link to content
Essentials at NC State Home
Help | ResNet | Computing@NC State | For OIT Staff | Publications | Search NC State | Feedback
to content; left navigation begins
your unity account
antivirus and security
email and messaging
connections and labs
your computer
software at nc state
web pages
education and training
other resources
ITD Sections

Can the companies I deal with online help protect me from phishing?

Ask each company that you do business with over the Internet what they are doing to educate their customers about phishing and to make their sites safer. Here are some policies that online businesses and organizations can adopt:

  • Avoid communicating with your customers in ways that can be easily imitated by phishers.
  • Have a clear domain name strategy that makes it difficult for someone to imitate your Web site.
  • Periodically check for Web sites that use unauthorized variations of your company name.
  • Eliminate any application security flaws that could allow malicious hackers to hijack your own Web site addresses.
  • Don't use instant messages, pop-ups or email to collect information unless your customer initiates the contact.
  • Never use an urgent, threatening or time-sensitive tone in email.
  • Explicitly spell out Web site links and keep them as straightforward and descriptive as possible.
  • Don't hypertext words like "click here." Scammers do this to mask false Web site addresses.
  • Don't use cross-site scripting on your Web site.
  • Personalize your customers' emails with non-threatening personal data such as a first name so that the recipient knows that the email is coming from a company that knows them.
  • Ask your customers to respond via your main home page as much as possible.
  • Authenticate your Web sites using digital certificates.
  • Clearly communicate your anti-phishing strategy to your customers.

Content last updated May 3, 2005 by dlschmid
Page last modified May 19, 2005 by cawalker

jump to content
jump to content Go to page top Page Top | OIT | PolicyDisclaimer