Overview of New Ad-Center Policy: Phishing

The privacy of your personal information is our priority, as affiliates of Ad-Center network it is also your responsibility to ensure that you exercise caution and do not become victim of “Phishing”.

 

The Law on Phishing

Anti-phishing Act of 2005 – Amends the U.S. Federal criminal code to criminalize Internet scams involving fraudulently obtaining personal information (phishing).

Basically it is illegal for anyone to use a website, email or other Internet-based method to “solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business.”

Phishing often involves the use sophisticated methods to trick you. Scammers may go so far as to create a replica of a logo, a web page, an email or some other official document.

We have all had these types of messages at one time or another in our email: “You have won a lottery” or “Win a Free Trip to Disney Land by entering this Lucky Draw.” The reality is far different than what these messages promise. Most of the times, these are phishing scams and clicking on the links redirect you to fake websites meant to “phish” personal information.

Typical techniques you may be exposed to:

  • Hidden URLs. Link manipulation is a widely used technique for phishing scams. It is done by directing a user through fraud to click a link to a fake website. 

Though the domains are unique, sub-domains are not, and hence no domain owner can prevent anyone from using their name as a sub-domain of their domain. Whether technical or nontechnical, one should always remember that the URL hierarchy always goes from right to left. 

  • Cross-Site Scripting. Cross-site scripting, or XSS, is an attack in which a hacker executes malicious script or payload into a legitimate web application or website. It is a very common and widely used technique in which the victim is not directly targeted. Rather, the attacker exploits a vulnerability in a web application or website that is visited by a user. Eventually, a malicious script is delivered to the victim’s browser. 
  • Website Spoofing. Another technique used for web forgery, website spoofing, is done by creating a fake website that looks similar to a legitimate website that the user actually intends to access. A spoof website has a similar user interface and design and often has a similar URL.

  

Anti-Phishing Tips

Most attackers use a WordPress site to distribute malware via phishing and many site administrators have no idea that phishing pages are on their site. The files are not included with the legitimate pages, and the website doesn’t appear to be different.

You will have to inspect the code to understand if your site has been hacked. These pages will be standalone and buried within the CMS.

Technical anti-phishing countermeasures involve securing the web server, the web applications running on it, browser clients, and the HTTP communication from phishing attacks. You can also do one of the following:

  • Secure Connections (HTTPS)
  • Secure Login Features
  • Web Browser Features and Settings
  • Email Client Configuration
  • SPAM Filters
  • Phishing Sites Monitoring
  • Alternative Transaction Verification Channels

 

Notice of Suspicious Pages

In an attempt to provide a safe environment to all affiliates and visitors, if we will receive any notifications that an affiliate page using Ad-Center links, looks suspicious. Our policy team will notify you as soon as possible and recommend removing that page immediately.  

 

Ressource: https://resources.infosecinstitute.com/wordpress-phishing-scams-what-every-user-needs-to-know/

Have more questions? Submit a request

Comments

Powered by Zendesk