Phishing/de: Difference between revisions

From xat wiki
(Updating to match new version of source page)
(Updating to match new version of source page)
Line 1: Line 1:
{{shortcut}}<languages/>
{{shortcut}}<languages/>
<div style="float:right; margin: 15px 0 0 15px">__TOC__</div>
<div style="float:right; margin: 15px 0 0 15px">__TOC__</div>
Haben Sie jemals von jemanden gehört, der seine xats verloren hat oder dessen Konto übernommen wurde. Es ist wahrscheinlich, da dieser "Phished" wurde.
Have you ever been in a situation where you log into your account, only to find out that some of your xats, days and/or powers are missing? Do you suspect that an unauthorized user may have attempted to compromise your account and succeeded? You might be a victim of what we call "phishing."


===Was ist Phishing?===
===Was ist Phishing?===


Phishing ist ein Trick welcher von Kriminellen benutzt wird um Ihre E-Mail Account und Passwort zu stehlen. Dies ist keine "Sicherheitslücke" und Sie werden nicht "gehackt". Es ist durchaus vermeidbar, indem Sie wissen worauf Sie achten müssen. Sie wurden wahrscheinlich bereits von Ihrer Bank vor Phising gewarnt wurden aber viele Benutzer denken nicht über Phishing bei Benutzung Ihres xats Konto. Auf xat werden die Phisher versuchen, Ihre xats, Ihre Tage, Ihre Powers, Ihre Identität und Ihr E-Mail-Konto zu stehlen.
Phishing is a trick used by criminals to steal personally identifiable information, such as your e-mail address and password for example. It is not a security flaw and you are not getting hacked. As long as you know what to look for, you can prevent yourself from being phished. You've probably been warned before by your online bank about phishing websites, but most users don't think or worry about being phished when using their "xat" account. On xat, there are criminals who want to steal your e-mail address, password, xats, days, powers and most of all, your identity.


===Wie funktioniert dieser Betrug?===
===Wie funktioniert dieser Betrug?===
Line 17: Line 17:
===Wie kann ich mich selber schützen?===
===Wie kann ich mich selber schützen?===


To make sure you don't get phished, you have to understand exactly how it works. When you click on a link in a chat box it may show the image below as a header to warn you not to enter your xat password on this new website.
In order to prevent yourself from getting phished by a criminal, we highly recommend you follow these precautionary steps:


[[Image:Phish.png]]
'''Step #01:''' When you're logging into your account, ALWAYS make sure you're on xat's registered user account management [http://xat.com/web_gear/chat/register.php page]. You can find out if you're on the correct page by looking at the URL bar, which is located at the top-left corner of your web browser. If the link shows '''http://xat.com/web_gear/chat/register.php''', you're on the correct page. If it shows anything other than the link provided, do NOT enter your e-mail address or registered username and password on that page. Leave the page immediately and report the phishing website by submitting a [http://util.xat.com/support/open.php ticket] under the category "Report Phishing Site." You do not need to be a paid user to submit a ticket under this category.


Please do not always rely on this warning showing, as the linkvalidator system is not perfect. We place every effort into making the system as effective as it can be.  
'''Step #02:''' When you're logging into your account, you have the option of either entering the e-mail address that's associated with your account or your registered username. When it comes to entering your password, ALWAYS make sure it's the password that's associated with your account and not your e-mail address. xat will NEVER ask you for the password that's associated with your e-mail address under any circumstances. In order to ensure your account is fully protected, use a password that isn't the same password as your e-mail address. Also, make sure your password is alphanumeric, which consists of both letters and numbers (but not symbols) and make it so it's easy for you to figure out, but hard for a criminal to figure out. As long as it contains at least 10 characters (or more), you'll be all set. Don't make your password too long or you might forget it. We highly recommend you avoid using patterns or words in your password and always change your password on a monthly basis. It's better to be safe than sorry.


====Make sure you only enter your username and password on xat.com====
'''Step #03:''' When it comes to fully protecting your account, we highly recommend you enable the following features: account protection, account locking and account authentication. For more information regarding account protection, click [http://util.xat.com/wiki/index.php?title=Account_Protection#xat_Account_Protection here]. For more information regarding account locking, click [http://util.xat.com/wiki/index.php?title=Account_Protection#Account_Locking here]. For more information regarding account authentication, click [http://util.xat.com/wiki/index.php?title=Authentication here].
There is only one easy way to know that you are at the real login page. That's by looking at your browser's address bar, the place you view or type in the URL of the website you want to visit. By looking there, you'll know what website you are actually on at the moment. For xat, the only page you should login to is "xat.com" or "m.xat.com". You may think you know exactly what the xat login page looks like and that someone could not trick you into typing your info into a fake page, but it is very easy to fall for this! It's also very easy for anyone to make an exact copy of the xat login page, or the login page of any website you use.
 
====Your email password is only to log in to your email====
xat will never ask you for your email password. Only use your email password to log in to your email. If a login page asks you for your email password it is not a xat page, it is a phishing page.
 
====Turn on account locking====
Account locking will increase the security of your account. See [[AccountLocking]] for details. Note that this is not a substitute being cautious to avoiding being phished (see above).
 
====Use different passwords for different accounts====
You should NEVER use the same password on your email account or xat account as you use for your login to ANY other site. If someone managed to phish your password on their site, they would have control of your email as well. Often this means they can access all your accounts on every site you use and it's more difficult to regain control of them again. If your email password is used on other sites, including xat.com, you should change it right away. If your email account has been phished you should contact your email provider for assistance.
 
====Use strong passwords====
To make a strong password that cannot easily be guessed, combine letters and numbers into a lengthy password of at least 8 characters, though 14 characters is ideal. Avoid using your name, username, birthday, repeated characters, and common words in your password.
 
====Giving personal information====
Don't share your password with anybody else, regardless of how much you trust them. They could take over your account, or they could fall for a phishing scam using your account information. Also, do not give your register link to someone else (link looks like http://xat.com/web_gear/chat/register.php?UserId=123456&k2=123456). Do not share anything odd with another user including cookies or web page source. If a user asks you for data from your PC they are almost certainly trying to steal your account.
 
====Change your passwords regularly====
It is recommended you change your passwords regularly, at least once a month.


===Was kann ich machen, wenn ich denke ich wurde Phished?===
===Was kann ich machen, wenn ich denke ich wurde Phished?===


If you think your account has been phished, immediately change your password for your xat account, and your password for your email account. Use the forgotten password feature on xat if you can't login. Changing your passwords will keep out the phisher. For other problems please contact us by ticket at http://xat.com/ticket with "xat I may have been phished" as the subject of the message.
If you suspect that an unauthorized user may have compromised your account, do NOT panic. It will only make the situation much worse than it needs to be. The first thing you need to do is change the password to not only your account, but your e-mail address as well, for extra security measures. Also, if you remember the link of the phishing website you were on, report the phishing website as soon as possible by submitting a [http://util.xat.com/support/open.php ticket] under the category "Report Phishing Site" and provide as much sufficient information as you can, such as the date and time of when you went on the phishing website and the date and time of when you got phished. The sooner you report the phishing website, the quicker it will take to have the phishing website shut down. Under any circumstances, you should NEVER log into another user's account, even if you've been granted permission to. You will be in direct violation of xat's terms of service. Failure to comply with xat's terms of service will result in your account being torched and/or deleted.
 
 
== Logging into other users' accounts ==
 
Under '''no''' circumstances should you ever log in to someone else's account. This is a direct violation of xat.com's terms of service and discovery of this may lead to your own accounts being deleted. If another user needs help they should open a ticket.
 
===Wie kann ich Phishing Seiten melden?===
 
Gehen Sie zu http://xat.com/ticket und melden Sie die Webseite, wählen Sie "Report Phishing Site" aus, die Abteilung und Xat werden entsprechende Maßnahmen ergreifen.
 
===Sie denken, Sie sind ein Pro in Sache Schutz vor Betrügerei?===
 
Wenn Sie der Meinung sind, dass Sie jetzt auf Phishing erzogen sind, wieso beweisen Sie es nicht? Testen Sie Ihr wissen, nehmen Sie an [http://util.xat.com/quiz/ xat Phishing Quiz] teil.




[[Category:Security]]
[[Category:Security]]

Revision as of 22:33, 29 November 2015

Have you ever been in a situation where you log into your account, only to find out that some of your xats, days and/or powers are missing? Do you suspect that an unauthorized user may have attempted to compromise your account and succeeded? You might be a victim of what we call "phishing."

Was ist Phishing?

Phishing is a trick used by criminals to steal personally identifiable information, such as your e-mail address and password for example. It is not a security flaw and you are not getting hacked. As long as you know what to look for, you can prevent yourself from being phished. You've probably been warned before by your online bank about phishing websites, but most users don't think or worry about being phished when using their "xat" account. On xat, there are criminals who want to steal your e-mail address, password, xats, days, powers and most of all, your identity.

Wie funktioniert dieser Betrug?

A criminal will start off by creating a page that looks exactly the same as xat's registered user account management page. Then, the criminal will create a link (which will redirect to the page) and come up with a convincing way to lure a user into clicking on the link. An example might be offering xats, days and/or powers for free, as long as you click on the link and enter your e-mail address and password into the text box provided. That is definitely a red flag. Under any circumstances, you should NEVER click on the link, nor should you enter your e-mail address and password, regardless of whether it's free. Just by clicking on the link itself, the criminal may already have your IP address.

NOTE: If you come across a page that asks you for the password that's associated with your e-mail address (not your account), it's a phishing website. xat will NEVER ask you for that under any circumstances. Also, do NOT use the same password for any other e-mail addresses or accounts you may have, even if it has nothing to do with xat. You're only increasing your chances of everything else getting compromised.

Besides creating a duplicate page, there is also another way that criminals are doing to steal personally identifiable information from users. What they're doing is either asking users for their flash shared object file or asking users to download a third party program on their computer called ".sol Editor" and want users to provide them the "Value" that's located above the category "Number." Under any circumstances, do NOT provide them the value that's associated with your account. Giving them the value is just like giving them the password and you will end up being phished.

Wie kann ich mich selber schützen?

In order to prevent yourself from getting phished by a criminal, we highly recommend you follow these precautionary steps:

Step #01: When you're logging into your account, ALWAYS make sure you're on xat's registered user account management page. You can find out if you're on the correct page by looking at the URL bar, which is located at the top-left corner of your web browser. If the link shows http://xat.com/web_gear/chat/register.php, you're on the correct page. If it shows anything other than the link provided, do NOT enter your e-mail address or registered username and password on that page. Leave the page immediately and report the phishing website by submitting a ticket under the category "Report Phishing Site." You do not need to be a paid user to submit a ticket under this category.

Step #02: When you're logging into your account, you have the option of either entering the e-mail address that's associated with your account or your registered username. When it comes to entering your password, ALWAYS make sure it's the password that's associated with your account and not your e-mail address. xat will NEVER ask you for the password that's associated with your e-mail address under any circumstances. In order to ensure your account is fully protected, use a password that isn't the same password as your e-mail address. Also, make sure your password is alphanumeric, which consists of both letters and numbers (but not symbols) and make it so it's easy for you to figure out, but hard for a criminal to figure out. As long as it contains at least 10 characters (or more), you'll be all set. Don't make your password too long or you might forget it. We highly recommend you avoid using patterns or words in your password and always change your password on a monthly basis. It's better to be safe than sorry.

Step #03: When it comes to fully protecting your account, we highly recommend you enable the following features: account protection, account locking and account authentication. For more information regarding account protection, click here. For more information regarding account locking, click here. For more information regarding account authentication, click here.

Was kann ich machen, wenn ich denke ich wurde Phished?

If you suspect that an unauthorized user may have compromised your account, do NOT panic. It will only make the situation much worse than it needs to be. The first thing you need to do is change the password to not only your account, but your e-mail address as well, for extra security measures. Also, if you remember the link of the phishing website you were on, report the phishing website as soon as possible by submitting a ticket under the category "Report Phishing Site" and provide as much sufficient information as you can, such as the date and time of when you went on the phishing website and the date and time of when you got phished. The sooner you report the phishing website, the quicker it will take to have the phishing website shut down. Under any circumstances, you should NEVER log into another user's account, even if you've been granted permission to. You will be in direct violation of xat's terms of service. Failure to comply with xat's terms of service will result in your account being torched and/or deleted.