您是否知道網絡釣魚攻擊的危險?根據 Verizon 最近的一份報告,82% 的網絡洩露是通過被盜憑證、網絡釣魚攻擊、社交工程、模擬、濫用或錯誤而涉及人為。
什麼是網路釣魚攻擊?
網路釣魚是一種網路攻擊,攻擊者模仿合法實體,以欺騙個人披露敏感資訊。這些攻擊通常以電子郵件、短信或電話形式來自信賴的來源,例如銀行、公司或同事。網路釣魚的主要目的是誘騙收件人透露個人詳細信息,如用戶名、密碼或信用卡號。
熱門網路釣魚攻擊技巧
網路釣魚攻擊的方法可能有很大不同,但一些常見技術包括:
快速網絡釣魚:針對特定個人或組織的針對性攻擊,通常使用個人化信息來顯得更具說服力。
複製網路釣魚:帶有附件或連結的合法電子郵件被複製並再次發送,但對原始內容進行了惡意修改。
捕鯨:針對高級行政人員或公司內重要人物的高級網絡釣魚攻擊,通常涉及高度定制且具有說服力的訊息。
暗黑:透過短訊進行的網路釣魚嘗試,攻擊者傳送帶有連結或要求個人信息的短信。
為什麼網絡釣魚是個人和企業的主要關注?
網路釣魚是一個主要問題,因為它可能造成重大傷害。對於個人而言,成為網絡釣魚的受害者可能會導致財務損失、身份盜竊和個人數據洩露。對於企業而言,網路釣魚攻擊可能會導致敏感資訊遭到破壞、財務損失、聲譽損害,以及營運中斷。
避免網絡釣魚攻擊的 10 個技巧
1 - Educate yourself
Stay informed about the latest phishing tactics by attending security training sessions and reading about cybersecurity trends, news, incidents, and best practices. Because the sophistication and various types of phishing are constantly growing and evolving, staying informed on current threats is critical.
2 - Be vigilant and suspicious
Consciously question the legitimacy of each email, text message, and phone call. If you receive an unexpected email from a coworker, financial institution, government agency, or vendor, look out for these tell-tale signs of phishing:
Spelling or grammatical errors: Scammers intentionally include typos and grammatical mistakes in phishing emails to target unsuspecting and innocent victims while weeding out those too smart to fall for the scams. Typos in emails may bypass email security filters or create a sense of authenticity in the message. Additionally, these errors may occur when the sender is not proficient in the language used in the email.
Urgent demands for sensitive information: Emails using language with a sense of urgency or fear aims to make targets act quickly without thinking.
可疑連結:要求個人資訊或下載惡意軟體到您的裝置,釣魚連結可能會導致可疑網站。
Spoofed email addresses: Although phishing emails appear to be from a legitimate source, hovering over the sender’s email address can check if it matches the supposed organization.
Unexpected attachments: Malicious and harming your device or stealing your information, phishing emails may include unexpected attachments.
3 - Use strong passwords and two-factor authentication
Add an extra layer of security to your accounts by creating unique, strong passwords and enabling two-factor authentication wherever possible. Create strong passwords by combining uppercase and lowercase letters, numbers, and symbols.
透過Hive System 的資訊圖表了解您的密碼強度,並利用Splashtop 的 Vault來管理您的密碼。您的帳戶可能在您不知道的情況下遭到入侵,因此建議定期更換密碼並添加第二種形式的身份識別。
4 - Keep your software and security tools up to date
To protect against the latest threats, regularly update operating systems, anti-viruses, firewalls, and anti-malware software on all devices. These updates include security patches that address known vulnerabilities and protect you from phishing exploits.
5 - Never click on suspicious links or download attachments
Before clicking links or downloading attachments from unknown emails, text messages, or instant messages, think twice and hover your mouse over the link to examine the URL. Clicking a phishing link or attachment can lead to malware installation, data theft, or financial loss.
If you receive a suspicious message, check the email address for spelling errors or a generic greeting, and verify the legitimacy of messages with the sender.
6 - Be careful with personal information
Phishing attacks usually trick you into providing personal or financial information such as your username, password, or social security number. Be careful when sharing information online, as legitimate companies never ask via email or phone.
7 - Be wary of impersonating
Check for email address and sender name deviations. Common social engineering cues include:
Requests to obtain sensitive information
Asking for transfers of money
Unusual or sudden purchase requests
Sudden changes to direct deposit
8 - Stay cautious on public Wi-Fi
Avoid accessing sensitive information when using public Wi-Fi. Hackers may easily steal data from unsecured networks.
9 - Use anti-phishing tools
Download anti-phishing add-ons that can help protect you against phishing attacks on every device. These tools block access to malicious websites by analyzing emails and URLs for known phishing patterns. Here are some popular anti-phishing addons you can use:
Netcraft Extension: By monitoring websites and alerting them with a warning message when suspicious sites are detected, the anti-phishing add-on compares them against databases of phishing sites.
Avira Browser Safety: Blocking malicious websites such as phishing sites, the add-on scans downloads for malware.
Web of Trust (WOT): Basing their ratings on trustworthiness and reputation, the add-on warns users of websites' poor reputations.
10 - Always report suspicious activity
Immediately report suspected phishing scams to appropriate authorities, such as your IT department or the Federal Trade Commission. By reporting, you can help your IT department identify potential phishing threats so they can prevent further attacks in the future.
為什麼遠端員工更容易受到網路釣魚攻擊?
由於以下幾個關鍵因素,遠端員工特別容易遭到網路釣魚攻擊:
監督有限:遠端工作人員通常缺乏辦公室同事和 IT 團隊的直接監督,因此更難及時發現和報告可疑活動。
使用個人裝置:與企業系統相比,個人裝置和家庭網路的安全性通常較弱,從而增加網路釣魚的風險。
嚴重依賴數位通訊:遠端工作取決於電子郵件、訊息應用程式和視訊通話,這些通訊是網路釣魚嘗試的常見渠道。數位通訊量很大會使識別惡意訊息變得困難。
減少安全培訓:遠端員工可能會較少接受定期網路安全培訓的權限,因此他們對識別和處理網路釣魚威脅的準備就不足。
社會工程風險增加:與外部合作夥伴和客戶的頻繁互動為社交工程攻擊提供更多機會,網絡釣魚者會被視為值得信賴的聯繫人。
透過針對性的訓練和強大的安全措施來解決這些漏洞,對於保護遠端員工免受網路釣魚攻擊的必要
Preventing Phishing Attacks Starts With You
Posing a significant threat to individuals and organizations, phishing attacks can lead to financial losses, reputation damage, and unauthorized access to private information.
However, employees can effectively mitigate these attacks by staying informed, being vigilant, and following these practical tips and techniques. Educating ourselves and others, staying cautious, and reporting suspicious activity can help prevent further phishing attacks and protect ourselves and our organizations from harm.
開始使用 Splashtop 安全遠端存取解決方案
尋找適合您業務的安全遠端存取解決方案?Splashtop 遠端存取軟體提供了一種安全的方式,讓員工可以從任何地方存取他們的工作電腦,功能包括端到端加密、多因素驗證、基於角色的存取控制、記錄等。使用 Splashtop,您可以放心,您的數據和網絡是安全的。深入了解 Splashtop 安全性和所有Splashtop 解決方案。
To test your phishing knowledge, take Google’s free online phishing quiz!
