Christmas time…mistletoe and cyber crime

Online Control Panel, Security

Are you all set for Christmas? Or are you like me… in a panic after suddenly realising its next week?! There’s so much to do, so many gifts still to get, it is the time for giving after all, but unfortunately it’s also the time for seasonal scammers to strike. Christmas is an especially dangerous time for online crime so before you go on your merry holidays we thought we’d remind you of the cyber crime stories of 2012 and give you some tips on how to keep your online activities safe.

This year, we’ve seen many high profile security breaches including threats to large entities such as Twitter, Yahoo, Google and LinkedIn to name just a few. In some cases users personal information and passwords were exposed, for example, nearly 6.5 million LinkedIn users passwords were stolen by Russian cybercriminals and in another incident hackers posted online what they said was login information for more than 450,000 Yahoo users.

As more and more of us turn to online shopping to beat the Christmas crowds, cyber criminals are ready and waiting to intercept your seasonal good cheer. According to a McAfee study commissioned by MSI International last year more than a third of consumers lack the protection needed across their digital devices. You can see McAfee’s ’12 Scams of Christmas’ below.

So with all these threats quietly lurking around every cyber corner, here are some tips on how best to protect your online security through your Online Control Panel.

1. One of the easiest ways to protect yourself online is by regularly changing your passwords. We recommend you use passwords that are not based on a dictionary word,  are at least eight characters long and contain a variety of letters, numbers and characters. You should always  avoid using the same passwords across all your online accounts and as with any password you should never share it with anyone. We’ve recently been encouraging our customers to regularly update their email passwords, if you’d like to change yours now please follow the easy steps outlined in the following guide.

2. If you have Web Hosting, check your sites FTP settings to ensure they are set correctly. FTP passwords can be stolen from your machine by viruses or hackers who can gain access to your content and upload or download whatever they like to your website, either just for fun or for more sinister reasons. Our FTP Lock facility allows you to restrict FTP access to specific – “safe” – IP addresses and set specific periods of time when your FTP is open for ‘upload’ or ‘download’.  We recommend you keep your FTP restricted and locked at all times when not in use. Find out more about FTP or follow our step by step guide ‘How to implement FTP security’.

3. Update your Access Rules in the security settings in your Online Control Panel. If, for example, you manage your website from the UK only, you can add a rule that will mean you can only access your website controls from the UK. Don’t worry if you’re a jet setter though, there is no limit to the amount of countries you can add to the Access Rules. You can also add Access Rules at domain level so if you have more than one domain name, you can restrict access to whichever ones you like, giving you more control.

4. Block email spam and don’t click on links from people you don’t know. If you regularly receive spam to your mailbox, an easy way to stay safe is to add the spam email addresses to your blacklist through your Online Control Panel. Follow our step by step guide to start cleansing your mailbox now for the New Year.

We would like to take this opportunity to wish you all a very safe and Happy Christmas and best of luck with the rest of your shopping if you are like me!



  1. With regards to your FTP Sitelock feature: While I have no issue with the promotion of security which should always be taken seriously, it is normal practice with most other hosting companies to offer the FTP sitelock to users rather than mandate it. By mandating it you are making your hosting facility very difficult to use for users that are on a dynamic IP addressing scheme. I have read your guidance for users on a dynamic IP address and it is not very useful, it is making it more complicated for them to access their hosting. You may claim that people can hack their way into sites, however equally it should be possible to detect multiple failed attempts with a password and userID pair and then block the hackers source IP address or shut down all access. If you have introduced it for legal reasons, then having the ability to consciously turn it off if a client does not want it would be a more user friendly option that your current system.

    • Hi Mark,

      Thanks for your feedback regarding this. We’re very conscious that a lot of customers use the same password for all of their online services (FTP, email, online banking, Facebook etc) so we are trying to adopt a responsible approach and instilling the concepts of password / account security into customers as simply as we can.

      I take on board your feedback about usability but it is inevitable that the more secure a system becomes, the less usable it becomes. The key is to strike a balance between the two which is what we are trying to achieve.

      With regards to customers with dynamic IP addresses, they will just need to login to their Online Control Panel once every thirty days and open up access for the next thirty days.

      Thanks for passing on your comments, which have been noted.

Comments are closed.