1 . Such as no links in e-mails.
2 . If you see an e-mail that has a link or is suspicious please report it to email@example.com
3 . Do not enter your credentials on a site that looks suspicious.
4 . If you come to the website and it's missing an HTTPS (secure) then do not provide any information and report it to firstname.lastname@example.org
5 . XXXX company does not provide login forms on any other site other than XXXX proper.
For what it's worth, this is a good idea and these are good points. I'd sort them out as follows:
1) Send no email that contains URLs in the message body.
2) Use SSL for all Web pages that contain web forms or solicit input from users.
3) Provide no logins or access from any site other than the specified site.
1) Assume that emails that contain links or ask for information are scams and report them to email@example.com
, which forwards them to the proper location.
2) Report web URLs that begin with anything other than "https" to firstname.lastname@example.org
3) Do NOT EVER click a link in an email, or hit reply, and provide any private information to what you think is a request from your bank or financial institution. It isn't. It's a scam.
I also recommend that Mt. Gox, Tradehill, CampBX, Flexcoin, and any other Bitcoin bank or exchange designate a specific person responsible for security in their system, and that this person keep on top of security issues. For example, I would hope that the people responsible for these sites are aware of a major hack/compromise in the SSL security system that was reported a couple of weeks ago -- the DigiNotar hack. To summarize, one of the links in the security chain that ensures SSL connections are secure was hacked and extremely good forged certificates were issued for several heavily used web sites, such as Google, Yahoo, the Tor Project, and others. That allowed the hackers to intercept secure SSL communications between these sites and users. It appears that the Iranian government, not cyberthieves, was responsible -- THIS time. But a group of cyberthieves could just as easily have issued certificates for Bank of America, CitiBank, Wells Fargo, or somewhere else where people keep money, snooped THOSE communications, and... You get the idea.
If you want the details on this hack, PM me or email me and I'll fill you in. (It's highly technical and off-topic here.) But Bitcoin isn't immune from this sort of thing. Somebody at each Bitcoin bank and financial site needs to keep on top of this and be responsible for taking active security measures to fend off the bad guys.