As a website owner or administrator, you are more likely to be targeted by phishing. Here are a few security rules to follow and the phishing techniques you should watch out for.
1) As a website owner, you are likely to receive phishing emails asking you to renew your domain name or web hosting
When the renewal date for your domain name or your website hosting approaches, you might receive a fraudulent email inviting you to renew quickly so you don’t lose your domain name or your website. Make sure you know the name of the company where your domain names and your website hosting are registered. Here is the list of the main companies our clients deal with: Koumbit, DomainePlus.com, GoDaddy, Funio, Likuid. Always check the sender’s domain name; for example, info@godaddy.com is not the same company as info@go.daddy.com. Finally, if you are not sure of the sender’s identity, do not click on the links in the email. To learn more about phishing, see the Royal Canadian Mounted Police website http://www.rcmp-grc.gc.ca/scams-fraudes/phishing-fra.htm
Why am I more at risk of receiving a phishing email around the renewal date of my domain name or my website?
Because there is a public registry of domain name owners, and it shows the expiry date of domain names. Hackers therefore know when to send you the phishing email. See https://www.whois.com to look up your domain name in the registry.
2) If you use an email address created from your domain name, make sure your emails are encrypted
All hosting providers offer the ability to create email addresses from your domain name. For example, our domain name is www.zaa.cc and our general email address is support@zaa.cc. When you set up your email address in your preferred software (Outlook, Mail, Thunderbird) or in Gmail, Hotmail/Live or Yahoo, make sure you use SSL/TLS encryption settings. https://en.wikipedia.org/wiki/Email_encryption When you create your email address, in your hosting provider’s control panel, you will be given the POP/IMAP and SMTP codes; always select the SSL/TLS version so that your emails are encrypted. Encrypting your emails prevents a third party from reading them while the message travels across the web. Before reaching the recipient, an email has to pass through several servers, and each server can technically read your emails if they are not encrypted. Do not hesitate to write to us at support@zaa.cc if you need help setting up your email address.
3) Do not share passwords or personal information by phone or text message
For many years now, any government, phone company or malicious group has been able to listen to and record all communications passing through the SS7 cellular network. On this topic, see the Enquête report from November 23, 2017 http://ici.radio-canada.ca/tele/enquete/site/segments/reportage/48148/enquete-ss7-ecoute-telephone-reseaux-securite All that is needed is for the hackers to have your cell phone number. They are also able to determine which cell tower you connected from, allowing them to geolocate you. To protect your bank accounts, emails and other accounts, make sure you use communication that goes through the web and that is encrypted. For this, there are apps to secure your conversations and messages. We recommend Signal https://signal.org/; to learn more http://ici.radio-canada.ca/nouvelle/812903/triplex-snowden-signal-application-android-ios-info To learn more about the security of your communications http://ici.radio-canada.ca/nouvelle/1069181/protection-appels-textos-telephones-cellulaire-reseau-securite-espionnage-applications
4) Use strong passwords
For all the websites you log in to, make sure you have strong and unique passwords for each website. The goal is to prevent bots from discovering your passwords. Here are the best practices for creating passwords:
- Use a password that is 12 to 14 characters long (8 being the minimum);
- Use lowercase and uppercase letters, as well as numbers and symbols (!@#$%?&*();
- Create random passwords whenever possible;
- Above all, never use the same password twice;
- Avoid repeating the same character, keyboard character sequences, dictionary words, sequences of letters or numbers
- Avoid using your username as your password, or the names of people close to you or pets, or personal information (identification number, names of parents/children or birth dates);
- Avoid using a password that may be known by colleagues or acquaintances.
Source: https://en.wikipedia.org/wiki/Password_strength
Password manager
Another solution is to use a password manager that you can use on both your computer and your phone/tablet. A password manager lets you create random, different passwords for all the sites you use. We recommend LastPass https://www.lastpass.com/ Note that it is best to know your bank account password by heart. If you have any questions, do not hesitate to write to us at support@zaa.cc.