Phishing/fr: Difference between revisions

From xat wiki
(Updating to match new version of source page)
(Updating to match new version of source page)
Line 1: Line 1:
{{shortcut}}<languages/>
{{shortcut}}<languages/>
<div style="float:right; margin: 15px 0 0 15px">__TOC__</div>
<div style="float:right; margin: 15px 0 0 15px">__TOC__</div>
Avez-vous déjà entendu de personnes ayant perdu leurs xats, ou s'étant fait volé leur compte? Ces gens là ont probablement été victime d'Hameçonnage.
Have you ever been in a situation where you log into your account, only to find out that some of your xats, days and/or powers are missing? Do you suspect that an unauthorized user may have attempted to compromise your account and succeeded? You might be a victim of what we call "phishing."


===Qu'est ce que l'Hameçonnage?===
===Qu'est ce que l'Hameçonnage?===


L'hameçonnage est une technique utilisée par les pirates du web pour vous voler votre email et vote mot de passe. Ce n'est toutefois pas une faille de sécurité, and vous ne vous faites pas "hacker" à proprement parlé. Il est possible de se prévenir contre ce risque si vous savez quoi faire en cas de danger. Vous avez probablement déjà été averti par votre banque en ligne à propos des sites de hameçonnage mais la plupart des gens n'y pensent pas lorsqu'ils utilisent leur compte xat. Sur xat, les hameçonneurs tentent de voler vos xats, vos days, vos pouvoirs, voire même votre identité et votre compte mail.
Phishing is a trick used by criminals to steal personally identifiable information, such as your e-mail address and password for example. It is not a security flaw and you are not getting hacked. As long as you know what to look for, you can prevent yourself from being phished. You've probably been warned before by your online bank about phishing websites, but most users don't think or worry about being phished when using their "xat" account. On xat, there are criminals who want to steal your e-mail address, password, xats, days, powers and most of all, your identity.


===Comment l'arnaque se passe-t-elle?===
===Comment l'arnaque se passe-t-elle?===
Line 11: Line 11:
A criminal will start off by creating a page that looks exactly the same as xat's registered user account management page. Then, the criminal will create a link (which will redirect to the page) and come up with a convincing way to lure a user into clicking on the link. An example might be offering xats, days and/or powers for free, as long as you click on the link and enter your e-mail address and password into the text box provided. That is definitely a {{Color|#FF0000|'''red flag'''}}. Under any circumstances, you should NEVER click on the link, nor should you enter your e-mail address and password, regardless of whether it's free. Just by clicking on the link itself, the criminal may already have your IP address.
A criminal will start off by creating a page that looks exactly the same as xat's registered user account management page. Then, the criminal will create a link (which will redirect to the page) and come up with a convincing way to lure a user into clicking on the link. An example might be offering xats, days and/or powers for free, as long as you click on the link and enter your e-mail address and password into the text box provided. That is definitely a {{Color|#FF0000|'''red flag'''}}. Under any circumstances, you should NEVER click on the link, nor should you enter your e-mail address and password, regardless of whether it's free. Just by clicking on the link itself, the criminal may already have your IP address.


IMPORTANT: Si une page vous demande le mot de passe de votre email; C'EST UNE PAGE D’HAMEÇONNAGE. xat ne vous demandera JAMAIS le mot de passe de votre email.
'''NOTE:''' If you come across a page that asks you for the password that's associated with your e-mail address (not your account), it's a phishing website. xat will NEVER ask you for that under any circumstances. Also, do NOT use the same password for any other e-mail addresses or accounts you may have, even if it has nothing to do with xat. You're only increasing your chances of everything else getting compromised.


Certains arnaqueurs vous demanderont de leur donner un fichier .sol provenant de votre ordinateur ou de télécharger un éditeur sol puis de leur donner les différents nombres, et cela en vous promettant que vous pourrez être propriétaire d'un chat, ou être inbannissable. Ces nombres sont vos codes de passe et ils doivent restés secret. Un arnaqueur muni de ces nombres peut vous hameçonner. Nous vous conseillons donc de ne JAMAIS donner des fichiers secrets ou vos mots de passe à n'importe qui d'autre que vous même.
Besides creating a duplicate page, there is also another way that criminals are doing to steal personally identifiable information from users. What they're doing is either asking users for their flash shared object file or asking users to download a third party program on their computer called ".sol Editor" and want users to provide them the "Value" that's located above the category "Number." Under any circumstances, do NOT provide them the value that's associated with your account. Giving them the value is just like giving them the password and you will end up being phished.


===Comment puis-je me protéger?===
===Comment puis-je me protéger?===


Pour être sûr que vous ne vous êtes pas fait hameçonné, vous devez comprendre parfaitement comment ça marche. Quand vous cliquez sur un lien sur un chat, vous verrez surement la page ci-dessous en haut de page du site donné et cela pour vous prévenir de ne pas donner votre mot de passe de xat sur ce site.
In order to prevent yourself from getting phished by a criminal, we highly recommend you follow these precautionary steps:


[[Image:Phish.png]]
'''Step #01:''' When you're logging into your account, ALWAYS make sure you're on xat's registered user account management [http://xat.com/web_gear/chat/register.php page]. You can find out if you're on the correct page by looking at the URL bar, which is located at the top-left corner of your web browser. If the link shows '''http://xat.com/web_gear/chat/register.php''', you're on the correct page. If it shows anything other than the link provided, do NOT enter your e-mail address or registered username and password on that page. Leave the page immediately and report the phishing website by submitting a [http://util.xat.com/support/open.php ticket] under the category "Report Phishing Site." You do not need to be a paid user to submit a ticket under this category.


Ne comptez toutefois pas sur cet avertissement, car l'image peut ne pas apparaître. Nous faisons tous les jours tous nos efforts pour rendre ce système le plus efficace possible.  
'''Step #02:''' When you're logging into your account, you have the option of either entering the e-mail address that's associated with your account or your registered username. When it comes to entering your password, ALWAYS make sure it's the password that's associated with your account and not your e-mail address. xat will NEVER ask you for the password that's associated with your e-mail address under any circumstances. In order to ensure your account is fully protected, use a password that isn't the same password as your e-mail address. Also, make sure your password is alphanumeric, which consists of both letters and numbers (but not symbols) and make it so it's easy for you to figure out, but hard for a criminal to figure out. As long as it contains at least 10 characters (or more), you'll be all set. Don't make your password too long or you might forget it. We highly recommend you avoid using patterns or words in your password and always change your password on a monthly basis. It's better to be safe than sorry.


====Assurez vous d'Entrer Uniquement votre nom d'utilisateur et vote mot de passe sur xat.com====
'''Step #03:''' When it comes to fully protecting your account, we highly recommend you enable the following features: account protection, account locking and account authentication. For more information regarding account protection, click [http://util.xat.com/wiki/index.php?title=Account_Protection#xat_Account_Protection here]. For more information regarding account locking, click [http://util.xat.com/wiki/index.php?title=Account_Protection#Account_Locking here]. For more information regarding account authentication, click [http://util.xat.com/wiki/index.php?title=Authentication here].
Il n'existe qu'un seul bon moyen de savoir si vous êtes sur la véritable page de connexion de xat. Et c'est simplement de regarder le barre d'adresse url de votre navigateur, l'endroit où vous tapez l'adresse URL du site que vous voulez visiter. En regardant ici, vous saurez sur quel site vous êtes en ce moment. Pour xat, les seules pages sur lesquelles vous pouvez vous connecter sont "xat.com" et "m.xat.com". Vous pensez par moment que vous savez exactement à quoi la page de connexion de xat ressemble et que personne ne peut vous piéger en vous faisant taper vos identifiants dans une fausse page, mais c'est très facile de tomber dans ce genre de piège! Tout comme c'est facile pour n'importe qui de copier la page de connexion de xat, ou la page de connexion de n'importe quel site que vous utilisez.
 
====Le mot de passe de votre email sert uniquement à vous connecter à votre email====
xat ne demandera jamais le mot de passe de votre email. Utilisez le mot de passe de votre email uniquement pour vous connecter à votre email. Si une page de connection vous demander le mot de passe de votre email, ce n'est pas une page xat, c'est une page de hameçonnage.
 
====Activer le verrouillage du compte====
Voir la page [[AccountLocinkg]] pour plus de détails. Notez que ce n'est pas un substitue pour ne pas être hameçonné (regardez l'article).
 
====Utilisez des mots de passe Différents pour des Comptes différents====
Vous devriez ne JAMAIS utiliser le même mot de passe que celui de votre email ou que de votre compte xat pour vous connecter à N'IMPORTE QUEL autre site. Si quelqu'un arrive à hameçonner votre mot de passe sur votre site, il pourra également avoir le contrôle de votre email. Ce qui signifie bien souvent qu'ils pourront accéder à tous vos comptes sur chaque site que vous utilisez et c'est difficile de regagner le contrôle de ces comptes. Si le mot de passe de votre email est utilisé pour d'autres sites, incluant xat.com, nous vous conseillons de la changer sur le champ. Si votre email a été hameçonné, veuillez contacter votre service mail pour obtenir de l'aide.
 
====Utilisez des mots de passe compliqués====
Pour faire un mot de passe fort qui ne peut pas être trouvé facilement, combinez des lettres, des chiffres, et des symboles dans un interminable mot de passe d'au moins 8 caractères, en sachant que 14 est l'idéal. Évitez d'utiliser votre nom, votre nom d'utilisateur, votre date de naissance, des caractères répétés et des noms communs dans votre mot de passe.
 
====Donner des informations personnelles====
Ne donnez à personne votre mot de passe, même si vous lui faites 100% confiance, ils peuvent voler votre compte ou faire un site de hameçonnage en utilisant les identifiants de votre compte. Assurez-vous également de ne pas donner votre lien d'enregistrement à personne (
liens ressemblant à cela http://xat.com/web_gear/chat/register.php?UserId=123456&k2=123456 ). Ne partagez rien de particulier avec personne, ce qui inclue les cookies ou les codes sources des pages internet. Si un utilisateur vous demande de lui donner la date de votre ordinateur, il est certainement en train d'essayer de voler votre compte.
 
====Changez de mot de passe régulièrement====
Il est recommandé de le faire au moins une fois par mois.


===Que faire si je pense avoir été victime d'hameçonnage?===
===Que faire si je pense avoir été victime d'hameçonnage?===


Si vous pensez que votre compte a été hameçonné, changez les mots de passe de votre compte xat et de votre email. Utilisez la fonction Mot de passe oublié de xat si vous ne pouvez pas vous connecter. Cela bloque l'arnaqueur, aussi simplement que cela. Pour d'autres problèmes, veuillez nous contacter en utilisant le système de ticket sur http://xat.com/ticket avec "xat I may have been phished" comme sujet du message.
If you suspect that an unauthorized user may have compromised your account, do NOT panic. It will only make the situation much worse than it needs to be. The first thing you need to do is change the password to not only your account, but your e-mail address as well, for extra security measures. Also, if you remember the link of the phishing website you were on, report the phishing website as soon as possible by submitting a [http://util.xat.com/support/open.php ticket] under the category "Report Phishing Site" and provide as much sufficient information as you can, such as the date and time of when you went on the phishing website and the date and time of when you got phished. The sooner you report the phishing website, the quicker it will take to have the phishing website shut down. Under any circumstances, you should NEVER log into another user's account, even if you've been granted permission to. You will be in direct violation of xat's terms of service. Failure to comply with xat's terms of service will result in your account being torched and/or deleted.
 
 
== Se connecter sur le compte d'une autre personne ==
 
Vous ne devez vous AUCUNE circonstances vous connecter sur le compte de quelqu'un d'autre. C'est une violation direct des CGU de xat qui peut se conclure par une suppression pure et simple de votre propre compte. Si quelqu'un a besoin d'aide sur son compte, il doit ouvrir un ticket.
 
===Comment puis-je signaler des sites suspects d'Hameçonnage?===
 
Rendez-vous sur http://xat.com/ticket et signalez le site au département "Report Phishing Site", xat prendra les mesures nécessaires.
 
===Vous pensez être devenu un pro dans l'art d'éviter l'hameçonnage?===
 
Si vous pensez que vous êtes maintenant averti à propos de l'hameçonnage, pourquoi ne pas le prouver? Pour tester vos connaissances, faites ce [http://util.xat.com/quiz/ Quiz] maintenant.




[[Category:Security]]
[[Category:Security]]

Revision as of 22:36, 29 November 2015

Have you ever been in a situation where you log into your account, only to find out that some of your xats, days and/or powers are missing? Do you suspect that an unauthorized user may have attempted to compromise your account and succeeded? You might be a victim of what we call "phishing."

Qu'est ce que l'Hameçonnage?

Phishing is a trick used by criminals to steal personally identifiable information, such as your e-mail address and password for example. It is not a security flaw and you are not getting hacked. As long as you know what to look for, you can prevent yourself from being phished. You've probably been warned before by your online bank about phishing websites, but most users don't think or worry about being phished when using their "xat" account. On xat, there are criminals who want to steal your e-mail address, password, xats, days, powers and most of all, your identity.

Comment l'arnaque se passe-t-elle?

A criminal will start off by creating a page that looks exactly the same as xat's registered user account management page. Then, the criminal will create a link (which will redirect to the page) and come up with a convincing way to lure a user into clicking on the link. An example might be offering xats, days and/or powers for free, as long as you click on the link and enter your e-mail address and password into the text box provided. That is definitely a red flag. Under any circumstances, you should NEVER click on the link, nor should you enter your e-mail address and password, regardless of whether it's free. Just by clicking on the link itself, the criminal may already have your IP address.

NOTE: If you come across a page that asks you for the password that's associated with your e-mail address (not your account), it's a phishing website. xat will NEVER ask you for that under any circumstances. Also, do NOT use the same password for any other e-mail addresses or accounts you may have, even if it has nothing to do with xat. You're only increasing your chances of everything else getting compromised.

Besides creating a duplicate page, there is also another way that criminals are doing to steal personally identifiable information from users. What they're doing is either asking users for their flash shared object file or asking users to download a third party program on their computer called ".sol Editor" and want users to provide them the "Value" that's located above the category "Number." Under any circumstances, do NOT provide them the value that's associated with your account. Giving them the value is just like giving them the password and you will end up being phished.

Comment puis-je me protéger?

In order to prevent yourself from getting phished by a criminal, we highly recommend you follow these precautionary steps:

Step #01: When you're logging into your account, ALWAYS make sure you're on xat's registered user account management page. You can find out if you're on the correct page by looking at the URL bar, which is located at the top-left corner of your web browser. If the link shows http://xat.com/web_gear/chat/register.php, you're on the correct page. If it shows anything other than the link provided, do NOT enter your e-mail address or registered username and password on that page. Leave the page immediately and report the phishing website by submitting a ticket under the category "Report Phishing Site." You do not need to be a paid user to submit a ticket under this category.

Step #02: When you're logging into your account, you have the option of either entering the e-mail address that's associated with your account or your registered username. When it comes to entering your password, ALWAYS make sure it's the password that's associated with your account and not your e-mail address. xat will NEVER ask you for the password that's associated with your e-mail address under any circumstances. In order to ensure your account is fully protected, use a password that isn't the same password as your e-mail address. Also, make sure your password is alphanumeric, which consists of both letters and numbers (but not symbols) and make it so it's easy for you to figure out, but hard for a criminal to figure out. As long as it contains at least 10 characters (or more), you'll be all set. Don't make your password too long or you might forget it. We highly recommend you avoid using patterns or words in your password and always change your password on a monthly basis. It's better to be safe than sorry.

Step #03: When it comes to fully protecting your account, we highly recommend you enable the following features: account protection, account locking and account authentication. For more information regarding account protection, click here. For more information regarding account locking, click here. For more information regarding account authentication, click here.

Que faire si je pense avoir été victime d'hameçonnage?

If you suspect that an unauthorized user may have compromised your account, do NOT panic. It will only make the situation much worse than it needs to be. The first thing you need to do is change the password to not only your account, but your e-mail address as well, for extra security measures. Also, if you remember the link of the phishing website you were on, report the phishing website as soon as possible by submitting a ticket under the category "Report Phishing Site" and provide as much sufficient information as you can, such as the date and time of when you went on the phishing website and the date and time of when you got phished. The sooner you report the phishing website, the quicker it will take to have the phishing website shut down. Under any circumstances, you should NEVER log into another user's account, even if you've been granted permission to. You will be in direct violation of xat's terms of service. Failure to comply with xat's terms of service will result in your account being torched and/or deleted.