保護(hù)您的賬戶免受網(wǎng)絡(luò)釣魚攻擊

網(wǎng)絡(luò)釣魚一詞指涉及虛假網(wǎng)站和電子郵件或其他消息的身份盜竊詐騙。網(wǎng)絡(luò)釣魚攻擊的目的是獲取您的賬戶和敏感信息的訪問權(quán)限。攻擊者可能模仿聲譽良好的網(wǎng)站來創(chuàng)建自己的網(wǎng)站，或向您發(fā)送似乎來自可靠來源的消息。網(wǎng)絡(luò)釣魚消息可能來自虛假賬戶或已被黑客攻擊的賬戶。

備注：如果您認(rèn)為自己通過可疑渠道共享了個人信息，并且您的信息和身份面臨風(fēng)險，請遵循政府指南執(zhí)行操作。

網(wǎng)絡(luò)可能會要求您完成以下任務(wù)：

• 訪問鏈接。

• 下載文件。

• 打開附件。

惡意軟件 — 蠕蟲、木馬程序、僵尸程序和病毒等惡意軟件 — 會在您執(zhí)行任何以上操作時感染您的計算機(jī)或移動設(shè)備。感染設(shè)備后，入侵者便可以訪問您的個人信息。

網(wǎng)絡(luò)釣魚詐騙可能還包括直接請求個人信息（如銀行賬戶憑據(jù)）。

網(wǎng)絡(luò)釣魚詐騙可能會要求您提供以下個人信息：

• 通過電子郵件或其他消息傳送系統(tǒng)。

• 通過表格。

• 欺詐性的電話號碼。

• 通過偽造的真實地址。

即使要求您輸入電子郵件地址和重置密碼也可能是危險的。

備注：將您收到的任何網(wǎng)絡(luò)釣魚郵件轉(zhuǎn)發(fā)至 的安全收件箱，地址為 safety@shopify.com。通過建立商家所受攻擊的記錄，Shopify 可以更好地保護(hù)您和您的信息。

認(rèn)識警告標(biāo)志

您可以通過了解警告標(biāo)志來防范網(wǎng)絡(luò)釣魚。無論顯示的發(fā)件人是誰，都要仔細(xì)閱讀郵件；無論網(wǎng)站看起來多么熟悉，都要仔細(xì)檢查。

過于籠統(tǒng)的語言

雖然網(wǎng)絡(luò)釣魚可能經(jīng)過深入研究并針對您和您的企業(yè)進(jìn)行定制，但籠統(tǒng)的語言是網(wǎng)絡(luò)釣魚詐騙的標(biāo)志。如果郵件看似來自您信任的組織但是以模糊的語句開頭，比如尊敬的賬戶持有者，請保持警惕。

同樣，假如某封郵件向您承諾有千載難逢的商業(yè)或財政機(jī)會，但卻未提供足夠的詳細(xì)信息讓您能夠確認(rèn)發(fā)送者認(rèn)識您，那么這也可能是詐騙：

我是 Frederick，一名銀行家。請盡快就可能已故親屬的遺產(chǎn)與我聯(lián)系。我無法通過短信分享太多信息。請通過以下地址給我發(fā)送電子郵件。

個人賬戶中的商業(yè)信息

豐富的攻擊者可以通過您的在線業(yè)務(wù)收集充足的信息，從而創(chuàng)建看似來自真實聯(lián)系人的郵件：

批發(fā)價格更新

您好，Georgia，我想向您提供最新資訊。這是我們當(dāng)前批發(fā)價格的電子表格：fabric-prices-2016-oct.xls

希望您對上一批襯衫滿意!如果您有任何問題或疑慮，請與我們聯(lián)系。

--

Julia Chan

客戶經(jīng)理

示例形式

為發(fā)送攻擊，他們會侵入您的聯(lián)系人的企業(yè)賬戶或創(chuàng)建虛假的個人賬戶。例如，如果您的聯(lián)系人 Julia 的個人電子郵件用戶名為 juliachan3857，攻擊者可能會使用用戶名為 juliachan9665 的賬戶發(fā)送電子郵件。這種攻擊形式依賴于兩方面的因素：

• 人們會不小心用錯誤的賬戶發(fā)送電子郵件。

• 即使您知道 Julia 的個人電子郵件地址，但您也許不會仔細(xì)查看。

拼寫錯誤、語法錯誤、樣式多變

犯罪分子并不像專業(yè)的網(wǎng)絡(luò)內(nèi)容撰稿人那樣認(rèn)真對待內(nèi)容風(fēng)格指南。除了拼寫錯誤和語法錯誤，在一個頁面中出現(xiàn)以下類別的變化形式也可能表明是欺詐網(wǎng)站：

• 拼寫。

• 大寫。

• 編號。

• 標(biāo)點。

• 格式。

危言聳聽或過于激動的語氣

當(dāng)心時間緊急的請求，這些請求企圖通過威嚇使您不假思索地采取行動。例如，Shopify 不會向您發(fā)送包含以下內(nèi)容的消息：

我們遇到了異常嚴(yán)重的服務(wù)器故障。在 24 小時內(nèi)回復(fù)您的用戶名和密碼，否則您將永久無法訪問您的商店。

同樣，注意那些看起來好得令人難以置信的優(yōu)惠信息，例如只有您立即參加才能獲得旅游公司 90% 的折扣。

看起來不正確的 URL

網(wǎng)絡(luò)釣魚嘗試可能包含看起來合法的 URL，不仔細(xì)查看將無法發(fā)現(xiàn)。許多網(wǎng)絡(luò)釣魚嘗試使用故意選擇的 URL，它們類似于您熟悉的 URL。如下表所示，如果您通常通過合法 URL 從 Example Apparel 購買游泳衣，并且您收到一封帶有虛假 URL 鏈接的電子郵件，您便可分辨出這是一次網(wǎng)絡(luò)釣魚嘗試。

真實的 URL 會將您引導(dǎo)至屬于 Example Apparel 的域名 example-apparel.com 中的網(wǎng)站，而虛假 URL 會將您引導(dǎo)至可能為犯罪分子所有的域名 com-aquatic.net 中的惡意網(wǎng)站。

使用其他溝通方式提出疑慮

親自對話或通過電話與可能發(fā)送可疑信息的人交談，并通過與組織中的某人交談來解決對網(wǎng)頁的擔(dān)憂。

如果您通過電話聯(lián)系發(fā)件人，請撥打已存檔的號碼或出現(xiàn)在多個信譽良好的在線來源上的號碼。例如，如果您通過電子郵件收到來自稅務(wù)代理機(jī)構(gòu)的可疑信息請求，請撥打去年納稅申報表上的電話號碼。請勿撥打可疑網(wǎng)站或電子郵件中顯示的號碼。

The term phishing describes identity theft scams involving phony websites and emails or other messages. The goal of a phishing attack is to gain access to your account and sensitive information. An attacker can create their own website that mimics a reputable one or send you a message that seems to come from a trusted source. Phishing messages can come from a fake account or an account that has been hacked.

mises an important business or financial opportunity but doesn't include enough detail for you to confirm that the sender knows you, then it might be a scam:

I am Frederick, a banker. Pls contact me asap regarding a possible late relative's inheritance. Can't share much via sms. Email me at the address below.

Business messages from personal accounts

Sophisticated attackers can gather enough information from your online presence to create a message that could plausibly come from a real contact:

Wholesale Pricing Update

Hi Georgia, I just wanted to update you. Here is a spreadsheet of our current wholesale prices: fabric-prices-2016-oct.xls

I hope you were satisfied with the last batch of shirts! Please let me know if you have any questions or concerns.

--

Julia Chan

Account Manager

Example Fabrics

To send an attack, they can hack into your contact's business account or create a phony personal account. For example, if the username for your contact Julia's personal email is juliachan3857, then an attacker might send an email from an account with the username juliachan9665. This form of attack depends on two tors:

• People send emails from the wrong account by mistake.

• Even if you know Julia's personal email address, then you might not look too closely.

Misspellings, poor grammar, and style variations

Criminals don't take content style guides as seriously as professional web content writers. As well as typos and grammar errors, variations in the following categories within a single page can show that a website is fraudulent:

• spelling.

• capitalization.

• numbers.

• punctuation.

• formatting.

Alarmist or overexcited tone

Watch for time-sensitive requests that try to scare you into acting without thinking. For example, Shopify won't send you a message saying:

We've had a catastrophic server failure. Respond with your username and password in the next 24 hours or you'll lose access to your store permanently.

Similarly, watch for messages making offers that seem too good to be true, such as a 90% discount from a travel company available only if you act now.

URLs that don’t look right

Phishing attempts can include URLs that appear legitimate if you don't look too closely. Many phishing attempts use URLs that have been deliberately chosen to resemble a URL that you're already familiar with. As shown in the table below, if you normally buy swimming attire from Example Apparel at the legitimate URL and you receive an email with a link to the fake URL, then you can tell that it's a phishing attempt.

The real URL directs you to a site at the domain example-apparel.com, which is owned by Example Apparel, and the phony URL directs you to a malicious site at the domain com-aquatic.net, which is likely owned by criminals.

Raise concerns using another mode of communication

Speak to the supposed sender of a suspicious message in person or over the phone and resolve concerns about a webpage by talking to someone at the organization.

If you contact the sender by phone, then use a number you have on file or that appears on multiple reputable online sources. For example, if you receive a suspicious request for information from your tax agency by email, then call the agency at the number on last year's tax return. Don't call a number that appears on a suspicious website or email.

特別聲明：以上文章內(nèi)容僅代表作者本人觀點，不代表ESG跨境電商觀點或立場。如有關(guān)于作品內(nèi)容、版權(quán)或其它問題請于作品發(fā)表后的30日內(nèi)與ESG跨境電商聯(lián)系。