What is Phishing?
社交媒体安全
电子邮件诈骗:识别它们
Over time, 随着仿冒真实电子邮件的质量的提高,网络钓鱼的尝试变得越来越复杂. 注意这些警告信号:
- 该消息是未经请求的,并要求您更新, confirm, 或泄露个人身份信息(如.g., SSN, account numbers, passwords, protected health information).
- 这个信息制造了一种紧迫感.
- The message has an unusual “From” address or an unusual “Reply-To” address.
- (恶意)网站的URL与它所代表的机构的名称不匹配.
- 消息不是个性化的. Valid messages from banks and other legitimate sources usually refer to you by name.
- 这条信息有语法错误.
垃圾邮件和网络钓鱼的类型
Phishing 这个术语是指通过电子邮件或短信发送给个人的信息,目的是欺骗毫无戒心的收件人提供个人信息吗, 比如用户名, 密码和财务账户信息. 他们经常通过创建看似合法的消息来使用社会工程策略. These messages can also lure individuals to malware-hosting websites.
Spear phishing differs from phishing in that it targets a specific department, 学院或学院, seeking unauthorized access to protected information. 据称,这些信息来自目标部门内的IT支持人员或其他处于权威地位的专业人员, 学院或学院. As with phishing, 这些电子邮件将试图欺骗用户泄露个人或财务信息, 或者他们的证书, or entice them into clicking on a link that could install malware on the computer.
E-mail spam 信息发送给很多人吗, 同时经常, 这些邮件要么包含含有恶意软件的网站链接,要么包含可执行的恶意软件,目的是在打开后感染计算机. 这些信息也被称为垃圾邮件.
Spoofing aims to trick users into taking actions that that aren’t in their best interest. For example, 用户可能被骗相信虚假信息或泄露机密信息, 访问授权信息, passwords, 还有其他信息. Spoofing指的是:
- Impersonating a person, organization, agency or server without permission.
- 伪造原点. The messages were allegedly sent from the administrators, but they were actually from intruders trying to steal accounts.
Quishing, 也被称为二维码网络钓鱼, involves tricking someone into scanning a QR code using a mobile phone. 然后,QR码会将用户带到一个可能下载恶意软件或要求用户提供敏感信息的欺诈网站.
Phishing Examples
Open to view common examples of phishing and spam emails.
网络钓鱼邮件可能包含财务信息,这将使受害者作出反应,并落入网络钓鱼攻击.
商业电邮入侵骗局
你收到一封来自供应商的电子邮件,要求你把钱汇到另一个账户. 这封邮件看起来是真的,但它可能来自一个进入了你供应商网络的骗子
To: Recipient
Subject: Amazon.您的取消(XXX-XXX-XXXX)
Dear Customer,
您的订单已成功取消. 以下是您的订单摘要,供您参考:
你刚刚取消了订单 XXX-XXX-XXXX 2017年6月21日.
Status: CANCELED
感谢您访问亚马逊.com!
To: Recipient
Subject: 停车罚单号987111363
你收到一张违章停车罚单!
26-141 -任何时候都禁止停放汽车或以其他方式阻塞消防车道
需要出庭
停车罚单号码信息:PTD987111154
Parking fine
To pay your parking ticket, download your fine and choose one of 2 convenient ways:
1. Online
Pay online by Visa or Mastercard, $2 processing fee.
2. 电话(自动系统)
通过Visa或万事达卡在XXX-XXX-XXXX支付
Best wishes,
警察局.
银行扮演
You’re contacted by someone claiming to be from one of the financial institutions, 足彩外围网站您账户上的欺诈活动,并要求您从您的账户转账或向其他地方付款. When in doubt, 结束与骗子的所有联系,拨打你借记卡或信用卡背面的电话号码.
网络钓鱼邮件可能包含让你重置账户的信息和链接,这样他们就可以在一个看似与知名网站相关的虚假网站上窃取你的用户名和密码.
|
再次确认您的calstatela密码 |
|---|
|
You are required to reconfirm your password on ma*****@ospifse.net as of 2018/07/23 05:04:42 to avoid email malfunction. You have limited time to make this corrections to avoid calstatela Violation
|
|---|
|
To stop separating items that are identified as clutter, go to Options. |
|---|
您的帐户将被封锁!
[email protected]
Your Account will Expire, Wednesday, April 12th/ 2017
If you would like to continue using your Email Address,
[email protected]
立即升级您的帐户
You will lose your email address if you do not upgrade your account.
升级是免费的.
Thanks.
邮件服务提供商 ! ©2017版权所有
Disclaimer:
This email and any attachment thereto are confidential and privileged. If you have received it in error, please delete immediately and notify the sender. Do not disclose, copy, circulate or in any way use it. The information contained therein is for the intended address(es) only, if you reply, 风险由你自己承担. Emails are not guaranteed to be secure or error free, the message and any attachment could be intercepted, corrupted, lost, delayed, 不完整或修改. Outlook.Inc does not accept liability for any damage caused by this email or its attachment.
网络钓鱼邮件可能包含提示您验证帐户的链接,以便在您输入凭据时窃取您的凭据.
ospifse.net服务器拥塞
Dear username,
ospifse.net sever is holding (4) incoming messages because this your email [email protected] 尚未得到证实. If you wish to keep using your email, kindly verify your account below.
Review & 验证您的帐户
注意:如果您对上面的链接有问题,请将此邮件移动到您的收件箱文件夹.
如果被忽略,你可能无法访问你的电子邮件,这个过程只需要几分钟.
Thank you,
ospifse.net Team
1. 最近你的个人信息有变化. (例如:地址、电话)
2. 非法使用您的帐户.
Due to this, to ensure that your email service is not interrupted, 我们要求您确认和更新您的信息今天通过以下链接
VERIFY
Office 365! 邮件产品管理2
Dear Customer, Thank you for using our verification system.
Click Here to Verify you are the true owner of this account.
注意:请不要多次点击链接.
不知道此邮件将导致永久锁定.
Thanks.
Webmail copy;
网络钓鱼邮件可能包含看似合法的文件链接,使受害者点击或从可疑链接下载.
Phishing emails will advertise fake job offers to students.
Greetings,
有兴趣在暑期学校工作? 还有时间申请!
我们正在寻找申请2022年夏季各种分类职位的候选人.
Attached please find the employment opportunities flyer for the following programs:
- Summer School, TK-8, program (June 22 – July 22, 2022)
- 高中夏季学期(2022年6月22日- 7月22日)
For a list of sites and to apply, visit http://summer.calstatela and sign in with your CALSTATELA email and password (SSO).
Thank you!
我是这个机构的职员, 一位医学教授为一位感兴趣的学生分享了一个链接,他可能对一份每周收入高达650美元的带薪兼职工作感兴趣, Follow the link below for more info regarding the position -
CLICK HERE
注意:这是一个严格意义上的在家工作的职位.
Work at your convenience as a personal/assistant APPLY HERE at $550 Weekly
网络钓鱼邮件可能包含发送给受害者的包裹或邮件的虚假信息.
Dear Customer,
您的订单已成功取消. 以下是您的订单摘要,供您参考:
你刚刚取消了订单 XXX-XXX-XXXX 2017年6月21日.
Status: CANCELED
____________________________________________________________________
1 "Wilkes"; 2003, Second Edition
作者:杰森·帕特森
Sold by: Amazon.com LLC
_____________________________________________________________________
感谢您访问亚马逊.com!
---------------------------------------------------------------------
Amazon.com
地球上最大的选择
http://www.amazon.com-XXX-XXX-XXXX
---------------------------------------------------------------------
网络钓鱼邮件可能包含有关您的计算机或学生电子邮件的技术问题.
Email account
ospifse.net服务器拥塞
Dear username,
ospifse.net sever is holding (4) incoming messages because this your email [email protected] 尚未得到证实. If you wish to keep using your email, kindly verify your account below.
Review & 验证您的帐户
注意:如果您对上面的链接有问题,请将此邮件移动到您的收件箱文件夹.
如果被忽略,你可能无法访问你的电子邮件,这个过程只需要几分钟.
Thank you,
ospifse.net Team
Docusign
I shared a file with you via Docusign powered by OneDrive.
Please click Here
查看文档.Pdf above, Click and login using your email provider.
这是一个安全的文件共享平台,我们保护客户免受各种不想要的电子邮件.
Thanks!
你的电子邮件需要延期!!
由于电子邮件帐户配额低, 在您的邮件配额被延长之前,可能会丢弃超过10kb的高按摩大小的传入邮件.
You have used 95% MB of 5G of your email account quota.
We advise you to Extend your account immediately, this service is completely free!
点击这里升级 For Free To Extend your email account Quota Limits on mail Servers; this may cause your mailbox to be impaired or you may no longer receive emails with attachment.
Attention: Failure to do this will lead to Email Storage abuse and account termination. Once extension is complete, your email account will work effectively.
虚假网站骗局
你在搜索引擎上搜索一个金融机构的网站,想登录你的账户,结果却进入了一个虚假的网站. When you sign in to a fake website, scammers will steal your username and password. Always use the 金融机构网站 或他们的手机应用程序登录.
网络钓鱼邮件可能包含看起来像书面信息的图像,以便受害者点击并下载恶意内容.
网络钓鱼邮件可能包含二维码,让学生很容易扫描并成为受害者!
网络钓鱼邮件该做和不该做
- 当你收到可疑的电子邮件时,是否要打电话给公司看看它是否合法, but DO NOT use the phone number contained in the email. Check a recent statement from the company to get a legitimate phone number.
- 是否寻找数字签名/证书作为另一级别的保证发件人是合法的. Digitally signed messages will have a special image/icon at the subject.
- DO adjust your spam filters to protect against unwanted spam.
- 一定要用常识. 如果你有任何疑问,不要回复. Contact the ITS Help Desk 如果你有任何问题.
- DON’T open email that you have any suspicion may not be legitimate. If it is legitimate and the individual trying to contact you really needs to, 他们会尝试其他方法.
- DON’T ever send credit card or other sensitive information via email.
- 不要点击链接. 相反,给公司打电话或上网搜索公司的真实网址.
- DON’T open email or attachments from unknown sources. 许多病毒以可执行文件的形式出现,在你开始运行它们之前是无害的.
What should I do?
收到钓鱼邮件是件可怕的事. 这里有一些你可以做的事情:
如果你的电子邮件帐户是由谷歌或微软提供的,他们的客户端有一个报告功能. as shown below:
如果使用Outlook应用程序:
Cyber Security & 基础设施安全局通过收集网络钓鱼电子邮件信息和网站地址,简单地将电子邮件转发给他们,帮助个人成为网络钓鱼骗局的受害者.
Forward to: [email protected]
You can mark the email sender as a scam or as a junk, your email provider will block off the sender address and move it to the junk list.
If the email you recieved is a scam or a phishing email. 简单地删除电子邮件后,你报告的电子邮件.
Do not panic, we recommend all of the following action to limit any risks:
- Change password
- 运行反病毒扫描程序
- 使用双因素身份验证
- 备份你的文件
- 检查交易