网络钓鱼诈骗(Scams)是指通过电子邮件等方式欺骗您提供个人信息的诈骗。我们已经了解了什么是网络钓鱼(what is Phishing)。在本文中,我将提供一些有关如何避免网络钓鱼攻击和诈骗的提示。
避免网络钓鱼攻击
这些避免网络钓鱼诈骗的技巧是基于APWG(反网络钓鱼工作组(Anti-Phishing Working Group))的建议,该组织正试图统一全球对网络犯罪(Cybercrime)的响应。该组织为网络犯罪响应者和管理者提供了一个论坛,以:
- 讨论(Discuss)网络钓鱼和网络犯罪问题
- 考虑潜在的技术解决方案
- 访问(Access)网络安全应用程序和网络犯罪取证的数据物流资源
- 培养致力于网络犯罪和
- 就网络犯罪的性质向政府、行业、执法和条约组织提供建议
以下是APWG关于如何避免网络钓鱼诈骗的一些重要建议。
不要相信询问(Trust Emails Asking)个人详细信息(Personal Details)的电子邮件
如果您需要更正任何内容,最好手动输入机构的URL,而不是单击电子邮件中的链接(原因在下一节中解释)。手动登录(Log)并进行更改 - 只有在与显然向您发送电子邮件的机构确认后。
请注意,没有银行会向您发送电子邮件询问详细信息,因此在处理此类电子邮件时要小心谨慎。
不要点击(Click Links)电子邮件中询问(Emails Asking)个人详细信息(Personal Details)的链接
它可能看起来像是来自您信任的金融机构之一的电子邮件。不过,永远不要点击电子邮件中的链接——甚至看不到链接指向的位置。在单击任何链接之前,(precautions before you click on any link)您应该始终采取一些预防措施。如果您想知道链接指向的位置,请将鼠标指针悬停在锚文本上。您可以在电子邮件客户端底部看到该链接。如果您在此处看不到链接,请将其复制并粘贴到记事本(Notepad)中。
发生的情况是,如果它是一个恶意网站,它可能会在您登陆该网站的那一刻下载一些包含恶意代码的内容。即使您的防病毒软件检测到它并将其删除,代码也可能已经造成损害——通过复制或发送硬盘驱动器的图像。
在某些情况下,他们创建的网站看起来与您的金融机构的网站一模一样。但是当您查看URL时,您会注意到不同之处。例如,PayPal链接类似于http://paypal.com/something,而网络钓鱼链接则为http://something.com/PayPal。如有疑问,您可以使用这些URL 扫描器(URL Scanners)中的任何一个的免费服务来检查任何网站的真实性。
(Customer Care Links)询问详细信息的邮件(Mails Asking)中的客户(Details)服务链接
某些电子邮件可能包含指向您金融机构网站的客户服务链接。同样,它们可能包含指向隐私(Privacy)政策或类似内容的链接。所有这些都是旨在欺骗您提供数据的元素。不要迷恋这些链接。同样(Again),没有银行会通过电子邮件向您询问详细信息。
当我们在这里时,我建议即使有人打电话给您,也不要泄露个人信息。随着身份盗窃的增加,人们正在使用社会工程来获取属于您或您身边或亲近的人的数据。在信息交流方面,请亲自前往相关金融机构进行交流。
确保(Make Sure)供应商(Vendor)使用安全网站(Secure Website)
网上(Online)购物是下一件大事。它使您无需离开家就可以购物。为避免在线购物中出现网络钓鱼诈骗,请确保要求您提供信用卡/借记卡信息的网站是安全的。直到不久前,当您在地址栏中看到锁定图标时,您就知道该网站是安全的。如今,他们也可以欺骗锁定图标。为确保您位于安全站点,请双击锁定图标以查看该网站的安全证书。养成手动输入URL的习惯。
为了进一步保护您的浏览器,您可以使用任何安全系统的工具栏。如果您使用的是Internet Explorer,请打开 SmartScreen 过滤器(turn on the SmartScreen filter),以便您知道网站是否是钓鱼网站。
使用最新的浏览器
如果您使用的是较旧的浏览器,这些浏览器的弱点很可能已经被利用。如果您选择最新的浏览器,软件公司会尝试在安全方面不断改进。当发现漏洞时,您会收到最新的补丁。再次(Again),安装一个安全工具栏,以便它可以检查您正在访问的网站以及已知的网络钓鱼站点,以提醒您可能存在的诈骗。
APWG建议使用最新版本的Internet Explorer或您使用的任何其他浏览器。
密切关注银行对账单
最后但并非最不重要的一点是,请继续检查您的银行帐户对帐单和借项/贷项对帐单,以确保没有违规行为。这可以帮助您发现有时可能是网络钓鱼的错误,从而导致身份盗用。
这解释了如何避免网络钓鱼诈骗。如果您收到网络钓鱼电子邮件,您也可以通过将电子邮件转发至[email protected]进行举报([email protected])
说到诈骗,请查看以下一些链接:(Speaking of scams, have a look at some of these links:)
- 避免在线诈骗并知道何时信任网站(Avoid online scams and know when to trust a website)
- 避免欺诈性使用 Microsoft 名称的诈骗(Avoid scams that fraudulently use the Microsoft name)
- 避免 Vishing 和 Smishing 诈骗
- 注意捕鲸骗局(Whaling scams)
- 避免在线购物欺诈和假日季节诈骗(Avoid Online Shopping Fraud & Holiday Season Scams)
- 避免网络鲶鱼社会工程诈骗。(Avoid Internet Catfishing Social Engineering Scams.)
How To Avoid Phishing Scams and Attacks?
Phishing Scams are those which foоl you into giving out personal information by using emails, etc. We have alrеady seen what is Phishing. In this article, I will give some tips on how to avoid Phishing attacks and scams.
Avoid Phishing Attacks
These tips to avoid phishing scams are based on the recommendations of APWG (Anti-Phishing Working Group), an organization that is trying to unify global response to Cybercrime. The organization provides a forum for responders and managers of cybercrime to:
- Discuss phishing and cybercrime issues
- Consider potential technology solutions
- Access data logistics resources for cyber-security applications and cybercrime forensics
- To cultivate the university research community dedicated to cybercrime and
- To advise government, industry, law enforcement and treaty organizations on the nature of cybercrime
The following are some of the important recommendations of APWG on how to avoid phishing scams.
Do Not Trust Emails Asking For Personal Details
In case you need to correct anything, it is better to type the URL of the institution manually than clicking links in an email (reason explained in the next section). Log in manually and make changes – only after confirming with the institution that apparently sent you the email.
Note that no bank will ever send you an email asking for details so steer clear when dealing with such emails.
Don’t Click Links In Emails Asking For Personal Details
It might look like an email from one of the financial organizations you trust. Still, never click the links in the email – not even to see where the link is leading. You should always take some precautions before you click on any link. If you wish to know where the link is leading, hover your mouse pointer over the anchor text. You can see the link at the bottom of your email client. If you can’t see the link there, copy and paste it into Notepad.
What happens is that if it is a malicious website, it may download a bit containing malicious code the moment you land on the website. Even if your antivirus detects it and removes it, the code might do the damage already – by replicating or by sending out an image of your hard drive.
In some cases, they create websites that look exactly like your financial organization’s website. But you can notice the difference when you look at the URL. For example, PayPal links would be like http://paypal.com/something while the phishing link would be http://something.com/PayPal. In the case of doubt, you can use the free services of any one of these URL Scanners to check the genuinity of any website.
Customer Care Links In Mails Asking For Details
Some emails may include customer care links to your financial organization’s website. Similarly, they might include links to Privacy policies or something similar. All these are elements that intend to trick you into giving out your data. Do not fall for those links. Again, no bank will ever ask you for details via email.
While we are here, I recommend you should not give away personal information even if you are called by someone. With identity thefts on rising, people are using social engineering to fish out data belonging to you or someone near and dear to you. When it comes to the exchange of information, do it in person by visiting the relevant financial institution.
Make Sure That Vendor Uses Secure Website
Online shopping is the next big thing. It allows you to go shopping without having to leave your home. To avoid phishing scams that come in the grab of online shopping, make sure the website asking you for credit/debit card info is secure. Until some time back, you knew the website is secure when you see a lock icon in the address bar. These days, they can spoof the lock icon as well. To make sure you are on a safe site, double click the lock icon to see the certificate of security for the website. Make it a habit to manually enter the URL.
To further secure your browser, you can use toolbars from any security system. If you are using Internet Explorer, turn on the SmartScreen filter so that you know if a website is a phishing site.
Use Latest Browsers
If you are using an older browser, the chances are that the weaknesses of these browsers have already being exploited. If you go for the latest browser, the software companies try to keep on improving on the security aspect. You receive the latest patches as and when vulnerabilities are found. Again, install a security toolbar so that it can check the websites you are visiting with the known phishing sites to alert you about possible scams.
APWG recommends using the latest version of Internet Explorer or any other browser that you use.
Keep A Watch On Bank Statements
Last but not the least, keep on checking your bank account statements and debit/credit statements to make sure there are no irregularities. This helps you spot errors which may sometimes be a case of phishing and thereby, identity theft.
This explains how to avoid phishing scams. If you receive a phishing email, you may also report it, by forwarding the email to [email protected]
Speaking of scams, have a look at some of these links:
- Avoid online scams and know when to trust a website
- Avoid scams that fraudulently use the Microsoft name
- Avoid Vishing and Smishing Scams
- Be aware of Whaling scams
- Avoid Online Shopping Fraud & Holiday Season Scams
- Avoid Internet Catfishing Social Engineering Scams.