While stores will be packed this weekend with holiday shoppers looking for Black Friday bargains, another group of shoppers will be sitting at home – safely and comfortably looking for Christmas bargains.
But home-shopping isn’t risk-free.
High-tech “phishers” are also trolling the Internet, looking for account data and personal information of unsuspecting computer-users all across the country.
“The idea behind phishing is that an attacker will try to get you to enter your information into a decoy website that looks exactly like the legitimate one you are used to using,” Wesley McGrew, a scientist at Mississippi State University‘s Center for Cyber Security Research, said in an MSU release. “The decoy site will allow them to collect your username and password, and once they have that, they can access any personal or financial information you’ve stored on that account.
“If you receive an e-mail directing you to log in to a site, that should be your first warning that you might be going to a phishing site,” McGrew said. “It’s important to be aware of how you arrive at a website and its always best to be suspicious if anything seems wrong or if your Web browser issues a warning.”
Another security issue can be passwords.
McGrew said people should regularly change their account passwords and, most importantly, use strong passwords that include letters, numbers and symbols. An account doesn’t need to be phished if the password can be easily guessed, like the ones on Mashable.com’s list of the year’s worst passwords, as released by SplashData.com.
The top 10 on this year’s list (with its change from last year in parenthesis):
1. password (unchanged)
2. 123456 (unchanged)
3. 12345678 (unchanged)
4. abc123 (up 1)
5. qwerty (down 1)
6. monkey (unchanged)
7. letmein (up 1)
8. dragon (up 2)
9. 111111 (up 3)
10. baseball (up 1)
11. iloveyou (up 2)
12. trustno1 (down 3)
13. 1234567 (down 6)
14. sunshine (up 1)
15. master (down 1)
16. 123123 (up 4)
17. welcome (new)
18. shadow (up 1)
19. ashley (down 3)
20. football (up 5)
21. jesus (new)
22. michael (up 2)
23. ninja (new)
24. mustang (new)
25. password1 (new)
McGrew has several tips to help people recognize and avoid phishing attacks:
>> Never reply to an e-mail that directly asks for username and password information.
>> Don’t follow links from an e-mail to log in to a website. Type in the Web address and use the site directly.
>> Before entering login information on a website, be sure that the Web address begins with “https” or that there is a lock icon in the address bar, which means information entered on the site will be encrypted during transmission.
If information was entered into the false website, McGrew said users should:
>> Immediately change the password.
>> Monitor the account for unauthorized activity.
>> Change the password for any accounts that might be linked to the one that was compromised.
BEFORE YOU GO…
… we’d like to ask for your support. More people are reading the Mississippi Business Journal than ever before, but advertising revenues for all conventional media are falling fast. Unlike many, we do not use a pay wall, because we want to continue providing Mississippi’s most comprehensive business news each and every day. But that takes time, money and hard work. We do it because it is important to us … and equally important to you, if you value the flow of trustworthy news and information which have always kept America strong and free for more than 200 years.
If those who read our content will help fund it, we can continue to bring you the very best in news and information. Please consider joining us as a valued member, or if you prefer, make a one-time contribution.Click for more info