Proofpoint: Security, Compliance and the Cloud

FBI head Robert Mueller was at the Commonwealth Club of San Francisco yesterday speaking about online security and opened his remarks with a personal story about nearly falling for a classic "update your information" phishing email.

Check out the video above... After discussing the event with his wife, she apparently told him, "No more Internet banking for you!"

While the anecdote might be a little embellished to illustrate the point that anyone can potentially be fooled by a phishing scam, it's a good reminder. As we head into the holiday season, Proofpoint expects to see the number and diversity of phishing emails increase as usual.

Feels like I post these all the time, but here once again are Proofpoint's "Golden Rules" for staying safe online:

1. Be aware: View with suspicion any email with requests for personal IDs, financial information, user names or passwords. Your bank, government agencies, online services or legitimate online stores are unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer. Never send personal financial information such as credit card numbers and Social Security numbers via email.
   
2. Don’t click: If you receive a suspicious email, don’t click the links in the email and never open file attachments from anything but 100 percent trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.
   
3. Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure.
   
4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site and ensure that the page you are using is secure before entering sensitive information.
   
5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during this time of financial turmoil and during the upcoming holiday season. If you see anything suspicious, contact the financial institution immediately.

Tip 'o' the blog to CNET's "InSecurity Complex" blogger Elinor Mills, who covered the Mueller's appearance at the Commonwealth Club and also has more details about the FBI's big phishing bust on Wednesday ("Operation Phish Phry"). Find her full story here:

http://news.cnet.com/8301-27080_3-10370164-245.html