Another Security Scare

This story will probably hit the papers any day now. An unspecified and dangerous loophole has been announced that will allow fraudsters to direct you to their own fake web sites even though you are using a genuine web address. In simple terms, it's as if they have found a way to get the directory enquiries operator to give you a fake telephone number. Everyone trusts the directory enquiries operator, so it's a serious breach in security.

What can you do about it? Almost nothing, just be aware of the risk until the loophole has been closed and follow the advice below. You are most at risk if you are outside America or Europe, or perhaps logging-on at an Internet cafe or using WiFi at an airport or hotel. If you attempt to log-on to any financial institution and it doesn't accept your login and password, be suspicious. It might be wise to contact them and check, they should know from the storm of irate phone calls they will receive if they have been targeted. They can reset your password and check for any fraudulent activity in that case.

This is essentially a race against time, all the major Internet service providers (ISPs) have already fixed the problem, many others are working on it, but many in the further-flung reaches of the Internet will take weeks or maybe months to "get around to it". That is because of the way the names-to-numbers information is distributed around the Internet, and the lax way that some ISPs in remote parts of world behave.

If you'd like an explanation, here it is:

When you type-in a web address, such as www.natwest.com, your computer needs to look it up somewhere to get a number that tells it where to find that specific site. In this case it ought to be: 155.136.80.213 and that's where your browser will take you. Where it looks for that number depends on how you are connecting to the Internet because the index of names-to-numbers is distributed across nine million computers located all around the world. Your computer goes to the one designated by the ISP you are using. If you are in the UK and you are using BT, for example, then it will access one of theirs and you will be safe.

If you are sitting in a dodgy-looking cyber cafe and you don't know who you are using, you cannot know if you are safe. It doesn't matter who your ISP is at home or at work: if you're not at home or work it depends on who you are using at that time. So the number that gets returned might be 123.45.67.890 - but you would not know that and your computer will take you to a site that looks like the one you want to go to. You then unwittingly type in your login and password details, and it's pay day again for another fraudster.

Do please be cautious.

Bookmark/Search this post with:

Mark Griffin's blog

Mark Griffin

Mark has a long history of working with computers and the Internet, he has delivered presentations and courses on many topics over the years. His opinion is actively sought and highly valued.

Twitter Updates

Search this Site

User login

Client Testimonial

Sir Clive Sinclair says: "Mark Griffin has been a wonderful advisor and I trust and value his expertise on web sites. I certainly recommend Cyberpoint to anyone."

Site Creation Services

Cyberpoint can create attractive, easy-to-use web sites that present your business in the best possible light. We work closely with you to establish your requirements and ensure the finished web site is exactly what you want at a price you are happy with. Our web sites are hand crafted, and every site is different the better to reflect the uniqueness of your business. We are also able to provide web sites with "content management systems" so you are able to keep your own web site up-to-date without the need for a webmaster.

Site Support Services

Cyberpoint can provide on-going maintenance and support for your web site, thus relieving you of the overhead and freeing you to focus on what is important for your business. Through this continuing involvement, we can provide timely advice when changes or updates might be appropriate as web site trends and standards continue to evolve or as your business develops. Cyberpoint can also respond to any technical emergencies and answer questions you might have about the operation or performance of your web site.

Training and Consultancy

Cyberpoint have a wide experience of developing and delivering training courses to bring you and your staff up-to-speed on a range of topics related to the conduct of your on-line business, especially in the important area of e-mail communications with customers.

We are also able to provide consultancy services to help you understand, plan, and develop business objectives for your on-line presence which will assist you in contracting for work in this area with a clear idea of what you need and what is being offered by suppliers.

About Cyberpoint

Cyberpoint have been creating professional web sites and providing insightful advice and expertise since 1995. We have satisfied many clients of every size and shape in every market, government and corporate, e-commerce, retail, business-to-business and many more besides.

Please scroll down the page to read Mark Griffin's blog, or look in the columns either side to learn how Cyberpoint can help you achieve your goals on the Internet. Feel free to create an account so you can post questions and comments.

Pay Invoices On-Line

Clients are welcome to settle their invoices directly into our PayPal account on-line. Please just click on the button below and enter the invoice number and amount to be paid in the secure PayPal window that will open.

Cyberpoint - The On-Line Business Experts