恶意软件
Viruses 和 worms can install themselves in your system without you even knowing it. 一旦他们这么做了, they can use your machine as a base of operations to monetize your system for their benefit. 这可以通过强迫你弹出广告来实现, collecting your private data 和 sending it off to a central location behind the scenes, 收集公司数据,然后吸走, 和更多的.
恶意软件 is a large umbrella term that encompasses many different forms of attack. The important things to remember are to always report strange events on your machine, 要非常小心你点击的内容和你打开的可疑邮件.
永远要注意网站上的链接,它们会去到它们说要去的地方. 你可以看到, 在大多数现代浏览器的下方状态栏, 您想要访问的链接的实际目的地.
也, 的电子邮件, ensure they are from who they say they are 和 that any links or attachments within the email are expected before you follow them.
垃圾邮件
垃圾邮件是最古老的网络安全风险之一. 虽然大多数垃圾邮件只是杂乱的, 占用你的时间, there are still large groups that use spam to spread every kind of cybersecurity risk we can imagine. 垃圾邮件, unwanted email from strangers, is often filled with phishing attempts, malware, 和更多的.
网络钓鱼
网络钓鱼 scams actively try to fool you to gather personal 以及机构信息.
这些邮件通常冒充你认识的人:同事, 学校管理人员和教师, 金融机构, 服务台,甚至是你的私人朋友.
网络钓鱼的目的有两个:
- 骗你给他们个人信息,比如密码, 密码, 以及其他保密信息.
- 将软件(通常称为间谍软件)安装到您的机器上, 还有网络, 那是用来收集信息的, 有时甚至会毁掉你的文件.
网络钓鱼的例子
下面是一个网络钓鱼邮件的例子. 注意事项如下:
- The sender’s email address impersonated one that could have come from a real user (raym_82), 但我为什么要用个人账户给学校发邮件呢? 此外,“formsmail.Com”不是一个可识别的电子邮件服务提供商.
- The “Microsoft Partner Silver Application Development” logo is not relevant to the topic of the email.
- 邮件链接中没有“.Com "或".edu”的网址. 为什么MSM的名字会出现在链接中?
- 不太明显, 但如果这封邮件是来自男男性接触者的IT人员, 应该签上他们的名字, 学校联系方式, help desk contact info or more distinctive information to help you reach out in case you have questions or need help. The fact that it’s a generic “End user client support” signature offers you no opportunity to reach out other than by replying to the bogus email.
对于进一步的例子,请参阅下面的电子邮件并注意以下事项:
- 要求立即采取行动的请求.e. “需要采取行动”或文本中的警告语气(“您的计算机有病毒!”).
- 可疑的“FROM”电子邮件地址. In this case, a legitimate Microsoft email would never be sent from a third-party domain such as no-reply@stabletransit.com.
- 上空盘旋 (不要点击) 查看电子邮件想要引导您到的网站的任何链接. 在下面的例子中,其中一个链接似乎是可疑的.com.Ua /u),而另一个看起来是合法的.
- 语法或拼写错误在网络钓鱼中很常见. In the example below, the past tense of “require” was used erroneously in the text of the email.
捕鲸
捕鲸袭击, 也被称为捕鲸钓鱼, is a specific type of phishing attack that targets high-profile staff or faculty at institutions in order to steal sensitive information. 在许多捕鲸钓鱼攻击中, the attacker’s goal is to manipulate the victim into authorizing high-value wire transfers to the attacker.
嫁接
嫁接 is an attempt to redirect traffic from its supposed destination to one the attacker has decided on. This way they can gather information such as account numbers, passwords, 和更多的.
间谍软件
间谍软件 is often a small program installed on your computing device without asking via a website that a pharming attack took you to, 或者是垃圾邮件链接, 或作为附件携带, that will then sit on your computer 和 send your personal information to a repository. The information collected may include passwords, as well as personal 和 corporate documents.
社交媒体
社交媒体网站是与朋友和家人联系的绝佳方式, 但它们也是用户需要格外小心的地方. 小心不要分享太多的个人信息, as this data can be used to guess at passwords 和 even answer security questions. 对陌生人格外挑剔, 记住,要自称是某个人是很容易的, 即使是专家, 不需要提供证据.
社交媒体也是不良数据的温床, news 和 other information that may sound good to you 但 that is factually false, 这甚至会让你处于危险之中. 一定要仔细检查来源或信息,并持怀疑态度.
Change passwords frequently 和 never reuse passwords; that way your security will be enhanced.