Phshing for Websites

It had to happen sooner or later - the phishers (hackers who send out emails or other communications that purport to come from someone you already deal with) are sending out bogus requests for confirmation of FTP (File Transfer Protocol) login and password information.

Once you have answered their call - and given away the keys to your site - they infect your site with their nasty malware and use your bandwidth and reputation to scam others out of their banking information - or put up files for others to download burning up your bandwidth allocation and disk space.

I've seen both Bank of America and Italian sub-titled movies dropped onto computers as well as a host of other nasty stuff.

So, along with bogus notices from Facebook about a new login system - NOT!

and notes from the Royal Bank about changes in my account - NOT!

and zip files containing waybill information or invoices from various shipping companies - NOT!

we now have to worry about others gaining access to our web sites via our webmasters.

Personally I'm glad I have complete control over the machines I host sites on and don't use FTP - I use SFTP and SSH with public/private keys - no passwords ever hit the wires. When will the hosting companies learn that FTP is not secure and should no longer be used.