psa加密
A fascinating new phishing attempt it making the rounds disguising itself as a receipt from the App Store, tricking unsuspecting users into coughing up all of their personal details. Here’s what you need to know and how to stay safe.
一种引人入胜的新的网络钓鱼尝试,使该回合伪装成来自App Store的收据,诱使毫无戒心的用户咳嗽了所有个人信息。 这是您需要知道的以及如何保持安全。
As reported by Bleeping Computer, the attempt shows up as an email with an attached PDF receipt for somewhere in the range of $30. With that, there’s a highly convenient “Issues with this transaction?” link at the bottom of the page.
正如Bleeping Computer报道的那样 ,尝试以电子邮件的形式显示,并附有PDF收据,价格在30美元左右。 这样,就有一个非常方便的“此交易有问题吗?” 页面底部的链接。
Uninformed users click the link, of course, expecting to dispute the fraudulent charge. They’re then presented with a convincing-looking page with a less-convincing URL asking them to log in with their Apple ID. It’s also worth noting that this is a secure website, leading to an even bigger reason to assume it’s legit. But just because a site is secure, doesn’t mean it’s safe.
不知情的用户单击链接,当然希望对欺诈性收费提出异议。 然后,向他们显示一个令人信服的页面,其中包含一个不太令人信服的URL,要求他们使用其Apple ID登录。 还值得注意的是,这是一个安全的网站,导致更大的理由认为它是合法的。 但是, 仅仅因为网站是安全的 ,并不意味着它是安全的 。
After attempting to log in, a warning is displayed stating that the ID has been locked for security reasons. A handy Unlock Account button is just below, which is where things get really bad. Clicking this button takes users to a new page asking for every damn detail you can imagine. Name, address, phone number, social security number, date of birth, payment info, and security questions/answers are all found on the form—this is an identity theft convenience kit.
尝试登录后,将显示一条警告,指出该ID已出于安全原因而被锁定。 方便的“解锁帐户”按钮位于下方,这真是很糟糕的地方。 单击此按钮会将用户带到新页面,询问您可以想象的每一个细节。 姓名,地址,电话号码,社会保险号,出生日期,付款信息和安全问题/答案都可以在表格上找到-这是一个身份盗窃便利工具包。
But this is also where things get really interesting—after submitting the form, it states that the account is automatically logged out then redirects to a legitimate Apple page. Users log in, assuming that all is right with the world again when that couldn’t be further from the truth—the attacker just got everything they wanted. All your information put together in a nice little form. Yuck.
但这也是使事情变得真正有趣的地方-提交表单后,它指出该帐户自动注销,然后重定向到合法的 Apple页面。 用户登录时,假设世界再次一切正常,而这离事实真相还遥不可及-攻击者可以轻松获得所需的一切。 您所有的信息都以漂亮的小形式组合在一起。 uck
As pointed out by Bleeping Computer, the URL is the main thing that gives the whole thing away is the funky URLs (which were redacted from the original post for obvious reasons), but the point remains: if something looks awry, it probably is.
正如Bleeping Computer所指出的那样,URL是使整个事情消失的主要因素是时髦的URL(出于明显的原因从原始帖子中删除了这些URL),但重点仍然是:如果某些东西看起来不对,则可能是这样。
As stated previously, the weakness of this campaign is their use of very suspicious URLs. An observant person will easily see that the URLs are not legitimate, look strange, and should be avoided. For this reason, it is very important that users do not open links from strange emails and instead go directly to a company’s web site. If they do open links from emails, it is always important to analyze the URL of the landing page to make sure you are at a legitimate site.
如前所述,此广告活动的弱点是使用了非常可疑的URL。 细心的人会很容易看到URL是非法的,看起来很奇怪,应该避免使用。 因此,用户不要打开来自陌生电子邮件的链接,而应直接访问公司的网站,这一点非常重要。 如果他们确实打开了电子邮件中的链接,则分析登录页面的URL以确保您位于合法站点始终很重要。
As always, the key to staying safe is knowing what you’re up against. So pay attention to the details and stay vigilant.
与往常一样,保持安全的关键是知道您要面对的挑战。 因此,请注意细节并保持警惕。
psa加密
扫一扫
3284
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
