Phishing/bs: Difference between revisions

From xat wiki
(Updating to match new version of source page)
(Updating to match new version of source page)
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{shortcut}}<languages/>
{{shortcut}}<languages/>
<div style="float:right; margin: 15px 0 0 15px">__TOC__</div>
<div style="float:right; margin: 15px 0 0 15px">__TOC__</div>
Jeste li ikad čuli da je neko izgubio xats, ili da im je neko preuzeo račun? Vjerovatno su bili "fišovani".
Have you ever been in a situation where you log into your account, only to find out some of your xats, days and/or powers missing? Do you suspect that an unauthorized user may have attempted to compromise your account and succeeded? You may be a victim of what is called "phishing".


===Šta je fišing?===
===Šta je fišing?===
<span id="whatphishing"></span>
Phishing is a trick used by criminals to steal personally identifiable information, such as your e-mail address and password. It is not a security flaw and you are not getting hacked. As long as you know what to look for, you can prevent yourself from being phished. You've probably been warned before by your online bank about phishing websites, but most users don't think or worry about being phished when using their xat account. On xat, there are criminals who want to steal your e-mail address, password, xats, days, powers, and most of all, your identity.


Fišing je trik koji koriste kriminalci kako bi ukrali vaš imejl i šifru. To nije sigurnosna mana, i niste "hakovani". U potpunosti možete da ovo spriječite, ako znate na šta treba da pazite. Sigurno ste do sada bili upozoreni od strane vaše onlajn banke o fišing sajtovima, ali mnogi ljudi ne brinu o tome dok koriste njihov xat račun. Na xatu fišeri pokušavaju da ukradu vaše xats, days, powers, identitet i imejl račun.
==How does phishing work?==
<span id="howphishing"></span>
A criminal may create a page that looks exactly the same as xat's registered user account management page. Then, the criminal will create a link (which will redirect to the page) and come up with a convincing way to lure a user into clicking on the link. An example might be offering xats, days and/or powers for free, as long as you click on the link and enter your e-mail address and password into the text box provided. That is definitely a {{Color|#FF0000|'''red flag'''}}. Under NO circumstances should you ever click on the link, nor should you enter your e-mail address and password, regardless of whether or not you think it is free. Just by clicking on the link itself, the criminal may already have your IP address.


===Kako krađa funkcioniše?===
'''NOTE:''' If you come across a page that asks you for the password that's associated with your e-mail address (not your account), it's a phishing website. xat will '''NEVER''' ask you for that under any circumstances. Also, do '''NOT''' use the same password for any other e-mail addresses or accounts you may have, even if it has nothing to do with xat. You're only increasing your chances of other accounts you have getting compromised.


Krađa započinje tako što osoba pokuša da vas fišuje tako što napravi stranicu koja izgleda identično kao login strana websajta koji pokušavate da koristite. Onda fišer smisli kreativan način da vas nagovori da kliknete na link koji vodi na tu stranu ubjeđujući vas da ćete dobiti besplatne xats, days i powers. Kada vidite link i kliknete ga, predstavljena vam je lažna login strana, napravljena od strane fišera. Ako ukucate svoje informacije, fišovani ste-upali ste u zamku i oni su sačuvali vaše korisničko ime i šifru. Fišer će onda da uđe na vaš profil i ukrade vaše xats, days i powers, vaš identitet, kao i vaš imejl račun.
Besides creating a duplicate page, there is also another way that criminals are using to steal personally identifiable information from users. What they're doing is either asking users for their flash shared object file, or asking users to download a third party program on their computer called ".sol Editor" and wanting users to provide them the "Value" that's located above the category "Number." Under NO circumstances should you provide them the value that's associated with your account. Giving them the value is just like giving them the password and you will end up being phished.
 
VAŽNO: ako neka stranica traži šifru vašeg imejla, TO JE FIŠING STRANA. xat NIKADA NEĆE tražiti šifru vašeg imejla.
 
Neki sajtovi će možda tražiti od vas da se prijavite na njihov forum ili druge odlike. Ako koristite istu šifru kao i za vaš imejl račun, oni tu informaciju mogu iskoristiti kako bi vaš fišovali. NIKADA ne bi trebalo da koristite vašu imejl ili xat šifru za neke druge sajtove.
 
Kradljivci će možda tražiti da im date .sol fajl sa vašeg računara, ili će vam reći da downloadujete sol urednik i kažete im brojeve, uz obećanje da ćete biti ovner na četu ili vas neće moći banovati. Ovi brojevi su vaše lozinke i treba da ostanu tajna. Kradljivac uz ove brojeve može da vas fišuje. NIKADA ne bi trebalo da dajete bilo kome tajne fajlove ili lozinke.


===Kako da se zaštitim?===
===Kako da se zaštitim?===
<span id="howprotect"></span>
In order to prevent yourself from getting phished by a criminal, we highly recommend you follow these precautionary steps:


Kako biste se osigurali od fišovanja, morate da razumijete kako ono funkcioniše. Kada kliknete na link u čet boxu, moguće je da će se pojaviti slika ispod koja će vas upozoriti da ne ukucavate vašu xat šifru na tom vebsajtu.
'''Step 1:''' When you are logging into your account, ALWAYS make sure that you are on xat's registered user account management [https://xat.com/web_gear/chat/register.php page]. You can find out if you are on the correct page by looking at the URL bar, which is located at the top-left corner of your web browser. If the link shows '''https://xat.com/web_gear/chat/register.php''', you are on the correct page. If it shows anything other than the link provided, do NOT enter your e-mail address, username or password on that page. Leave the page immediately, and report the phishing website by submitting a [https://util.xat.com/support/open.php ticket] under the category "Report Phishing Site." You do not need to be a paid user to submit a ticket in this department.


[[Image:Phish.png]]
'''Step 2:''' When you are logging into your account, you have the option of either entering the e-mail address that is associated with your account, or your registered username. When it comes to entering your password, ALWAYS make sure it is the password that is associated with your account, and not your e-mail address. xat will NEVER ask you for the password that is associated with your e-mail address under any circumstances. In order to ensure your account is fully protected, use a password that is not the same password as your e-mail address. Also, make sure your password is alphanumeric, which consists of both letters and numbers (but not symbols). Make sure that your password is not easily guessable. As  long as it contains at least 10 characters (or more), you will be fine. Do not make your password too long or you might forget it. We highly recommend you avoid using patterns or words in your password, and to always change your password on a monthly basis. It's better to be safe than sorry.


Please do not always rely on this warning showing, as the linkvalidator system is not perfect. We place every effort into making the system as effective as it can be.
'''Step 3:''' When it comes to fully protecting your account, we highly recommend that you enable xat's account security features: [[Special:MyLanguage/Account protection|Account Protection]], [[Special:MyLanguage/Account_Protection#Account_Locking|Account Locking]] and [[Special:MyLanguage/Authentication|Account Authentication]]. For more information on any of these account security features, click the respective links.
 
====Uvjerite se da ukucate vaše korisničko ime i šifru samo na xat.com====
Postoji samo jedan lak način da se uvjerite da ste na pravoj stranici za prijavu, a to je da pogledate na adress bar na vašem pretraživaču (mjesto na kojem vidite ili kucate URL sajta koji želite da posjetite). Pogledavši tu, znat ćete na kojem se sajtu trenutno nalazite. Za xat, jedina strana na kojoj treba da se prijavite je "xat.com" ili "m.xat.com". Možda mislite da znate kako prijavna stranica na xatu izfleda i da vas niko ne može prevariti, ali je veoma lako pasti na ovo. Također je lako bilo kome napraviti identičnu kopiju xat prijavne strane, ili prijavne strane za bilo koji drugi sajt.
 
====Vaša imejl šifra služi samo za prijavu na vaš imejl====
Xat vam nikada neće tražiti šifru vašeg imejla. Koristite je samo za prijavu na vaš imejl račun. Ako neka prijavna strana traži šifru vašeg imejla, to nije xat strana, nego fišing strana.
 
====Turn on account locking====
Account locking will increase the security of your account. See [[AccountLocking]] for details. Note that this is not a substitute being cautious to avoiding being phished (see above).
 
====Koristite različite šifre za različite naloge====
NIKADA ne bi trebalo da koristite istu šifru za xat ili imejl nalog, kao za ostale sajtove. Ako neko uspije da fišuje vašu šifru na nekom sajtu, onda može da se domogne i vašeg imejla. Ovo uglavnom znači da mogu da imaju pristup vašim nalozima na svakom sajtu koji koristite i teže je povratiti kontrolu nad njima. Ako koristite vašu imejl šifru na drugim sajtovima, trebalo bi da je odmah promijenite. Ako neko fišuje vaš nalog, kontaktirajte imejl provajdera za pomoć.
 
====Use strong passwords====
To make a strong password that cannot easily be guessed, combine letters and numbers into a lengthy password of at least 8 characters, though 14 characters is ideal. Avoid using your name, username, birthday, repeated characters, and common words in your password.
 
====Davanje ličnih informacija====
Ne govorite nikome svoju šifru, čak iako im vjerujete 100%, oni mogu da preuzmu vaš račun ili da padnu na krađu koristeći informacije vezane za vaš račun. Također, ne dajite nikome registarski link (link izgleda ovako: http://xat.com/web_gear/chat/register.php?UserId=123456&k2=123456 ). Ne dijelite ništa čudno sa drugima, poput kolačića ili izvora web stranice. Ako korisnik traži informacije vezane za vaš računar, najvjerovatnije pokušavaju da vam ukradu račun.
 
====Change your passwords regularly====
It is recommended you change your passwords regularly, at least once a month.


===Šta da radim ako mislim da sam fišovan?===
===Šta da radim ako mislim da sam fišovan?===
<span id="helpphished"></span>
If you suspect that an unauthorized user may have compromised your account, do NOT panic. It will only make the situation much worse than it needs to be. The first thing you need to do is change the password to not only your account, but your e-mail address as well, for extra security measures. Also, if you remember the link of the phishing website you were on, report the phishing website as soon as possible by submitting a [https://util.xat.com/support/open.php ticket] under the category "Report Phishing Site" and provide as much sufficient proof about the occurrence as you can, such as the date and time of when you went on the phishing website and the date and time of when you got phished. The sooner you report the phishing website, the faster the phishing website will be shut down.


If you think your account has been phished, immediately change your password for your xat account, and your password for your email account. Use the forgotten password feature on xat if you can't login. Changing your passwords will keep out the phisher. For other problems please contact us by ticket at http://xat.com/ticket with "xat I may have been phished" as the subject of the message.
Under NO circumstances should you EVER log into another user's account, even if you've been granted permission to. You will be in direct violation of xat's [https://xat.com/terms Terms of Service]. Failure to comply with xat's terms of service will result in your account being torched and/or deleted.
 
 
== Logging into other users' accounts ==
 
Under '''no''' circumstances should you ever log in to someone else's account. This is a direct violation of xat.com's terms of service and discovery of this may lead to your own accounts being deleted. If another user needs help they should open a ticket.
 
===Kako da prijavim moguće fišing sajtove?===
 
Idite na http://xat.com/ticket i prijavite sajt na "Report Phishing Site" odjelu, a xat će preduzeti odgovarajuće mjere.
 
===Mislite da ste pro u izbjegavanju fišovanja?
 
Ako mislite da ste upućeni o fišovanju, zašto da ne testirate znanje? Da to uradite, isprobajte se u  [http://util.xat.com/quiz/ xat Fišing kvizu] odmah!




[[Category:Security]]
{{Category|Security}}

Revision as of 22:29, 10 July 2017

Have you ever been in a situation where you log into your account, only to find out some of your xats, days and/or powers missing? Do you suspect that an unauthorized user may have attempted to compromise your account and succeeded? You may be a victim of what is called "phishing".

Šta je fišing?

Phishing is a trick used by criminals to steal personally identifiable information, such as your e-mail address and password. It is not a security flaw and you are not getting hacked. As long as you know what to look for, you can prevent yourself from being phished. You've probably been warned before by your online bank about phishing websites, but most users don't think or worry about being phished when using their xat account. On xat, there are criminals who want to steal your e-mail address, password, xats, days, powers, and most of all, your identity.

How does phishing work?

A criminal may create a page that looks exactly the same as xat's registered user account management page. Then, the criminal will create a link (which will redirect to the page) and come up with a convincing way to lure a user into clicking on the link. An example might be offering xats, days and/or powers for free, as long as you click on the link and enter your e-mail address and password into the text box provided. That is definitely a red flag. Under NO circumstances should you ever click on the link, nor should you enter your e-mail address and password, regardless of whether or not you think it is free. Just by clicking on the link itself, the criminal may already have your IP address.

NOTE: If you come across a page that asks you for the password that's associated with your e-mail address (not your account), it's a phishing website. xat will NEVER ask you for that under any circumstances. Also, do NOT use the same password for any other e-mail addresses or accounts you may have, even if it has nothing to do with xat. You're only increasing your chances of other accounts you have getting compromised.

Besides creating a duplicate page, there is also another way that criminals are using to steal personally identifiable information from users. What they're doing is either asking users for their flash shared object file, or asking users to download a third party program on their computer called ".sol Editor" and wanting users to provide them the "Value" that's located above the category "Number." Under NO circumstances should you provide them the value that's associated with your account. Giving them the value is just like giving them the password and you will end up being phished.

Kako da se zaštitim?

In order to prevent yourself from getting phished by a criminal, we highly recommend you follow these precautionary steps:

Step 1: When you are logging into your account, ALWAYS make sure that you are on xat's registered user account management page. You can find out if you are on the correct page by looking at the URL bar, which is located at the top-left corner of your web browser. If the link shows https://xat.com/web_gear/chat/register.php, you are on the correct page. If it shows anything other than the link provided, do NOT enter your e-mail address, username or password on that page. Leave the page immediately, and report the phishing website by submitting a ticket under the category "Report Phishing Site." You do not need to be a paid user to submit a ticket in this department.

Step 2: When you are logging into your account, you have the option of either entering the e-mail address that is associated with your account, or your registered username. When it comes to entering your password, ALWAYS make sure it is the password that is associated with your account, and not your e-mail address. xat will NEVER ask you for the password that is associated with your e-mail address under any circumstances. In order to ensure your account is fully protected, use a password that is not the same password as your e-mail address. Also, make sure your password is alphanumeric, which consists of both letters and numbers (but not symbols). Make sure that your password is not easily guessable. As long as it contains at least 10 characters (or more), you will be fine. Do not make your password too long or you might forget it. We highly recommend you avoid using patterns or words in your password, and to always change your password on a monthly basis. It's better to be safe than sorry.

Step 3: When it comes to fully protecting your account, we highly recommend that you enable xat's account security features: Account Protection, Account Locking and Account Authentication. For more information on any of these account security features, click the respective links.

Šta da radim ako mislim da sam fišovan?

If you suspect that an unauthorized user may have compromised your account, do NOT panic. It will only make the situation much worse than it needs to be. The first thing you need to do is change the password to not only your account, but your e-mail address as well, for extra security measures. Also, if you remember the link of the phishing website you were on, report the phishing website as soon as possible by submitting a ticket under the category "Report Phishing Site" and provide as much sufficient proof about the occurrence as you can, such as the date and time of when you went on the phishing website and the date and time of when you got phished. The sooner you report the phishing website, the faster the phishing website will be shut down.

Under NO circumstances should you EVER log into another user's account, even if you've been granted permission to. You will be in direct violation of xat's Terms of Service. Failure to comply with xat's terms of service will result in your account being torched and/or deleted.