About Us Membership Resources OTA Members Login

 

    Data Breach & Incident Response Email Authentication  | Related  Resources  l  EV SSL Certificates  I   Phishing Page  

Sample Phishing Notification  Page

In an effort to aid brand owners in protecting their brand and domains from exploits, OTA has created sample text a brand owner might include on their web site once they have taken down a deceptive or infringing web site.  Doing so can provide users a "teachable moment" provide prescriptive advice and confidence that you have eliminated a potential threat.  Support your brand, OTA recommends this as a best practice  and if preferable to getting a page not found or other error.  Such pages are recommended to be part of a domain defense strategy and online incident response plan.  Visit back for more information and planning documents.

Special thanks to the Digital Phish Net, APWG, Internet Identity, Microsoft  and OTA members for their input. 
For additional efforts visit the Anti-Phishing Working Group (APWG)


ALERT!
You have been redirected to this page because the site you clicked on has been identified as a deceptive web site.  As part of our commitment to online safety and consumer protection, we have removed this page from the internet.
What is Phishing?
Phishing attacks use spoofed e-mails and fraudulent websites to fool recipients into revealing personal information. By using trusted brands of well-known companies such as financial institutions, online retailers, ISPs and credit card companies, phishers attempt to dupe innocent consumers into revealing their personal information. Phishing schemes are typically delivered via forged e-mail, purporting to come from trusted brands and often attempt to install malicious software on your computer without consent.
Who are these Phishers?
They are criminals and organized crime syndicates who are trying to steal your personal information in order to use it for their financial gain. This often results in unauthorized credit card charges, ATM transactions, account transfers, or new account creations using YOUR identity!
 
NEVER reveal personal information to an unverified recipient. This includes:
  • Login names and passwords
  • Credit card numbers
  • PIN numbers
  • Bank account numbers
  • Mother's maiden name
  • Social Security number
  • Date of birth 

 Protect yourself from Phishers! Don't get lured in!

  • Never respond to requests for personal information via e-mail.
  • If the e-mail looks "phishy" call the company that claims to have sent you the e-mail to verify its authenticity. Look up the phone number on your own and do not trust any numbers supplied by the e-mail without verifying them.
  • Never trust hyperlinks in e-mails. Visit websites by typing the URL into your address bar.
  • Review your credit card and bank statements for any unusual transactions. Report them immediately if you find any unauthorized transactions.
  • Report suspected abuses of your personal information to the proper authorities.
  • Do not use the same passwords on multiple sites.

Creating Strong Passwords
Use strong passwords for all web sites, requiring frequent changes.  A strong password should appear to be a random string of characters meeting the following criteria:

  • Make it lengthy. Each character increases the protection that it provides many times over.
  • Your passwords should be 8 or more characters in length.
  • Combine letters, numbers, and symbols. The greater variety of characters, the harder it is to guess.
  • Use the entire keyboard, not just the most common characters. Symbols typed by holding down the "Shift" key and typing a number are very common in passwords.
  • Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.

To report phishing sites
If you encounter other phishing web sites report them using tools within your internet browser solutions which offers dynamic phishing protection.  To report to law enforcement visit the IC3 (Internet Crime Complaint Center) and the FTC (Federal Trade Commission) consumer identity theft web site

Monitor your Credit Report
We recommend you monitor your credit report annually.  Credit reports are available at no-charge annual from the three leading credit reporting agencies including Equifax, Experian and TransUnion.  The only FTC authorized site is https://www.annualcreditreport.com/cra/index.jsp 

Look for the Green Address Bar
When banking or purchasing online, look for sites which display the "Green Address Bar", now supported by all leading browsers and over 4,000 leading ecommerce sites.  Such sites meet the standards for qualifying for Extended Validation Secure Site Server Certificates.  When you see Green you can be assured the site is who the state they are and meet this new standard.  For more information visit EV Cert Resources

EV Cert Example

Learn more about Phishing
http://www.antiphishing.org
http://www.fraudwatchinternational.com/phishing-fraud/phishing-home
http://www.consumer.gov/sentinel
http://www.microsoft.com/athome/security/yourself/scams/protectyourself_antispam.mspx

 Thanks to input from the Digital Phish Net, US Chamber of Commerce and Microsoft Corporation for their input.


Revised 1/5/2010