeping your website up-to-date within current industry standards and protocols is paramount to its security and reliability.

Outdated code or code structures that fall outside of current standards and protocol criteria can lead to (1) website vulnerabilities that can lead to site hacking, (2) diminished search engine ranking, and (3) domain blacklisting (often resulting from a site whose code allows others to use the site to mass distribute viruses to web uses).  Smaller implications include sites that just don’t display properly by today’s standards which can hinder how and what visitors see when on your site that can lead to shorter visit times and less “call to action” responses.

At the very least, have your site regularly scanned for vulnerabilities.  NetPass offers this service for FREE to anyone – regardless of whether or not you’re a client, so contact us at support@netpass.com to schedule yours today.

NetPass also offers a variety of SEO (site optimization) services geared towards ensuring websites are compliant and optimized for search engine recognition as part of a comprehensive set of available SEM service packages.  To learn more, contact our Online Marketing division at sem@netpass.com or call toll-free 888.296.7277 ext. 8926.

Protecting yourself, your computer and your online product(s) is a giant step towards ensuring you have the safest 2010 possible.  Want to learn more about anything in this post of more about NetPass and its products and services?  E-Mail sales@netpass.com or call toll-free 888.2986.7277.  Happy New Year to you all!