What is Phishing?
社交媒体安全
电子邮件诈骗:识别它们
Over time, phishing attempts have become more sophisticated with increased quality of imitating a genuine email. 注意这些警告信号:
- 该消息是未经请求的,并要求您更新, confirm, 或泄露个人身份信息(如.g.、社会安全号码、帐号、密码、受保护的健康信息).
- 这个信息制造了一种紧迫感.
- 该消息有一个不寻常的“发件人”地址或一个不寻常的“回复到”地址.
- The (malicious) website URL doesn’t match the name of the institution that it allegedly represents.
- 消息不是个性化的. 来自银行和其他合法来源的有效信息通常会提到你的名字.
- 这条信息有语法错误.
垃圾邮件和网络钓鱼的类型
Phishing is the term for messages sent to individuals via e-mail or text message with the intent to fool unsuspecting recipients into providing personal information, 比如用户名, 密码和财务账户信息. They often employ social engineering tactics by creating messages that appear to be legitimate. 这些信息还可以引诱个人访问承载恶意软件的网站.
Spear phishing 与网络钓鱼不同的是,它针对的是特定的部门, 学院或学院, 寻求对受保护信息的未经授权的访问. These messages allegedly come from IT support staff or other professionals in a position of authority from within the targeted department, 学院或学院. As with phishing, these e-mails will attempt to trick users into divulging personal or financial information, 或者他们的证书, 或者诱使他们点击可能在电脑上安装恶意软件的链接.
E-mail spam 信息发送给很多人吗, 同时经常, that either contain web links to Internet websites that host malware or contain executable malware within the message designed to infect the computer when opened. 这些信息也被称为垃圾邮件.
Spoofing 目的是诱骗用户采取不符合他们最佳利益的行动. For example, users might be tricked into believing false information or divulging confidential information, 访问授权信息, passwords, 还有其他信息. Spoofing指的是:
- 未经许可冒充个人、组织、机构或服务器.
- 伪造原点. 据称,这些信息是由管理员发送的, 但它们实际上来自试图窃取账户的入侵者.
Quishing, 也被称为二维码网络钓鱼, 包括欺骗某人用手机扫描二维码. The QR code then takes the user to a fraudulent website that might download malware or ask for sensitive information.
Phishing Examples
打开以查看网络钓鱼和垃圾邮件的常见示例.
Phishing emails may contain financial information that will make a victim react and fall for the phishing attack.
商业电邮入侵骗局
You receive an email from a vendor requesting you to send money to a different account. The email looks genuine, but it could be from a fraudster who got access to your vendor’s network
To: Recipient
Subject: Amazon.您的取消(XXX-XXX-XXXX)
Dear Customer,
您的订单已成功取消. 以下是您的订单摘要,供您参考:
你们刚刚取消了2017年6月21日的订单XXX-XXX-XXXX.
Status: CANCELED
感谢您访问亚马逊.com!
To: Recipient
Subject: 停车罚单号987111363
你收到一张违章停车罚单!
26-141 - Parking of motor car or otherwise obstructing fire lanes shall be forbidden at all times
需要出庭
停车罚单号码信息:PTD987111154
Parking fine
如需缴付违章停车罚款,请下载罚款表格,并选择以下两种方便方式之一:
1. Online
通过Visa或万事达卡在线支付,手续费2美元.
2. 电话(自动系统)
通过Visa或万事达卡在XXX-XXX-XXXX支付
Best wishes,
警察局.
银行扮演
一个自称来自金融机构的人联系了你, regarding fraudulent activity on your account and asking you to transfer money from your account or send a payment somewhere else. When in doubt, end all communication with the scammer and call the number listed on the back of your debit or credit card.
Phishing emails may contain messages and links to make you reset your account so they can steal your username and password in a fake website that seems related to a well known website.
|
再次确认您的calstatela密码 |
|---|
|
您需要在ma*****@calstatela上重新确认您的密码.Edu截止到2018/07/23 05:04:42,以避免邮件故障. 你必须在有限的时间内改正,以避免违反calstatela
|
|---|
|
为了停止将被认为是杂乱的物品分开, go to Options. |
|---|
您的帐户将被封锁!
(电子邮件保护)
您的帐户将于2017年4月12日星期三到期
如果您想继续使用您的电子邮件地址,
(电子邮件保护)
立即升级您的帐户
如果您不升级您的帐户,您将失去您的电子邮件地址.
升级是免费的.
Thanks.
邮件服务提供商 ! ©2017版权所有
Disclaimer:
本电子邮件及其附件均为机密和特权. 如误收,请立即删除并通知发件人. 不披露,复制,传播或以任何方式使用它. 所载资料只供指定地址使用, if you reply, 风险由你自己承担. 电子邮件不能保证安全或没有错误, 信息和任何附件都可能被截获, corrupted, lost, delayed, 不完整或修改. Outlook.公司不承担任何责任,任何损害造成本电子邮件或其附件.
Phishing emails may contain links that prompt you to verify your account so they can steal your credentials when you enter them in.
angelletter.com服务器拥塞
Dear username,
calstatela.Edu服务器正在保存(4)个传入消息,因为这是您的电子邮件 (电子邮件保护) 尚未得到证实. 如果您希望继续使用您的电子邮件,请在下面验证您的帐户.
Review & 验证您的帐户
Note: Move this message to your inbox folder if you are having a problem with the above link.
You may not be able to access your email if ignored, this process takes few minutes only.
Thank you,
angelletter.com Team
1. 最近你的个人信息有变化. (例如:地址、电话)
2. 非法使用您的帐户.
Due to this, 以确保您的电子邮件服务不被中断, we request you to confirm and update your information today by following the link below
VERIFY
Office 365! 邮件产品管理2
感谢您使用我们的验证系统.
点击此处验证您是此帐户的真正所有者.
注意:请不要多次点击链接.
不知道此邮件将导致永久锁定.
Thanks.
Webmail copy;
Phishing emails may contain links about documents that seem legit to make a victim click or download from a suspicious link.
网络钓鱼邮件会向学生宣传虚假的工作机会.
Greetings,
有兴趣在暑期学校工作? 还有时间申请!
We are seeking candidates to apply for a variety of classified positions for summer 2022.
附件是以下项目的就业机会传单:
- 暑期学校,TK-8,项目(2022年6月22日- 7月22日)
- 高中夏季学期(2022年6月22日- 7月22日)
有关网站列表和申请,请访问http://summer.使用您的calstatela电子邮件和密码(SSO)登录.
Thank you!
我是这个机构的职员, a professor of Medicine shared a link for an interested student who might be interested in a PAID PART-TIME POSITION job to make up to $650 (USD) weekly, 点击下面的链接了解更多足彩外围网站该职位的信息
CLICK HERE
注意:这是一个严格意义上的在家工作的职位.
在你方便的时候作为个人/助理工作,申请这里,每周550美元
Phishing emails may contain false messages about packages or mail sent to the victim.
Dear Customer,
您的订单已成功取消. 以下是您的订单摘要,供您参考:
你刚刚取消了订单 XXX-XXX-XXXX 2017年6月21日.
Status: CANCELED
____________________________________________________________________
1 "Wilkes"; 2003, Second Edition
作者:杰森·帕特森
Sold by: Amazon.com LLC
_____________________________________________________________________
感谢您访问亚马逊.com!
---------------------------------------------------------------------
Amazon.com
地球上最大的选择
http://www.amazon.com-XXX-XXX-XXXX
---------------------------------------------------------------------
Phishing emails may contain technical questions about your computer or your student email.
Email account
angelletter.com服务器拥塞
Dear username,
calstatela.Edu服务器正在保存(4)个传入消息,因为这是您的电子邮件 (电子邮件保护) 尚未得到证实. 如果您希望继续使用您的电子邮件,请在下面验证您的帐户.
Review & 验证您的帐户
Note: Move this message to your inbox folder if you are having a problem with the above link.
You may not be able to access your email if ignored, this process takes few minutes only.
Thank you,
angelletter.com Team
Docusign
我通过OneDrive的Docusign和你分享了一个文件.
Please click Here
查看文档.Pdf以上,点击并使用您的电子邮件提供商登录.
This is a secure file sharing platform and we protect customers from all sort of unwanted emails.
Thanks!
你的电子邮件需要延期!!
由于电子邮件帐户配额低, further incoming emails with high massage size above 10kb might be discarded until your email quota has been extended.
您的电子邮件帐户已使用95% MB的5G配额.
我们建议您立即延长您的帐户,这项服务是完全免费的!
点击这里升级 For Free To Extend your email account Quota Limits on mail Servers; this may cause your mailbox to be impaired or you may no longer receive emails with attachment.
Attention: 不这样做将导致电子邮件存储滥用和帐户终止. 一旦扩展完成,您的电子邮件帐户将有效地工作.
虚假网站骗局
You’re searching for a financial institution website on a search engine to sign in to your account but end up on a fake website. 当你登录一个虚假的网站时,骗子会窃取你的用户名和密码. Always use the 金融机构网站 或他们的手机应用程序登录.
Phishing emails may contain images that seem like a written message in order for the victim to click and download something malicious.
Phishing emails may contain QR Codes, making it easy for students to scan and be a victim!
网络钓鱼邮件该做和不该做
- DO call a company that you received a suspicious email from to see if it is legitimate, 但不要使用电子邮件中的电话号码. 查看公司最近的对账单,获取一个合法的电话号码.
- DO look for a digital signature/certificate as another level of assurance that senders are legitimate. 数字签名的邮件将在主题处有一个特殊的图像/图标.
- 是否调整您的垃圾邮件过滤器,以防止不需要的垃圾邮件.
- 一定要用常识. 如果你有任何疑问,不要回复. Contact the ITS Help Desk 如果你有任何问题.
- 不要打开你怀疑可能不合法的电子邮件. 如果它是合法的,并且个人试图联系你真的需要, 他们会尝试其他方法.
- 不要通过电子邮件发送信用卡或其他敏感信息.
- 不要点击链接. Instead, phone the company or conduct an Internet search for the company’s true web address.
- 不要打开来历不明的电子邮件或附件. Many viruses arrive as executable files that are harmless until you start running them.
What should I do?
收到钓鱼邮件是件可怕的事. 这里有一些你可以做的事情:
If your email account is provided by Google or Microsoft, their clients have a reporting feature. as shown below:
如果使用Outlook应用程序:
Cyber Security & Infrastructure Security Agency helps individuals becoming victims of phishing scams by gathered phishing email messages and website addresses by simply forwarding them the emaiil to them.
Forward to: (电子邮件保护)
您可以将电子邮件发件人标记为骗局或垃圾邮件, 您的电子邮件提供商将屏蔽发件人地址并将其移至垃圾邮件列表.
如果你收到的邮件是诈骗邮件或网络钓鱼邮件. 简单地删除电子邮件后,你报告的电子邮件.
不要惊慌,我们建议采取以下所有行动来限制任何风险:
- Change password
- 运行反病毒扫描程序
- 使用双因素身份验证
- 备份你的文件
- 检查交易