恶意软件
病毒和蠕虫可以在你不知情的情况下安装在你的系统中. 一旦他们这么做了, 他们可以使用你的机器作为操作的基础,为他们的利益将你的系统货币化. This can be done by forcing ad pop-ups on you, 收集你的私人数据并将其发送到幕后的中心位置, collecting corporate data 和 siphoning that off, 和更多的.
恶意软件是一个涵盖了许多不同形式的攻击的大术语. 要记住的重要事情是总是报告机器上的奇怪事件, to be very careful what you click on 和 what suspicious emails you open.
Always be aware of links on 网站, that they go where they say they do. 你可以看到, on the lower status bar of most modern browsers, the actual destination of the link you intend to follow.
也, 的电子邮件, 在你关注他们之前,确保他们是来自他们所说的人,并且邮件中的任何链接或附件都是预期的.
垃圾邮件
垃圾邮件 is one of the oldest forms of cybersecurity risk. Though most spam is simply clutter, 占用你的时间, 仍然有大量的组织使用垃圾邮件来传播我们可以想象的各种网络安全风险. 垃圾邮件,来自陌生人的不受欢迎的电子邮件,通常充满了网络钓鱼企图,恶意软件等等.
网络钓鱼
网络钓鱼诈骗积极地试图欺骗你收集个人和机构的信息.
These emails often impersonate people you know: coworkers, school administrators 和 faculty, 金融机构, service desks 和 even your personal friends.
The goals of phishing attempts are one of two things:
- Tricking you into giving them personal information such as passwords, 密码, 和 other 保密 information.
- Installing software (often called spyware) onto your machine, 还有网络, that is used to gather information, 和 even to destroy your files on occasion.
网络钓鱼的例子
Below is an example of a phishing email. 注意事项如下:
- 发件人的电子邮件地址冒充了一个可能来自真实用户(raym_82), 但 why would I send a school email from a personal account? 此外,“formsmail.com” is not a recognizable email service provider.
- “微软合作伙伴银色应用程序开发”标志与电子邮件的主题无关.
- The email link does not include a “.Com "或".edu”的网址. And why would MSM’s name be used in the link?
- 不太明显, 但 if the email is coming from a member of the MSM IT staff, it should be signed with their name, 学校联系方式, 帮助台联系信息或更多独特的信息,以帮助您联系,以防您有问题或需要帮助. 事实上,它是一个通用的“终端用户客户端支持”签名,除了回复虚假的电子邮件之外,你没有机会联系到他们.
For a further example, see the email below 和 note the following:
- A request for immediate action, i.e. “Action Required” or an alarming tone in the text (“Your computer has a virus!”).
- A “FROM” email address that appears suspicious. 在这种情况下,合法的微软电子邮件永远不会从第三方域名(如 no-reply@stabletransit.com.
- 上空盘旋 (不要点击) any links to view the web site(s) the email wants to direct you to. In the examples below, one of the links appears to be suspicious (ver.com.ua/u) while the other appears legitimate.
- Grammatical or spelling errors are common in phishing attempts. 在下面的例子中,“require”的过去式在邮件文本中被错误地使用了.
捕鲸
捕鲸袭击, also known as whaling phishing, 是一种特定类型的网络钓鱼攻击,目标是机构的知名员工或教职员工,以窃取敏感信息. In many whaling phishing attacks, 攻击者的目标是操纵受害者向攻击者授权高价值的电汇.
嫁接
嫁接是一种尝试将流量从假定的目的地重定向到攻击者已经决定的目的地. 通过这种方式,他们可以收集诸如账号、密码等信息.
间谍软件
间谍软件通常是一个安装在你的计算设备上的小程序,没有通过一个网站询问,一个恶意攻击带你去, or a spam email linked you to, 或作为附件携带, 然后,它会保存在你的电脑上,并将你的个人信息发送到一个存储库. 收集的信息可能包括密码,以及个人和公司文件.
社交媒体
Social media sites can be a fantastic way to connect to friends 和 family, 但 they are also places users need to be extra careful. Be wary of sharing too much personal information, 因为这些数据可以用来猜测密码,甚至回答安全问题. Be extra critical of strangers, 和 remember it is easy to claim to be someone, 即使是专家, without needing to offer proof.
Social media is also a hotbed of bad data, 新闻和其他信息对你来说可能听起来不错,但实际上是错误的, 和 that can even put you at risk. Always double check sources or information 和 be skeptical.
Change passwords frequently 和 never reuse passwords; that way your security will be enhanced.