假期快到了。距离黑色星期五和网络星期一(Black Friday and Cyber Monday)还有不到两周的时间。对于零售商来说,这是一年中最美妙的时刻——随着购物者争先恐后地抢到最优惠的价格并提前完成圣诞购物(Christmas shopping)(就像他们总是说他们会这样做,但不知何故从未成功),收入会上升。
不幸的是,每年的这个时候也是骗子的最爱。当有大量且数量有限的产品时,消费者可能不会太仔细地关注一个网站是否是真正的交易。
诈骗者利用这一点拼凑出一个假网站,乍一看可能会欺骗某人(有时甚至更彻底地检查)。他们所需要的只是让您输入您的信用卡信息(credit card information),然后他们就可以参加比赛了。
在这个假日季节(holiday season),防范诈骗和网络钓鱼尝试的最佳方法是了解这些迹象。知识(Knowledge)将是你最强大的武器。这是您在开始圣诞节购物(Christmas shopping)时要寻找的东西,这样您就可以带着您的身份、银行账户(bank account)和健全的理智从另一边(sanity intact)出来。
检查 URL 和发件人(Check The URL & Sender)
制作一个看起来像真实网站的网站非常简单。遇到网站或收到要求您确认某些信息或登录您的帐户以调查可疑活动的电子邮件并不罕见。
该电子邮件可能看起来像是来自受信任的来源。你可以读六遍,并没有发现任何不妥之处。但是,有两件事要记住。
首先(First),他们提供的URL不一定是它发送给您的 URL。这是一个例子。在新窗口中打开下面的链接。
http://www.google.com
惊喜!可能会写出URL,但只需几秒钟即可将超链接指向其他位置。网络钓鱼尝试使用此功能将客户引导至虚假登录页面,该页面会窃取其零售网站、银行等的用户ID 和密码(IDs and passwords)。
另一个技巧是域名(domain name)附有有效域名(domain name)和虚假部分,使域名完全虚假。下面(Below)是一个例子。它看起来很容易被发现,但在移动设备上,地址栏通常只显示(address bar)域名(domain name)中的前 10 到 15 个字符,这意味着最后一部分将被隐藏。
http://www.microsoft.com-gooddeals.com
要记住的第二件事是,任何网站(无论如何您都应该使用)将通过安全协议(secure protocol)让您登录。看看你的网址栏(URL bar)。看到URL开头的“ HTTP ”了吗?这是超文本传输协议(hypertext transfer protocol.)的首字母缩写。当您登录网站时,请确保它显示HTTPS。添加的字母代表安全(secure)。这意味着通过网站发送的数据是加密的。
(Hover)将鼠标悬停在超链接上并查看(hyperlink and look)目的地。根据经验,任何合法网站或银行(website or bank)都不会通过电子邮件向您索取用户名和密码(username and password)。这几乎总是网络钓鱼企图(phishing attempt)的迹象。如果有什么可疑之处,请直接联系该组织并在提交之前询问。
最后,检查电子邮件的发件人。它通常会有一个名称,或者可能会说诸如客户支持(Customer Support)之类的内容。但是,如果您查找实际的电子邮件地址(email address),它通常类似于 [email protected] — 显然是一个假帐户。
搜索文本(Search The Text)
大多数网络钓鱼电子邮件是彼此的变体。检查某事是否合法的一种简单方法是搜索发件人和几句话。只需将带有“诈骗”一词的文本复制并粘贴(Just copy and paste)到Google中,然后查看它返回的结果。您是唯一成为骗局目标的人的可能性很小;大多数这些尝试都来自农场,并一次发送给成千上万的用户。
许多网络钓鱼电子邮件会警告您您的帐户即将到期,或者您需要重新登录或输入帐单详细信息,通常对给您带来的不便表示歉意。大多数机构不会通过电子邮件请求这些详细信息,而是会要求您检查您的帐户。
引导您的内在英语老师并寻找拼写和语法错误(Channel Your Inner English Teacher & Look For Spelling & Grammar Mistakes)
您可能会偶然发现一个提供一些惊人优惠的网站,但您会发现有些(notice something)地方似乎有些不对劲——即拼写和语法(spelling and grammar)很糟糕。许多虚假网站和诈骗电子邮件都具有这种共同特征。
正确的拼写和语法(Proper spelling and grammar)是演讲的一个关键方面,而正确的演讲是专业精神的一个关键方面。网站竭尽全力确保读者能够理解他们的信息。
如果您发现一个拼写和语法(spelling and grammar)很糟糕的网站要求您提供任何个人信息,则几乎可以肯定它是假网站骗局(website scam)。这条规则的一个例外是一些业余博客分享他们发现的交易,这些交易将您引导到亚马逊(Amazon)。
这些博客可能会使用会员链接,如果您免费购买产品,这些链接将为他们赚取佣金。业余网站可能并不总是有最好的拼写或语法(spelling or grammar),但只要它们不要求您输入信用卡(credit card)或其他个人信息,它们就应该是安全的。
寻找好得难以置信的交易(Look For Too-Good-To-Be-True Deals)
在线(Online)零售商的存在是为了赚钱。如果交易看起来会赔钱,他们可能会——这意味着这笔交易很可能是假的。有时您可能仍会收到产品,只是质量比您想象的要低。Wish网站就是一个很好的例子。
虽然很受欢迎,但 Wish 产品通常是假冒产品或质量显着降低。该网站不是骗局或网络钓鱼尝试,但也不是完全诚实的。
密切(Pay)关注您访问的任何网站上的交易。作为一般规则,您应该只在经过认证的知名零售商处在线购物。像Amazon、Website、Best Buy和其他类似的(Best Buy)网站(Website)通常是安全的。特定品牌的网站通常也是一个不错的选择。但是,如果您发现一个您从未听说过以 100 美元提供 iPad Pro的网站,请远离。
Joseph Heller说:“仅仅(Just)因为你偏执并不(paranoid doesn)意味着他们不追随你”。网络犯罪(Cybercrime)逐年稳步增加,不可能跟踪每一个新的骗局。2013 年至 2018 年间,FBI报告称,企业因网络诈骗损失了 125亿美元。(billion)几乎 91% 的网络钓鱼尝试都是从电子邮件开始的;不幸的是,许多人通过电子邮件收到销售通知。
保持警惕(Be vigilant)并相信自己的直觉。一旦你知道要寻找什么,大多数骗局几乎很容易识别。
How To Spot a Fake Website Or Phishing Attempt This Holiday Season
The holidays are almost upon us. Black Friday and Cyber Monday are less than two weeks awаy. For retailers, it’s the most wonderful time of year—revenue goes up as shoppers scramble to snag the best dеals and finish their Christmas shopping early (lіke they always say they’re going to do, but somehow never succeed in doing).
Unfortunately, this time of year is also a favorite of scammers. When there is a great deal and a finite number of products, consumers might not look too closely at whether a website is the real deal or not.
Scammers take advantage of this to throw together a fake website that could fool someone at first glance (and sometimes on even more thorough inspection.) All they need is for you to enter your credit card information and they’re off to the races.
The best defense against scams and phishing attempts this holiday season is to know the signs. Knowledge will be your strongest weapon. Here’s what to look for as you begin your Christmas shopping so that you come out the other side with your identity, bank account, and sanity intact.
Check The URL & Sender
It’s dead simple to make a website that looks just like a real one. It’s not unusual to encounter a website or receive an email asking you to confirm some information or to log into your account to investigate suspicious activity.
The email might look like it comes from a trusted source. You can read it a half-dozen times and find nothing out of place. However, there are two things to remember.
First of all, the URL they provide isn’t necessarily the one it sends you to. Here’s an example. Open the link below in a new window.
http://www.google.com
Surprise! The URL might be written out, but it takes only a few seconds to direct a hyperlink somewhere else. Phishing attempts use this to direct customers to a fake sign-in page that steals their user IDs and passwords for retail sites, banks, and more.
Another trick is a domain name that has a valid domain name attached along with a fake part, making the domain completely fake. Below is an example. It may look like it’s super easy to spot, but on a mobile device, the address bar normally only shows the first 10 to 15 characters in the domain name, meaning the last part will be hidden.
http://www.microsoft.com-gooddeals.com
The second thing to remember is that any site (that you should use, anyway) will log you in through a secure protocol. Look at your URL bar. See the “HTTP” at the very start of the URL? That’s an acronym for hypertext transfer protocol. When you log into a website, make sure it says HTTPS. The added letter stands for secure. This means data sent through the website is encrypted.
Hover your mouse over the hyperlink and look at the destination. As a rule of thumb, no legitimate website or bank will ever email you and request your username and password. This is almost always a sign of a phishing attempt. If something seems suspicious, contact the organization directly and ask before you submit.
Finally, check the sender of the email. Often it will have a name or might say something like Customer Support. However, if you look for the actual email address, it’s often something like [email protected]—clearly a fake account.
Search The Text
Most phishing emails are variants of one another. An easy way to check whether something is legitimate is to search the sender and a few sentences. Just copy and paste the text into Google with the word “scam” and see what results it returns. The chances that you’re the only one to be targeted by a scam is minimal; most of these attempts originate out of farms and are sent to thousands of users at once.
Many phishing emails will warn you that your account is about to expire or that you need to log back in or enter billing details, often with an apology for the inconvenience. The majority of institutions will not request these details via email, but will instead ask you to check your account.
Channel Your Inner English Teacher & Look For Spelling & Grammar Mistakes
You might stumble across a website with some amazing deals, but you’ll notice something seems off—namely, the spelling and grammar are atrocious. Many fake websites and scam emails share this trait in common.
Proper spelling and grammar is a key aspect of presentation, and proper presentation is a key aspect of professionalism. Websites go to great lengths to ensure readers can understand their message.
If you find a website with awful spelling and grammar that requests any personal information from you, it is almost guaranteed to be a fake website scam. One exception to this rule would be some amateur blogs which share deals they find that direct you to Amazon.
These blogs might use affiliate links which will earn them a commission if you buy the product at no extra cost to you. Amateur sites might not always have the best spelling or grammar, but as long as they are not asking you to enter credit card or other personal info, they should be safe.
Look For Too-Good-To-Be-True Deals
Online retailers exist to make money. If the deals seem like they would lose money on them, they probably would—which means the deal is likely fake. Sometimes you might still receive a product, just something lower-quality than you thought. The website Wish is a great example of this.
While popular, Wish products are often counterfeit or significantly lower in quality. The website is not a scam or a phishing attempt, but it isn’t entirely honest, either.
Pay close attention to the deals on any website you visit. As a general rule, you should only shop online at certified, known retailers. Websites like Amazon, Website, Best Buy, and others like those are usually safe. Brand-specific sites are often a good bet, too. But if you find a site that you’ve never heard of offering an iPad Pro for $100, stay far away.
Joseph Heller said “Just because you’re paranoid doesn’t mean they aren’t after you”. Cybercrime has steadily increased year after year and it’s impossible to keep track of every new scam. Between 2013 and 2018, the FBI reports that businesses lost $12.5 billion to scams online. Almost 91% of all phishing attempts start with an email; unfortunately, many people receive notifications of sales through their email.
Be vigilant and trust your gut. Once you know what to look for, the majority of scams are almost laughably easy to identify.