You’ve probably heard of all the hack attacks going on lately. From Sony PlayStation, Nintendo and Sega to Lockheed Martin and Citibank, large companies are seeing the wrath of hackers looking for monetary gain by stealing consumer information.

But it’s not just large companies getting hit. The Anti-Phishing Working Group is reporting that more than one-third of respondents to a new Web Vulnerabilities Survey were repeat victims of phishing attacks—and those attacks ended with success.

Thirty-seven percent of respondents reported that their Web sites had phishing or spoof sites planted on their Web servers two or more times before, a telling statistic that reflects both the persistence of phishers and the difficulties of keeping them at bay.

“Phishers value compromised web sites highly because they are much harder for interveners to take down. They’re confident that they’ll be able to identify and exploit sites, and do so repeatedly. Victims are not mitigating exploits entirely or are not implementing adequate measures to keep them away,” says APWG Research Fellow Dave Piscitello of ICANN.

“Keeping all components of a web site—OS, web server, applications, and content—patch current and applying the most secure configuration options possible could significantly reduce initial and repeat attacks.”

Some general takeaways from the report:

  • Web sites could do better implementing preventative measures

  • Organizations aren’t adequately monitoring for strange behavior or suspicious traffic patterns

  • 20% of victims say the attacks were discovered by their own staff

  • 52% percent were informed of the attack by third-party security companies


“You can’t publish active content in Internet time and verify that your protective measures against attacks remain effective. Vulnerability testing, if done at all, is done too infrequently,” says Piscitello. “That nearly 80 percent of incidents are being detected by third parties tells us that too few organizations take real time monitoring or examination of logs for suspicious activities seriously.”

When it comes to Internet security, a little common sense can go a long way. Here are four tips for protecting your small business from a phishing attack.

  1. Don’t open e-mails or attachments from people you don’t know.

  2. Pay attention to where links are actually taking you.

  3. If you are suspicious, close the browser immediately. Open a new window and type in the URL manually to the site you are trying to visit.

  4. Remain cautious and use safe e-mail and browsing habits consistently to avoid becoming aloof.


Check out this YouTube video with more practical advice: