Làm cách nào tôi có thễ nhận diện một web site bị phishing/How can I identify a phishing web site?
If you receive an email (or instant message) from someone you
don't know directing you to sign in to a web site, be careful! You may
have received a phishing email
with links to a phishing web site. A phishing web site (sometimes
called a "spoofed" site) tries to steal your account password or other
confidential information by tricking you into believing you're on a
legitimate web site. You can even land on a phishing site by mistyping a
URL (web address).
Is that web site legitimate? Don't be fooled by a site that looks real. It's easy for phishers to create web sites that look like the genuine article, complete with the logos and other graphics of a trusted web site.
Other web sites, such as those for banks and other financial institutions, may offer a similar feature to help protect you against phishing scams.
Is that web site legitimate? Don't be fooled by a site that looks real. It's easy for phishers to create web sites that look like the genuine article, complete with the logos and other graphics of a trusted web site.
Important: If you're at all unsure about a web site, do not sign in. The safest thing to do is to close and then reopen your browser, and then type the URL into your browser's Address bar. Typing the correct URL is the best way to be sure you're not redirected to a spoofed site.Phishers are becoming more and more sophisticated in designing their phony web sites. There's no surefire way to know if you're on a phishing site, but here's some hints that can help you distinguish a real web site from a phishing site.
Check the web address
Just because the address looks OK, don't assume you're on a
legitimate site. Look in your browser's Address bar for these signs that
you may be on a phishing site:
- Incorrect company name. Often the web address of a phishing site looks correct, but actually contains a common misspelling of the company name or a character or symbol before or after the company name. Look out for tricks such as substituting the number "1" for the letter "l" in a web address (for example, www.paypa1.com instead of www.paypal.com).
- http:// at the start of the address on Yahoo! sign-in pages. Check the web site address for any Yahoo! sign-in page. A legitimate Yahoo! sign-in page address starts with "https://." Look for the letter "s" following "http."
- Missing slash.
To verify that you're on a legitimate Yahoo! site, make sure a forward
slash (" / ") appears after "yahoo.com" in the Address bar -- like these
examples:
A slash (" / ") after "yahoo.com" can help identify a Yahoo! site.
For example, "http://www.yahoo.com:login&mode=secure" is a fake web site address.
Important: A legitimate Yahoo! sign-in page never starts with "http://geocities.yahoo.com."
If you land on a GeoCities page with a Yahoo! sign-in box, report it as a phishing web site immediately.
Be leery of pop-ups
Be careful if you're sent to a web site that first displays a
pop-up window asking you to enter your user name and password. Phishing
scams may direct you to a legitimate web site, but then use a pop-up to
gain your account information.
Give a fake password
If you not sure if a site is authentic, don't use your real
password to sign in. If you enter a fake password and appear to be
signed in, you're likely on a phishing site. Do not enter any more
information; close your browser. Keep in mind, though, that some
phishing sites automatically display an error message regardless of the
password you enter. So, just because your fake password is rejected,
don't assume the site is legitimate.
Look for your sign-in seal when you sign in to Yahoo!
A sign-in seal is a secret message or image that you select to
display in your Yahoo! sign-in box to help protect your account from
phishers. Because the sign-in seal is secret between your computer and
Yahoo!, you can be sure you're on a legitimate Yahoo! site each time use
that computer to sign in to Yahoo!. Just look for the custom text or
image you set up. If it's not there, you might have landed on a phishing
site. Creating a sign-in seal is fast and easy.Other web sites, such as those for banks and other financial institutions, may offer a similar feature to help protect you against phishing scams.
Use a web browser with anti-phishing detection
Both Internet Explorer and Mozilla Firefox web browsers have free add-ons (or "plug-ins") that can help you detect phishing sites.
Be wary of other methods to identify a legitimate site
Some methods used to indicate a safe site can't always be trusted.
A small unbroken key or locked padlock at the bottom of your browser is
not a reliable indicator of a legitimate web site. Just because there's
a key or lock and the security certificate looks authentic, don't
assume the site is legitimate.
No comments:
Post a Comment