Phishing: Difference between revisions

Revision as of 02:26, 5 June 2019

Other languages:

Phishing is a fraudulent attempt to steal personal information, such as your e-mail address and password. On xat, you might encounter users who try to steal your e-mail address, password, xats, days, powers, and sometimes, your identity. Protect yourself whenever using xat by knowing how to recognize phishing attempts so you can report and not fall for phishing tricks.

Common phishing tricks

Linking a page that looks exactly the same or similar to xat's registered user account management page.
Convincing users to click on a link by offering free xats, days, and/or powers.
An urgent request for personal information: passwords, e-mail address etc.
A message requiring immediate action to avoid a problem like losing access to your xat account or your account being deleted.
Asking to download a third party program called ".sol Editor" and to provide the "Value" that's located above the category "Number."
Impersonating administrators or volunteers in an attempt to collect information or purchased items.

NOTE: NEVER click on suspicious links/downloads or provide any personal information to unknown users.

Tips for spotting a phishing e-mail

Always look at the 'from' e-mail address, and ensure it isn't suspicious. Even the e-mail can sometimes be spoofed.
Scammers often attempt to make the e-mail look as legitimate as possible by including a logo or professional name such as "Account Support."
Hover over links in an e-mail before clicking on them. The link could direct you to a suspicious address completely unrelated to the text in the link.
Never open or download anything unless you are sure they come from a safe source.

Protecting yourself

To prevent yourself from getting phished by a criminal, we recommend the following:

Consider reading the Password wiki article for tips on creating a strong password. Do NOT use the same password for any other e-mail addresses or accounts you may have, even if it has nothing to do with xat. You're only increasing your chances of other accounts you have from being compromised.
ALWAYS make sure that you are on xat's registered user account management page by looking at the URL bar. The link should appear as https://xat.com/web_gear/chat/register.php or https://xat.com/login.
Enable xat's account security features: Account Protection and Account Locking.

How to report phishing

If you think you may be a victim of phishing or an unauthorized user may have compromised your account, change the password to not only your account, but your e-mail address as well.

To report a phishing website, submit a ticket under the "Report Phishing Site" help topic. Provide proof about the occurrence, such as the date and time of when you went on the phishing website. The sooner you report the phishing website, the faster the phishing website will be shut down.

NEVER log into another user's account, even if you've been granted permission to. You will be in direct violation of xat's Terms of Service. Failure to follow xat's terms of service will result in your account being torched and/or deleted.

@@ Line 3: / Line 3: @@
 <translate>
 <!--T:1-->
-Have you ever been in a situation where you log into your account, only to find out that some of your xats, days and/or powers are missing? Do you suspect that an unauthorized user may have attempted to compromise your account and succeeded? You might be a victim of what we call "phishing."
+Phishing is a fraudulent attempt to steal personal information, such as your e-mail address and password. On xat, you might encounter users who try to steal your e-mail address, password, xats, days, powers, and sometimes, your identity. Protect yourself whenever using xat by knowing how to recognize phishing attempts so you can report and not fall for phishing tricks.
-==What is phishing?== <!--T:2-->
+==Common phishing tricks== <!--T:2-->
+</translate><span id="commontricks"></span><translate>
 <!--T:3-->
-Phishing is a trick used by criminals to steal personally identifiable information, such as your e-mail address and password for example. It is not a security flaw and you are not getting hacked. As long as you know what to look for, you can prevent yourself from being phished. You've probably been warned before by your online bank about phishing websites, but most users don't think or worry about being phished when using their "xat" account. On xat, there are criminals who want to steal your e-mail address, password, xats, days, powers and most of all, your identity.
+* Linking a page that looks exactly the same or similar to xat's registered user account management page.
+* Convincing users to click on a link by offering free xats, days, and/or powers.
-==How does the scam work?== <!--T:4-->
+* An urgent request for personal information: passwords, e-mail address etc.
+* A message requiring immediate action to avoid a problem like losing access to your xat account or your account being deleted.
+* Asking to download a third party program called ".sol Editor" and to provide the "Value" that's located above the category "Number."
+* Impersonating administrators or [[<tvar|1>Special:MyLanguage/Volunteers</>|volunteers]] in an attempt to collect information or purchased items.
-<!--T:5-->
+'''NOTE:''' NEVER click on suspicious links/downloads or provide any personal information to unknown users.
-A criminal will start off by creating a page that looks exactly the same as xat's registered user account management page. Then, the criminal will create a link (which will redirect to the page) and come up with a convincing way to lure a user into clicking on the link. An example might be offering xats, days and/or powers for free, as long as you click on the link and enter your e-mail address and password into the text box provided. That is definitely a {{Color|#FF0000|'''red flag'''}}. Under any circumstances, you should NEVER click on the link, nor should you enter your e-mail address and password, regardless of whether it's free. Just by clicking on the link itself, the criminal may already have your IP address.
-<!--T:6-->
+==Tips for spotting a phishing e-mail== <!--T:4-->
-'''NOTE:''' If you come across a page that asks you for the password that's associated with your e-mail address (not your account), it's a phishing website. xat will NEVER ask you for that under any circumstances. Also, do NOT use the same password for any other e-mail addresses or accounts you may have, even if it has nothing to do with xat. You're only increasing your chances of everything else getting compromised.
-<!--T:8-->
+</translate><span id="spotphishing"></span><translate>
-Besides creating a duplicate page, there is also another way that criminals are doing to steal personally identifiable information from users. What they're doing is either asking users for their flash shared object file or asking users to download a third party program on their computer called ".sol Editor" and want users to provide them the "Value" that's located above the category "Number." Under any circumstances, do NOT provide them the value that's associated with your account. Giving them the value is just like giving them the password and you will end up being phished.
-==How can I protect myself?== <!--T:9-->
+<!--T:5-->
+* Always look at the 'from' e-mail address, and ensure it isn't suspicious. Even the e-mail can sometimes be spoofed.
-In order to prevent yourself from getting phished by a criminal, we highly recommend you follow these precautionary steps:
+* Scammers often attempt to make the e-mail look as legitimate as possible by including a logo or professional name such as "Account Support."
+* Hover over links in an e-mail before clicking on them. The link could direct you to a suspicious address completely unrelated to the text in the link.
-'''Step #01:''' When you're logging into your account, ALWAYS make sure you're on xat's registered user account management [http://xat.com/web_gear/chat/register.php page]. You can find out if you're on the correct page by looking at the URL bar, which is located at the top-left corner of your web browser. If the link shows '''http://xat.com/web_gear/chat/register.php''', you're on the correct page. If it shows anything other than the link provided, do NOT enter your e-mail address or registered username and password on that page. Leave the page immediately and report the phishing website by submitting a [http://util.xat.com/support/open.php ticket] under the category "Report Phishing Site." You do not need to be a paid user to submit a ticket under this category.
+* Never open or download anything unless you are sure they come from a safe source.
-'''Step #02:''' When you're logging into your account, you have the option of either entering the e-mail address that's associated with your account or your registered username. When it comes to entering your password, ALWAYS make sure it's the password that's associated with your account and not your e-mail address. xat will NEVER ask you for the password that's associated with your e-mail address under any circumstances. In order to ensure your account is fully protected, use a password that isn't the same password as your e-mail address. Also, make sure your password is alphanumeric, which consists of both letters and numbers (but not symbols) and make it so it's easy for you to figure out, but hard for a criminal to figure out. As long as it contains at least 10 characters (or more), you'll be all set. Don't make your password too long or you might forget it. We highly recommend you avoid using patterns or words in your password and always change your password on a monthly basis. It's better to be safe than sorry.
-==What do I do if I think I've been phished?== <!--T:20-->
+==Protecting yourself== <!--T:6-->
-<!--T:21-->
+</translate><span id="protectyourself"></span><translate>
-If you think your account has been phished, immediately change your password for your xat account, and your password for your email account. Use the forgotten password feature on xat if you can't login. Changing your passwords will keep out the phisher. For other problems please contact us by ticket at http://xat.com/ticket with "xat I may have been phished" as the subject of the message.
+<!--T:31-->
+To prevent yourself from getting phished by a criminal, we recommend the following:
-== Logging into other users' accounts == <!--T:29-->
+<!--T:32-->
+*Consider reading the [[<tvar|3>Special:MyLanguage/Password</>|Password]] wiki article for tips on creating a strong password. Do NOT use the same password for any other e-mail addresses or accounts you may have, even if it has nothing to do with xat. You're only increasing your chances of other accounts you have from being compromised.
+*ALWAYS make sure that you are on xat's registered user account management page by looking at the URL bar. The link should appear as https://xat.com/web_gear/chat/register.php or https://xat.com/login.
+*Enable xat's account security features: [[<tvar|1>Special:MyLanguage/Account protection</>|Account Protection]] and [[<tvar|2>Special:MyLanguage/Account_Protection#Account_Locking</>|Account Locking]].
-<!--T:30-->
+==How to report phishing== <!--T:20-->
-Under '''no''' circumstances should you ever log in to someone else's account. This is a direct violation of xat.com's terms of service and discovery of this may lead to your own accounts being deleted. If another user needs help they should open a ticket.
-==How can I report suspected phishing sites?== <!--T:23-->
+</translate><span id="reportphishing"></span><translate>
-<!--T:24-->
+<!--T:33-->
-Go to http://xat.com/ticket and report the site to the "Report Phishing Site" department and xat will take appropriate action.
+If you think you may be a victim of phishing or an unauthorized user may have compromised your account, change the password to not only your account, but your e-mail address as well.
-==Think you're a pro on avoiding being phished?== <!--T:25-->
+<!--T:34-->
+To report a phishing website, submit a [https://util.xat.com/support/open.php ticket] under the "Report Phishing Site" help topic. Provide proof about the occurrence, such as the date and time of when you went on the phishing website. The sooner you report the phishing website, the faster the phishing website will be shut down.
-<!--T:26-->
+<!--T:35-->
-If you think that you're now educated on phishing, why not prove it? To test your knowledge, take the [http://util.xat.com/quiz/ xat Phishing Quiz] now.
+NEVER log into another user's account, even if you've been granted permission to. You will be in direct violation of xat's [<tvar|1>https://xat.com/terms</> Terms of Service]. Failure to follow xat's terms of service will result in your account being torched and/or deleted.
 </translate>
-[[Category:Security]]
+{{Category|Security}}