latest update

Protect yourself against Malware and Phishing attacks, a few suggestions

Dear Clients,

It has been a rising issue of concern to see the increase in Malware, Phishing attacks and Fraud scams over internet. Here we would like to share a bit of information on the same and suggest ways to have a safe surfing experience.

What is Phishing?

The explosive growth of Internet commerce has attracted the attention of everyone, including a new breed of online criminals who attempt to steal your passwords, your credit card numbers, and other personal information by impersonating authority figures from a bank or other institution with whom you have a financial relationship. The best defense against this growing threat is to be aware of the problem, and to be alert when conducting your online business.

Fraud of this kind is sometimes called Phishing or Web Forgery, and in analogy to fishing, your private information is the catch. There is more than one kind of bait, but the most common type is e-mail, apparently from your bank, coupled to a Web site resembling your bank's, so precisely copied that you may not discern the difference. You will be encouraged to log in and "verify" your customer information: in other words, to reveal your password, credit card number, or other private data.

What is a Malware?

The expression “Malware” is a general term used by computer professionals to refer to a variety of hostile or intrusive software or program code. Malware includes computer Viruses, Worms, Trojans (or Trojan horses), most Rootkits, Spyware, dishonest Adware, and other malicious scripts and unwanted software.

For the same reason that you have anti-virus software installed, you may want protection from Web sites that distribute viruses or other malicious software, collectively known as malware. The concept of malware encompasses not just viruses, but also scripts that exploit security problems in the browser or in browser plug-ins, scripts that may run automatically when you load a Web page.

Solutions for all

1) Use latest updated browsers

Because incursions of these types are so widespread, many people and companies thought it as a good idea to incorporate some degree of fraud protection in the browsers as mostly the internet access happens through browsers only. Hence, the strategy pursued by many latest browsers is to consult a database, to find out whether your surfing trajectory has been redirected or the site has been involved in or reported for malware attacks or suspicious scripts. Although it is not possible to completely eliminate the risk of encountering a phishing Web site, the risk may be minimized. The following are a few such browsers which have an updated database of such sites and provide proper protections and warnings to restrict users while surfing:

  1. Google Chrome 3
  2. Mozilla Firefox 3
  3. Opera 9.5
  4. Safari 4
  5. Internet Explorer 8.

A special mention is required about the Internet Explorer 6 or lesser browsers. These do not have such protections and hence the users are more vulnerable to such attacks.

You can find the details of such protection in the documentations of your browser. We suggest that you please check once and confirm that your browser is updated properly with such protection.

2) Have proper Firewall, anti virus and security suite installed

Along with the browser protection you are certainly required to have an internet security suite with firewall and a proper updated anti-virus program with the ability to detect such attacks and take necessary actions.

For website designers, developers and managers

For the people who are involved in designing, developing and uploading websites or managing dynamic websites, we suggest exercising extra caution.

  1. Never store your passwords in unsafe manner
  2. Use proper connection or secured connections to access the hosting servers
  3. Secure your local network and ISP connection properly with firewalls
  4. While developing any scripting pages test the code for security vulnerabilities, restricts open upload scripts, use proper server-side and client side validations etc.
  5. Use proper authentication and confirmation for members or forum based sites
  6. Use SMTP authenticated mailing scripts for script based mails
  7. Keep your server account under check and report any anomaly
  8. Have strong passwords with special characters, numbers, upper case letters etc.
  9. Change passwords regularly
  10. Keep yourself updated with the latest developments over the internet and make others aware.

Please feel free to contact us at for any further clarification or assistance.

Posted on: Sunday, 18th October 2009 8:11 AM