Saturday, September 13, 2008

如何識破"釣魚"網站

簡介



"釣魚"網站,英文稱之為"phishing website",其危害性在於他們能假扮一些大眾"耳熟能詳"的網站如匯豐,花旗銀行, Ebay, PayPal等等。盜賊通常會透過電郵,裝扮是由銀行,信用卡公司,網上銀行等團體訛稱"因系統更新,你必需更新你的用戶名及密碼, 現在點擊這裡更新吧!"這類的郵件。 坦白說,這些"釣魚"網站模仿度極高,一般人是很難分所點擊的是真還是假。

就是因為一般讀者比較難分別,小的著那2-3年IT打工知識,及十多二十年用電腦的經驗希望與讀者分享以下簡易10招助你識破"釣魚"騙局


如何識破"釣魚"網站


第一招 - 背熟所有"出名"金融機構,網上拍賣,付款公司網站地址
為什麼? 在過去經驗,我發現大多數這類"郵件",他們都是訛稱銀行如花旗銀行,匯豐,巴克萊等, 網上付款(Paypal), 拍賣網,(Ebay)這些有名氣公司的用戶作行騙的對象。所以如你能熟記這些公司網址,匪徒便較難得逞。在香港來說,銀行公會旗下的銀行有:

http://www.hsbc.ocm.hk/
http://www.standardchartered.com.hk/
http://www.hangseng.com.hk/
http://www.hkbea.com/
http://www.boc.com.hk/

如欲查詢香港所有銀行網址,請到銀行公會網頁: http://www.hkab.org.hk/asp/public/memberBank.asp?Submit=Search&key=All&lan=b5

拍賣網站:

http://www.ebay.com.hk/
http://hk.auctions.yahoo.com.hk/
http://www.taobao.com/ - 淘寶網


網上收錢服務:
http://www.paypal.com/
http://www.99bill.com/ - 國內

第二招:

切勿點擊一些自稱銀行發來的電郵連接。尤其是一些要更新個人資料的電郵。用戶應該先另外在瀏覽器打上發電郵機構的官方網址(如上),查明該電郵是否真的由那閒機構發出,才回去點擊。

第三招: 升級瀏覽器

現在的瀏覽器,為保護網上用戶,都已經加了一些防釣魚網站的功能如Windows的IE8, Firefox 3, Google chrome等。請你現在就升級吧!

Firefox 3: http://www.mozilla.com/en-US/firefox/

IE8: http://www.microsoft.com/windows/internet-explorer/beta/default.aspx

Google chrome: http://www.google.com/chrome

第四招: 安裝免費網上保安軟件
AVG 提供免費個人版網上保安軟件,功能包括: 掃毒,反垃圾郵件,反釣魚網站等。如下圖:
那個紅交叉就是AVG覺得那些網站能破壞你的電腦,最好就是不要瀏覽好了!

"守住這四招,包你唔重招" - 電腦保安也可以好容易!
想閱讀更多網上保安資訊? 請到PC security tips, 謝謝!













Friday, August 22, 2008

Protect Yourself from Phising Scams

What is phishing?


According to webopedia.com, phisting pronounce as “fishing” is an act sending an email to a user that falsely claim to be an established legitimate company (such as ebay, Paypal, Google Adwords) in an attempt to scam the user into giving up their private information for the purpose of identity theft. Always, the email directs the victim to visit a web site that they are asked to update their personal data such as passwords, credit-cards social security, bank account numbers that the legitimate organizations already have. The web site however is a bogus one and the scammers learn how to pretend the real legitimate company website.


How do you spot fake or phising emails


If you receive emails from established companies like Ebay, PayPal, online banking like Citibanks,

and so on and their subject looks lilke “Update Your Account Information Within 24 Hours or it will be suspended” you should pay attention and don't click any links embedded in the message body. Instead you should type in the full website address of the established company that the email pretends. The reason is if the update is so important, the company so have something mention in their official web site. If in doubt you should forward the whole email message to the company customer support.


This probably easiest way to check if the email you received is a legitimate one.


The other way to protect yourself from this phising scams is to update your internet browsers to the latest version. I personally use firefox 2 and it warns you if some website looks suspicious. Initernet Explorer 7, I think has a similar feature, so if you are a window fan I strongly suggest you download the latest version by logging into microsoft.com


That's for today.


Thanks for reading


About the author:

Stop your being a victim of latest PC threats! Read these PC Security Tips and help you to save the day!