网络钓鱼(Phishing)(发音为钓鱼)是一种通过使用电子邮件等电子通信技术伪装成合法来源诱使您提供个人信息的过程。网络钓鱼(Phishing)是用于窃取个人信息的增长最快的在线犯罪方法之一。
什么是网络钓鱼?
基本上,网络钓鱼电子邮件会尝试获取有价值的信息,例如您的
- 自动柜员机/信用卡号码
- 银行帐号
- 在线帐户登录
- 社会安全号码等
被盗信息可用于进行身份盗窃或从您的银行账户中窃取资金。身份(Identity)盗窃意味着破解者可以伪装成他已获得信息的人,并以他们的名义进行各种活动。
常见的网络钓鱼类型
网络钓鱼是通过各种方式进行的。最常见的是通过电子邮件、网站和电话。
- 网络钓鱼电子邮件(Phishing Emails):伪装成合法来源的电子邮件被发送给受害者,很可能要求提供前面提到的详细信息。
- 网络钓鱼网站(Phishing websites):设置了与真实公司或银行相似的网站,可能会误导受害者输入重要的详细信息,例如用户名和密码。
- 网络钓鱼电话(Phishing phone calls):以银行或类似机构的名义向受害者拨打电话。受害者被要求输入或告知机密数据,例如PIN 码(PIN)。
详细阅读(Detailed read):网络钓鱼类型 – 备忘单。(Types of Phishing – Cheat Sheet.)
网络钓鱼攻击的特征
以下是通常与网络钓鱼电子邮件或网站相关的一些特征。
Request for submitting personal information – most companies do not ask their customers to submit confidential data via emails. So if you find an email asking for your credit card number, there is a high probability that it is a phishing attempt.
The sense of urgency – most phishing emails demand immediate action. Emails saying your account will be deactivated in a day if you don’t enter your credit card number is an example.
Generic salutation – Phishing emails generally start with a Dear customer instead of the user’s name.
Attachments – Phishing emails might also have attachments with them which will mostly contain malware.
- 显示的链接将是图像,而实际链接可能不同。
- 实际链接可以使用HTML进行屏蔽。因此(Thus),显示的文本将是 http://websitename.com/,而超链接集将是 http://www.othersite.com。
- 另一种方法是在链接中使用@。如果链接包含“@”符号,则您被转到的URL将是“@”符号之后的 URL。(URL)例如,如果链接是 www.microsoft.com/ [email protected] /?=true,那么您将被带到的实际URL是(URL)web.com?=true。
- 带有数字而不是网站名称的链接。示例:www.182.11.22.2.com
注意:要查看URL,只需将鼠标悬停在链接上(但不要单击),链接就会显示出来。
- 错误(Bad)的语法和拼写 - 网络钓鱼电子邮件很可能包含错误的语法和拼写错误。
- 钓鱼网站可能看起来与原始网站一模一样,但它们的URL可能略有不同或完全不同。因此,当您访问网站时,请确保URL是正确的。
- 此外,合法网站在输入您的数据时使用SSL来保护您的信息。对于必须提交用户名/密码或其他私人信息的页面,请(Make)确保URL以https:// 而不是HTTP :// 开头。(HTTP)
阅读:(Read:) 点击任何链接之前的注意事项(Precautions to take before you click on any link)。
避免网络钓鱼的拇指规则
- 如果您发现邮件可疑,请不要单击其URL(URLs)或下载附件。您还可以在 Outlook.com 中报告网络钓鱼电子邮件。(report Phishing emails)
- 不要使用您的个人信息回复可疑电子邮件。
- 使用带有网络钓鱼保护功能的浏览器,例如最新版本的 IE、Firefox、Opera、Chrome等。它们带有定期更新的已知网络钓鱼站点的黑名单,如果您碰巧访问这些站点中的任何一个,它们将提醒你。
- 使用最新的防病毒软件。
- 当然,利用您的电子邮件提供商的垃圾邮件过滤器
- 遵循安全计算提示(Safe computing tips)。
网络钓鱼的变种
大多数计算机用户和互联网(Internet)冲浪者现在都知道网络钓鱼(Phishing)及其变体:
- 鱼叉式网络钓鱼(Spear Phishing),
- Tabnabbing也称为 Tabjacking。
- 捕鲸(Whaling)
- 快闪
- Vishing 和 Smishing 诈骗。
你能发现网络钓鱼攻击吗?您知道如何避免网络钓鱼诈骗(avoid Phishing scams)吗?参加SonicWall(SonicWall)的这项测试并测试您的技能 让我们知道您的表现如何!
What is Phishing and how to identify Phishing Attacks?
Phishing (pronounced fishing) is a process which entices you to give out personal information by using electronic communication technologies such as emails, masquerading to be from a legitimate source. Phishing is one of the fastest rising online crime methods used for stealing personal information.
What is Phishing?
Basically, a phishing email attempts to obtain valuable information such as your
- ATM /credit card number
- Bank account number
- Online account logins
- Social security number, etc.
The stolen information could be used for carrying out identity thefts or stealing money from your bank account. Identity theft means that the cracker could disguise as the one whose information he has obtained and carry out various activities in their name.
Common types of Phishing
Phishing is carried out via various means. The most common ones are through emails, websites, and over the telephone.
- Phishing Emails: Emails masqueraded as from a legitimate source are sent to the victim most probably asking for the details mentioned earlier.
- Phishing websites: Websites that look similar to genuine companies or banks are setup that could mislead the victim into entering important details such as the username and password.
- Phishing phone calls: Calls are made to the victims in the name of a bank or similar institution. The victim is made to enter or tell confidential data such as a PIN number.
Detailed read: Types of Phishing – Cheat Sheet.
Characteristics of Phishing attacks
The following are some of the characteristics generally associated with a Phishing email or website.
Request for submitting personal information – most companies do not ask their customers to submit confidential data via emails. So if you find an email asking for your credit card number, there is a high probability that it is a phishing attempt.
The sense of urgency – most phishing emails demand immediate action. Emails saying your account will be deactivated in a day if you don’t enter your credit card number is an example.
Generic salutation – Phishing emails generally start with a Dear customer instead of the user’s name.
Attachments – Phishing emails might also have attachments with them which will mostly contain malware.
- The link that is displayed will be an image while the actual link could be different.
- Actual links can be masked using HTML. Thus, the text displayed will be http://websitename.com/ while the hyperlink set will be http://www.othersite.com.
- Another method is by using @ in the link. If a link contains the ‘@’ sign, the URL you’re taken to will be the one after the ‘@’ sign. For example, if the link is www.microsoft.com/[email protected]/?=true, the actual URL you will be taken to is web.com?=true.
- Links with numbers instead of the website name. Example: www.182.11.22.2.com
NB: To see the URL, just hover your mouse over the link (but don’t click), and the link will be displayed.
- Bad grammar and spelling – There’s a good chance that phishing emails might contain bad grammar and spelling mistakes.
- Phishing websites might look exactly like the original ones, but their URL might be slightly or completely different. Hence, make sure that the URL is the correct one when you visit a website.
- Also, legitimate websites use SSL for protecting your information when entering your data. Make sure that the URL starts with https:// instead of HTTP:// for pages where you have to submit username/password or other private information.
Read: Precautions to take before you click on any link.
Thumb rules to stay safe from Phishing
- If you find a mail suspicious, do not click its URLs or download attachments. You can also report Phishing emails in Outlook.com.
- Do not reply to suspicious emails with your personal information.
- Use a browser that comes with phishing protection such as the latest versions of IE, Firefox, Opera, Chrome, etc. They come with blacklists of known phishing sites that are regularly updated, and if you happen to visit any of these sites, they will alert you.
- Use a good up to date anti-virus.
- And of course, make use of your email provider’s spam filters
- Follow Safe computing tips.
Variants of Phishing
Most computer users and Internet surfers are now aware of Phishing and its variants:
Can you spot Phishing attacks? Do you know how to avoid Phishing scams? Take this test by SonicWall and test your skills Let us know how well you fared!