Phishing: Difference between revisions

From xat wiki
m (Made the capitalization consistent)
No edit summary
(45 intermediate revisions by 10 users not shown)
Line 3: Line 3:
<translate>
<translate>
<!--T:1-->
<!--T:1-->
Have you ever heard of anyone who has lost their xats, or had their account taken over? It's probably because they got "phished".
Phishing is a fraudulent attempt to steal personal information, such as your e-mail address and password. On xat, you might encounter users who try to steal your e-mail address, password, xats, days, powers, and sometimes, your identity. Protect yourself whenever using xat by knowing how to recognize phishing attempts so you can report and not fall for phishing tricks.


==What is Phishing?== <!--T:2-->
==Common phishing tricks== <!--T:2-->
 
</translate><span id="commontricks"></span><translate>


<!--T:3-->
<!--T:3-->
Phishing is a trick used by criminals to steal your email & password. It is not a "security flaw", and you're not getting "hacked." It's entirely preventable by you, if you know what to look for. You've probably been warned by your online bank about phishing websites, but most people don't think or worry about phishing when using their xat account. On xat, the phishers are trying to steal your xats, your days, your powers, your identity and your email account.
* Linking a page that looks exactly the same or similar to xat's registered user account management page.
 
* Convincing users to click on a link by offering free xats, days, and/or powers.
==How Does the Scam work?== <!--T:4-->
* An urgent request for personal information: passwords, e-mail address etc.
* A message requiring immediate action to avoid a problem like losing access to your xat account or your account being deleted.
* Asking to download a third party program called ".sol Editor" and to provide the "Value" that's located above the category "Number."
* Impersonating administrators or [[<tvar|1>Special:MyLanguage/Volunteers</>|volunteers]] in an attempt to collect information or purchased items.


<!--T:5-->
'''NOTE:''' NEVER click on suspicious links/downloads or provide any personal information to unknown users.
It starts with the person trying to phish you by making a webpage that looks just like the login page of the website you're trying to use. Then the phisher comes up with a creative way to get you to click on the link to that page, maybe saying you'll get free xats, days or powers. When you see the link and click it, you are presented with the fake login page created by the phisher. If you enter your info, you've been "phished" - you've fallen for the trick, and they've captured your username and password. The phisher will then login to your account and steal your xats, your days, your powers, your identity or your email account.


<!--T:6-->
==Tips for spotting a phishing e-mail== <!--T:4-->
IMPORTANT: If a page asks for your email password, IT IS A PHISHING PAGE. xat will NEVER ask for your email password.


<!--T:7-->
</translate><span id="spotphishing"></span><translate>
Some sites may ask you to sign up for their forum or other features. If you use the same password as you have for your email account or xat account then they could use it to phish you. You should NEVER use the same password on your email account or xat account as you use for your login to ANY other site.


<!--T:8-->
<!--T:5-->
Scammers may ask you to give them a .sol file from your computer or have you download a sol editor and tell them the numbers, maybe by promising you will be owner of a chat or be unbannable. These numbers are your passcodes and should be kept secret. A scammer with these numbers could phish you. You should NEVER give secret files or passcodes to anyone else.
* Always look at the 'from' e-mail address, and ensure it isn't suspicious. Even the e-mail can sometimes be spoofed.
 
* Scammers often attempt to make the e-mail look as legitimate as possible by including a logo or professional name such as "Account Support."
==How Can I Protect Myself?== <!--T:9-->
* Hover over links in an e-mail before clicking on them. The link could direct you to a suspicious address completely unrelated to the text in the link.
 
* Never open or download anything unless you are sure they come from a safe source.
<!--T:10-->
To make sure you don't get phished, you have to understand exactly how it works. When you click on a link in a chat box it may show the image below as a header to warn you not to enter your xat password on this new website.
 
<!--T:11-->
[[Image:Phish.png]]
 
<!--T:12-->
Please do not always rely on this warning showing, as the linkvalidator system is not perfect. We place every effort into making the system as effective as it can be.  
 
====Make sure you only enter your username and Password on xat.com==== <!--T:13-->
There is only one easy way to know that you are at the real login page. That's by looking at your browser's address bar, the place you view or type in the URL of the website you want to visit. By looking there, you'll know what website you are actually on at the moment. For xat, the only page you should login to is "xat.com" or "m.xat.com". You may think you know exactly what the xat login page looks like and that someone could not trick you into typing your info into a fake page, but it is very easy to fall for this! It's also very easy for anyone to make an exact copy of the xat login page, or the login page of any website you use.
 
====Your email password is only to log in to your email==== <!--T:14-->
xat will never ask you for your email password. Only use your email password to log in to your email. If a login page asks you for your email password it is not a xat page, it is a phishing page.
 
====Turn on account locking==== <!--T:15-->
Account locking will increase the security of your account. See [[AccountLocking]] for details. Note that this is not a substitute being cautious to avoiding being phished (see above).
 
====Use different passwords for different accounts==== <!--T:16-->
You should NEVER use the same password on your email account or xat account as you use for your login to ANY other site. If someone managed to phish your password on their site, they would have control of your email as well. Often this means they can access all your accounts on every site you use and it's more difficult to regain control of them again. If your email password is used on other sites, including xat.com, you should change it right away. If your email account has been phished you should contact your email provider for assistance.
 
====Use strong passwords==== <!--T:17-->
To make a strong password that cannot easily be guessed, combine letters and numbers into a lengthy password of at least 8 characters, though 14 characters is ideal. Avoid using your name, username, birthday, repeated characters, and common words in your password.
 
====Giving personal information==== <!--T:18-->
Don't share your password with anybody else, regardless of how much you trust them. They could take over your account, or they could fall for a phishing scam using your account information. Also, do not give your register link to someone else (link looks like http://xat.com/web_gear/chat/register.php?UserId=123456&k2=123456). Do not share anything odd with another user including cookies or web page source. If a user asks you for data from your PC they are almost certainly trying to steal your account.
 
====Change your passwords regularly==== <!--T:19-->
It is recommended you change your passwords regularly, at least once a month.


==What do I do if I think I've been phished?== <!--T:20-->
==Protecting yourself== <!--T:6-->


<!--T:21-->
</translate><span id="protectyourself"></span><translate>
If you think your account has been phished, immediately change your password for your xat account, and your password for your email account. Use the forgotten password feature on xat if you can't login. Changing your passwords will keep out the phisher. For other problems please contact us by ticket at http://xat.com/ticket with "xat I may have been phished" as the subject of the message.


<!--T:31-->
To prevent yourself from getting phished by a criminal, we recommend the following:


== Logging into other users' accounts == <!--T:29-->
<!--T:32-->
*Consider reading the [[<tvar|3>Special:MyLanguage/Password</>|Password]] wiki article for tips on creating a strong password. Do NOT use the same password for any other e-mail addresses or accounts you may have, even if it has nothing to do with xat. You're only increasing your chances of other accounts you have from being compromised.
*ALWAYS make sure that you are on xat's registered user account management page by looking at the URL bar. The link should appear as https://xat.com/web_gear/chat/register.php or https://xat.com/login.
*Enable xat's account security features: [[<tvar|1>Special:MyLanguage/Account protection</>|Account Protection]] and [[<tvar|2>Special:MyLanguage/Account_Protection#Account_Locking</>|Account Locking]].


<!--T:30-->
==How to report phishing== <!--T:20-->
Under '''no''' circumstances should you ever log in to someone else's account. This is a direct violation of xat.com's terms of service and discovery of this may lead to your own accounts being deleted. If another user needs help they should open a ticket.


==How can I report suspected phishing sites?== <!--T:23-->
</translate><span id="reportphishing"></span><translate>


<!--T:24-->
<!--T:33-->
Go to http://xat.com/ticket and report the site to the "Report Phishing Site" department and xat will take appropriate action.
If you think you may be a victim of phishing or an unauthorized user may have compromised your account, change the password to not only your account, but your e-mail address as well.


==Think you're a pro on avoiding being phished?== <!--T:25-->
<!--T:34-->
To report a phishing website, submit a [https://util.xat.com/support/open.php ticket] under the "Report Phishing Site" help topic. Provide proof about the occurrence, such as the date and time of when you went on the phishing website. The sooner you report the phishing website, the faster the phishing website will be shut down.


<!--T:26-->
<!--T:35-->
If you think that you're now educated on phishing, why not prove it? To test your knowledge, take the [http://util.xat.com/quiz/ xat Phishing Quiz] now.
NEVER log into another user's account, even if you've been granted permission to. You will be in direct violation of xat's [<tvar|1>https://xat.com/terms</> Terms of Service]. Failure to follow xat's terms of service will result in your account being torched and/or deleted.


</translate>
</translate>


[[Category:Security]]
{{Category|Security}}

Revision as of 02:26, 5 June 2019

Phishing is a fraudulent attempt to steal personal information, such as your e-mail address and password. On xat, you might encounter users who try to steal your e-mail address, password, xats, days, powers, and sometimes, your identity. Protect yourself whenever using xat by knowing how to recognize phishing attempts so you can report and not fall for phishing tricks.

Common phishing tricks

  • Linking a page that looks exactly the same or similar to xat's registered user account management page.
  • Convincing users to click on a link by offering free xats, days, and/or powers.
  • An urgent request for personal information: passwords, e-mail address etc.
  • A message requiring immediate action to avoid a problem like losing access to your xat account or your account being deleted.
  • Asking to download a third party program called ".sol Editor" and to provide the "Value" that's located above the category "Number."
  • Impersonating administrators or volunteers in an attempt to collect information or purchased items.

NOTE: NEVER click on suspicious links/downloads or provide any personal information to unknown users.

Tips for spotting a phishing e-mail

  • Always look at the 'from' e-mail address, and ensure it isn't suspicious. Even the e-mail can sometimes be spoofed.
  • Scammers often attempt to make the e-mail look as legitimate as possible by including a logo or professional name such as "Account Support."
  • Hover over links in an e-mail before clicking on them. The link could direct you to a suspicious address completely unrelated to the text in the link.
  • Never open or download anything unless you are sure they come from a safe source.

Protecting yourself

To prevent yourself from getting phished by a criminal, we recommend the following:

  • Consider reading the Password wiki article for tips on creating a strong password. Do NOT use the same password for any other e-mail addresses or accounts you may have, even if it has nothing to do with xat. You're only increasing your chances of other accounts you have from being compromised.
  • ALWAYS make sure that you are on xat's registered user account management page by looking at the URL bar. The link should appear as https://xat.com/web_gear/chat/register.php or https://xat.com/login.
  • Enable xat's account security features: Account Protection and Account Locking.

How to report phishing

If you think you may be a victim of phishing or an unauthorized user may have compromised your account, change the password to not only your account, but your e-mail address as well.

To report a phishing website, submit a ticket under the "Report Phishing Site" help topic. Provide proof about the occurrence, such as the date and time of when you went on the phishing website. The sooner you report the phishing website, the faster the phishing website will be shut down.

NEVER log into another user's account, even if you've been granted permission to. You will be in direct violation of xat's Terms of Service. Failure to follow xat's terms of service will result in your account being torched and/or deleted.