Phishing/es: Difference between revisions

From xat wiki
No edit summary
No edit summary
Line 11: Line 11:
Se inicia con una persona tratando de timarte (phishing) haciendo una página web que se parece a la página de login/acceso del sitio web que está intentando utilizar. A continuación, el pisher (timador) aparece de una forma creativa para que usted haga clic en el enlace de su página. Un ejemplo puede ser ofreciendo xats, days, y/o powers gratis, siempre y cuando hagas clic en el link e introduzcas tu correo electrónico y contraseña en los recuadros de textos que se te proveerán. Esto definitivamente es una{{Color|#FF0000|'''alarta roja'''}}. Bajo ninguna circunstancia, debes de dar clic en el link, o entrar tu correo y contraseña, independientemente si esto es gratuito. Solo con dar clic en el link en si, el timador puede obtener tu dirección IP.
Se inicia con una persona tratando de timarte (phishing) haciendo una página web que se parece a la página de login/acceso del sitio web que está intentando utilizar. A continuación, el pisher (timador) aparece de una forma creativa para que usted haga clic en el enlace de su página. Un ejemplo puede ser ofreciendo xats, days, y/o powers gratis, siempre y cuando hagas clic en el link e introduzcas tu correo electrónico y contraseña en los recuadros de textos que se te proveerán. Esto definitivamente es una{{Color|#FF0000|'''alarta roja'''}}. Bajo ninguna circunstancia, debes de dar clic en el link, o entrar tu correo y contraseña, independientemente si esto es gratuito. Solo con dar clic en el link en si, el timador puede obtener tu dirección IP.


'''NOTE:''' If you come across a page that asks you for the password that's associated with your e-mail address (not your account), it's a phishing website. xat will NEVER ask you for that under any circumstances. Also, do NOT use the same password for any other e-mail addresses or accounts you may have, even if it has nothing to do with xat. You're only increasing your chances of everything else getting compromised.
'''IMPORTANTE:''' Si llegas a una página que te pregunte por la contraseña que esta asociada a tu dirección de E-mail (no tu cuenta de xat), es un website de pishing. xat NUNCA te pedirá esta información bajo ninguna circunstancia. De paso, NO uses la misma contraseña para ningún otro correo electrónico que tengas u otras cuentas que tengas, aunque no tengan que ver con xat. Sólo estarías incrementando la posibilidad de que todo este comprometido.


Besides creating a duplicate page, there is also another way that criminals are doing to steal personally identifiable information from users. What they're doing is either asking users for their flash shared object file or asking users to download a third party program on their computer called ".sol Editor" and want users to provide them the "Value" that's located above the category "Number." Under any circumstances, do NOT provide them the value that's associated with your account. Giving them the value is just like giving them the password and you will end up being phished.
Besides creating a duplicate page, there is also another way that criminals are doing to steal personally identifiable information from users. What they're doing is either asking users for their flash shared object file or asking users to download a third party program on their computer called ".sol Editor" and want users to provide them the "Value" that's located above the category "Number." Under any circumstances, do NOT provide them the value that's associated with your account. Giving them the value is just like giving them the password and you will end up being phished.

Revision as of 03:04, 30 November 2015

¿Alguna vez te ha pasado que haces login en tu cuenta, para encontrar que te faltan algunos xats, days o powers? ¿Sospechas que algún usuario no-autorizado ha intentado comprometer tu cuenta, y lo ha logrado? Puede que hayas sido victima de lo que llamamos "pishing".

¿Qué es Phishing?

El phishing es una trampa utilizada por los delincuentes para robar su correo electrónico y contraseña. No se trata de una falla de "seguridad", ni usted está siendo "hackeado". Puedes prevenirlo fácilmente si sabes lo que se debe hacer. Usted probablemente ha sido advertido por su banco en línea acerca de los sitios web de phishing/timos, pero la mayoría de las personas no piensan ni se preocupan por la suplantación de identidad al usar su cuenta xat. Los timadores están tratando de robar tu correo electrónico, contraseña, xats, days, powers y más que nada, tu identidad.

¿Cómo funciona la Estafa?

Se inicia con una persona tratando de timarte (phishing) haciendo una página web que se parece a la página de login/acceso del sitio web que está intentando utilizar. A continuación, el pisher (timador) aparece de una forma creativa para que usted haga clic en el enlace de su página. Un ejemplo puede ser ofreciendo xats, days, y/o powers gratis, siempre y cuando hagas clic en el link e introduzcas tu correo electrónico y contraseña en los recuadros de textos que se te proveerán. Esto definitivamente es unaalarta roja. Bajo ninguna circunstancia, debes de dar clic en el link, o entrar tu correo y contraseña, independientemente si esto es gratuito. Solo con dar clic en el link en si, el timador puede obtener tu dirección IP.

IMPORTANTE: Si llegas a una página que te pregunte por la contraseña que esta asociada a tu dirección de E-mail (no tu cuenta de xat), es un website de pishing. xat NUNCA te pedirá esta información bajo ninguna circunstancia. De paso, NO uses la misma contraseña para ningún otro correo electrónico que tengas u otras cuentas que tengas, aunque no tengan que ver con xat. Sólo estarías incrementando la posibilidad de que todo este comprometido.

Besides creating a duplicate page, there is also another way that criminals are doing to steal personally identifiable information from users. What they're doing is either asking users for their flash shared object file or asking users to download a third party program on their computer called ".sol Editor" and want users to provide them the "Value" that's located above the category "Number." Under any circumstances, do NOT provide them the value that's associated with your account. Giving them the value is just like giving them the password and you will end up being phished.

¿Cómo puedo protegerme?

In order to prevent yourself from getting phished by a criminal, we highly recommend you follow these precautionary steps:

Step #01: When you're logging into your account, ALWAYS make sure you're on xat's registered user account management page. You can find out if you're on the correct page by looking at the URL bar, which is located at the top-left corner of your web browser. If the link shows http://xat.com/web_gear/chat/register.php, you're on the correct page. If it shows anything other than the link provided, do NOT enter your e-mail address or registered username and password on that page. Leave the page immediately and report the phishing website by submitting a ticket under the category "Report Phishing Site." You do not need to be a paid user to submit a ticket under this category.

Step #02: When you're logging into your account, you have the option of either entering the e-mail address that's associated with your account or your registered username. When it comes to entering your password, ALWAYS make sure it's the password that's associated with your account and not your e-mail address. xat will NEVER ask you for the password that's associated with your e-mail address under any circumstances. In order to ensure your account is fully protected, use a password that isn't the same password as your e-mail address. Also, make sure your password is alphanumeric, which consists of both letters and numbers (but not symbols) and make it so it's easy for you to figure out, but hard for a criminal to figure out. As long as it contains at least 10 characters (or more), you'll be all set. Don't make your password too long or you might forget it. We highly recommend you avoid using patterns or words in your password and always change your password on a monthly basis. It's better to be safe than sorry.

Step #03: When it comes to fully protecting your account, we highly recommend you enable the following features: account protection, account locking and account authentication. For more information regarding account protection, click here. For more information regarding account locking, click here. For more information regarding account authentication, click here.

¿Qué debo hacer si creo que he sido timado?

If you suspect that an unauthorized user may have compromised your account, do NOT panic. It will only make the situation much worse than it needs to be. The first thing you need to do is change the password to not only your account, but your e-mail address as well, for extra security measures. Also, if you remember the link of the phishing website you were on, report the phishing website as soon as possible by submitting a ticket under the category "Report Phishing Site" and provide as much sufficient information as you can, such as the date and time of when you went on the phishing website and the date and time of when you got phished. The sooner you report the phishing website, the quicker it will take to have the phishing website shut down. Under any circumstances, you should NEVER log into another user's account, even if you've been granted permission to. You will be in direct violation of xat's terms of service. Failure to comply with xat's terms of service will result in your account being torched and/or deleted.