This article describes how to identify phishing emails and preventive measures.
How to identify phishing emails to enhance security protection:
Please keep in mind that any email that asks your account password and jumps to external links is a phishing email, which is untrustworthy. Please immediately report it as spam and delete it! And don't click on any links and attachments in the email!
The commonly used phishing email tricks:
1. Embezzlement of official website pictures, forgery of well-known domain names or company domain names, or even complete theft of specific information of official website or users' common contacts, and counterfeiting of trusted emails. Provide a false reason to induce the user to submit an email account and password or induce the user to pay. The email usually contains some reason.
Examples:
"We are updating and upgrading the email account center."
"We are removing inactive users"
"The order payment has been entered into your payment account, please check it."
"My remittance account has been updated, please put the money into my new account"
"Email password expiration notification"
"Alert: Insufficient storage space"
2. The subject of the email will attract the user's attention and usually appear urgent, very scary or very attractive.
Here are some common examples:
"Mail account abnormal use alert! Please enter for inspection immediately."
"The account has detected a security risk" or "need to verify your information or the account will be closed! ! ! !"
"You won an iphone6 in the double 11 Shopping Carnival. Please submit your personal information so that you can mail the prize."
"Notify all departments"
3. Disguising the sender and disguising the trusted link address are the most common ways for swindlers. Please check carefully.
It looks like the user has received an official email from a trusted user or a trusted website at first glance, but if you carefully check the sending address or check the original text of the email, you will know that it is fake. Usually, scammers just use a similar email account to send emails. Or use very similar link addresses to trick recipients into clicking.
Examples:
Your customer mailbox is a hellenliu@ali****.com, the scammer disguised sender is hellen e liu@al l ****.com;
The service address of the trusted official website is the http://taob ao .com/****, and the connection in the mail is actually the http://taob oa .com/*****;
"Your login permissions have been modified by an administrator"
4. Through the email attachment deception.
Scammers trick you into clicking and downloading attachments through emails. It could be detection software or a Trojan, and once you click to download the attachment, the fraudster can steal your password and take control of your mailbox. Although our email system has already provided the attachment virus scanning function, it is still inevitable that there will be some leaks. Please remember not to click on the attachment to download at will.
5. Fraud emails usually refer to you as "respected customer", "client" or "respected user" instead of your real name. Through this item, you can simply check suspicious phishing emails.
6. The camouflage of the picture attached to the email content cannot be displayed, which induces the user to click and misleads the user to submit the account password.
You can use the following methods to protect your account security and prevent password theft:
Please report and delete immediately any email that requests your account password information.
If you want to verify the authenticity of the email, manually enter the company's URL instead of clicking on the link embedded in the email.
Don't use simple passwords, increase password complexity, and get in the habit of changing passwords regularly.
Backup several sets of common passwords and do not use the same password in various network services.
Do not allow PCs to automatically "save account passwords", especially in public places (Internet cafes, hotels, etc.).
Do not enter your email account and password on third-party websites at will to raise awareness of prevention.
Even for personal computers, you should periodically manually force logout at all logged-in sites for safe logout.
We recommend that you enable secondary authentication for email logon to prevent password leaks from being used by criminals.
No technical means can 100% prevent the generation of phishing emails. The pre-job and regular training for users in the organization, as well as spam sending drills, are conducive for employees to enhance their awareness of prevention.