Shopify網(wǎng)絡(luò)安全-ESG跨境

確保使用 HTTPS 與網(wǎng)站建立連接

如果連接到任何要求您輸入用戶名和密碼或其他敏感數(shù)據(jù)的網(wǎng)站，請(qǐng)檢查瀏覽器中的 URL 旁邊是否顯示鎖定圖標(biāo)。

該鎖定圖標(biāo)表示該網(wǎng)站的連接是使用 HTTPS 協(xié)議加密的。已加密連接的 URL 是以 https:// 開(kāi)頭的，而不是 http://。使用 http:// 的連接以純文本的形式發(fā)送數(shù)據(jù)，也就是說(shuō)可以在途中被截獲和讀取。

在點(diǎn)擊指向您需要輸入信息的任何位置的鏈接之前，請(qǐng)確保 URL 以 https:// 開(kāi)頭。

僅打開(kāi)您預(yù)期收到的附件或鏈接

不要對(duì)附件、鏈接或表單進(jìn)行任何交互，除非它們就是您期望收到的并且您知道它們所包含的內(nèi)容。它們不僅可以將您重定向到旨在竊取您信息的惡意網(wǎng)站，還可以使用惡意軟件感染您的設(shè)備。

如果鏈接文本是 URL，請(qǐng)確保它與鏈接本身中的 URL 匹配。例如，電子郵件正文中書寫為 https://help..com 的鏈接可能會(huì)將您定向到位于另一個(gè) URL 的網(wǎng)絡(luò)釣魚頁(yè)面。

許多網(wǎng)絡(luò)釣魚攻擊試圖利用網(wǎng)上銀行。如果您收到來(lái)自銀行的可疑電子郵件，內(nèi)容是向您提供信用額度特別優(yōu)惠，請(qǐng)不要點(diǎn)擊該鏈接。相反，在新窗口中手動(dòng)輸入您的銀行的 URL，查看優(yōu)惠是否顯示在您的賬戶控制面板中。

謹(jǐn)慎使用公共 Wi-Fi

當(dāng)您外出時(shí)，公共 Wi-Fi 很方便，但它為犯罪分子提供了許多不同的方式來(lái)獲取您的信息。您可以采取措施保護(hù)自己和，從而降低風(fēng)險(xiǎn)。

驗(yàn)證熱點(diǎn)名稱

攻擊者可以創(chuàng)建未加密的 Wi-Fi 熱點(diǎn)，并將熱點(diǎn)命名為與同一地區(qū)知名熱點(diǎn)相似的名稱，例如咖啡店的網(wǎng)絡(luò)。如果您連接到網(wǎng)絡(luò)釣魚熱點(diǎn)，攻擊者可以將您定向到他們自己的頁(yè)面，在那里您可能會(huì)暴露在惡意軟件之下或要求您輸入私人信息。

在連接前，請(qǐng)確保您要使用的熱點(diǎn)是合法的。如果您無(wú)法在明顯的位置看到熱點(diǎn)名稱，請(qǐng)?jiān)儐?wèn)員工。

禁用設(shè)備的訪問(wèn)點(diǎn)

即使您已連接到合法的公共 Wi-Fi 熱點(diǎn)，您仍可能因與攻擊者處于同一網(wǎng)絡(luò)而面臨風(fēng)險(xiǎn)。公共 Wi-Fi 網(wǎng)絡(luò)遠(yuǎn)不如專用網(wǎng)絡(luò)安全，比如家里或辦公場(chǎng)所的網(wǎng)絡(luò)。

在連接前關(guān)閉網(wǎng)絡(luò)內(nèi)的文件共享并啟用防火墻，從而保護(hù)自己。即使采取了這些預(yù)防措施，最好也不要使用公共 Wi-Fi 網(wǎng)絡(luò)發(fā)送或接收任何敏感內(nèi)容。

通過(guò) VPN 發(fā)送和接收敏感數(shù)據(jù)

虛擬專用網(wǎng)絡(luò)在您的設(shè)備和 VPN 公司的服務(wù)器之間建立安全連接。VPN 服務(wù)器從這里將您的信息轉(zhuǎn)發(fā)至 Internet。如果攻擊者通過(guò)公共 Wi-Fi 熱點(diǎn)訪問(wèn)您傳輸和接收的數(shù)據(jù)，則數(shù)據(jù)會(huì)被加密，他們將無(wú)法使用。

如果您想了解如何選擇 VPN，建議先訪問(wèn) Techradar 和 PC Mag。

不使用 VPN 時(shí)，最安全的選擇是避免通過(guò)公共 wi-fi 傳輸敏感信息。

如果個(gè)人信息受到侵害，請(qǐng)遵循政府指南

個(gè)人可識(shí)別信息 (PII) 包含可用于識(shí)別特定人員或甚至冒充他們的數(shù)據(jù)。PII 的類型包括：

• 全名。

• 電子郵件地址。

• 街道地址。

• 電話號(hào)碼。

• 信用卡號(hào)。

• 國(guó)內(nèi)身份證號(hào)碼（例如 SIN、SSN 或護(hù)照）。

• 駕照。

• 出生日期。

如果您通過(guò)可疑渠道提供了個(gè)人可識(shí)別信息，或者您的 Shopify 賬戶遭到入侵，請(qǐng)參考政府提供的指南，例如加拿大政府和美國(guó)政府提供的以下信息。

加拿大

建議操作：

• 加拿大皇家騎警隊(duì) - 身份盜用和身份欺詐受害者援助指南

提交報(bào)告：

• 加拿大反欺詐中心 - 舉報(bào)事件

美國(guó)

操作：

• FTC - 身份盜竊：恢復(fù)計(jì)劃

• FTC - 身份盜竊：步驟

提交報(bào)告：

• FBI - Internet Crime Complaint Center（FBI - 互聯(lián)網(wǎng)犯罪投訴中心）

Make sure your connection to a website uses HTTPS

When you connect to any website where you could be asked to enter a username and password or other sensitive data, check that a lock icon appears beside the URL in your browser.

The lock icon tells you that the connection to the site is encrypted using the HTTPS protocol. URLs for encrypted connections start with https:// rather than http://. Connections that use http:// send data in plain text, meaning it can be intercepted en route and read.

Before clicking a link to anywhere you expect to enter information, make sure that the URL starts with https://.

Open only attachments or links you expect

Don’t interact with attachments, links, or forms unless you are expecting them and know what they contain. Not only can they redirect you to a malicious site designed to steal your information, but they can also infect your device with malware.

When link text is a URL, make sure that it matches the URL in the link itself. For example, a link written out as https://help.shopify.com in the body of an email might direct you to a phishing page at another URL.

Many phishing attacks try to take advantage of online banking. If you receive a suspicious email from your bank with a special offer for a line of credit, then don't click the link. Instead, enter your bank's URL manually in a new window and see if the offer shows up in your account dashboard.

Be careful with public wi-fi

Public wi-fi is convenient when you're on the go, but it vides many different ways for criminals to gain access to your information. You can reduce your risks by taking steps to protect yourself and your data.

Verify hotspot names

An attacker can create their own unencrypted wi-fi hotspot that is named like a reputable one in the same area, such as the network in a coffee shop. If you connect to the phishing hotspot, the attacker can direct you to their own page, where you can be exposed to malware or asked to enter prie information.

Before connecting, make sure that the hotspot you plan to use is legitimate. If you can't see the hotspot name posted in an obvious place, then ask an employee.

Disable access points to your device

Even if you have connected to a legitimate public wi-fi hotspot, then you can still be at risk by being on the same network as an attacker. Public wi-fi networks are much less secure than private networks like the one at your home or office.

Protect yourself by turning off file sharing within your network and enabling your firewall before connecting. Even with these precautions, it's still not a good idea to send or receive any sensitive content using a public wi-fi network.

Send and receive sensitive data over a VPN

A virtual private network establishes a secure connection between your device and the VPN company's servers. From there, the VPN servers relay your information to the internet. If an attacker gains access to the data you are transmitting and receiving through a public wi-fi hotspot, then the data is encrypted and not useful to them.

Techradar and PC Mag are good places to start if you want to learn how to choose a VPN.

Without a VPN, the most secure option is to avoid transmitting sensitive information over public wi-fi.

Follow government guides if your personal information is compromised

Personally identifiable information (PII) consists of data that could be used to identify a particular person, or even impersonate them. Types of PII include.

• full name.

• email address.

• street address.

• telephone number.

• credit card number.

• national identity number (such as SIN, SSN, or passport).

• driver's license.

• date of birth.

If you provided personally identifiable information through a suspicious channel, or your Shopify account was compromised, then refer to guides from your government, such as this information from the Canadian and United States governments.

Canada

What to do:

• RCMP - Identity Theft and Identity Fraud Victim Assistance Guide

File a report:

• Canadian Anti-Fraud Centre - Report an incident

United States

What to do:

• FTC - Identity Theft: A Recovery Plan

• FTC - Identity Theft: Steps

File a report:

• FBI - Internet Crime Complaint Center

特別聲明：以上文章內(nèi)容僅代表作者本人觀點(diǎn)，不代表ESG跨境電商觀點(diǎn)或立場(chǎng)。如有關(guān)于作品內(nèi)容、版權(quán)或其它問(wèn)題請(qǐng)于作品發(fā)表后的30日內(nèi)與ESG跨境電商聯(lián)系。