Phishing

From xat wiki
Revision as of 13:21, 1 November 2015 by FuzzyBot (talk | contribs) (Updating to match new version of source page)

Ați auzit vreodată de cineva care a pierdut xats lor,sau au contul lor preluat?Este, probabil, sa fi fost "phished".

Ce este phishing?

Phishing is a trick used by criminals to steal personally identifiable information, such as your e-mail address and password for example. It is not a security flaw and you are not getting hacked. As long as you know what to look for, you can prevent yourself from being phished. You've probably been warned before by your online bank about phishing websites, but most users don't think or worry about being phished when using their "xat" account. On xat, there are criminals who want to steal your e-mail address, password, xats, days, powers and most of all, your identity.

Cum funcționează escrocheria?

A criminal will start off by creating a page that looks exactly the same as xat's registered user account management page. Then, the criminal will create a link (which will redirect to the page) and come up with a convincing way to lure a user into clicking on the link. An example might be offering xats, days and/or powers for free, as long as you click on the link and enter your e-mail address and password into the text box provided. That is definitely a red flag. Under any circumstances, you should NEVER click on the link, nor should you enter your e-mail address and password, regardless of whether it's free. Just by clicking on the link itself, the criminal may already have your IP address.

NOTE: If you come across a page that asks you for the password that's associated with your e-mail address (not your account), it's a phishing website. xat will NEVER ask you for that under any circumstances. Also, do NOT use the same password for any other e-mail addresses or accounts you may have, even if it has nothing to do with xat. You're only increasing your chances of everything else getting compromised.

Besides creating a duplicate page, there is also another way that criminals are doing to steal personally identifiable information from users. What they're doing is either asking users for their flash shared object file or asking users to download a third party program on their computer called ".sol Editor" and want users to provide them the "Value" that's located above the category "Number." Under any circumstances, do NOT provide them the value that's associated with your account. Giving them the value is just like giving them the password and you will end up being phished.

Cum pot să mă protejez?

To make sure you don't get phished, you have to understand exactly how it works. When you click on a link in a chat box it may show the image below as a header to warn you not to enter your xat password on this new website.

File:Phish.png

Please do not always rely on this warning showing, as the linkvalidator system is not perfect. We place every effort into making the system as effective as it can be.

Asiguraţi-vă că introduceţi numele de utilizator şi parola doar pe xat.com

Există doar o singură soluţie e a ştii dacă sunteţi pe pagina reală de logare. Aceasta este uitându-vă la adresa de căutare a browser-ului dumneavoastră, locul unde vedeţi sau scrieţi URL-ul website-ului pe care doriţi să îl vizitaţi. Uitându-vă acolo, veţi ştii pe ce website vă aflaţi la momentul respectiv. Pentru xat, singura pagină pe care ar trebui să vă logaţi este "xat.com" sau "m.xat.com". Poate credeţi că ştiţi cum arată pagina de logare xat şi că nimeni nu v-ar putea păcăli să vă scrieţi informaţiile pe o pagină falsă, dar este foarte uşor să fiţi păcălit. Este de asemenea foarte uşor pentru oricine să facă o copie identică a paginii de logare xat sau a paginii de logare a altor website-uri pe care dumneavoastră le folosiţi.

Your email password is only to log in to your email

xat will never ask you for your email password. Only use your email password to log in to your email. If a login page asks you for your email password it is not a xat page, it is a phishing page.

Turn on account locking

Account locking will increase the security of your account. See AccountLocking for details. Note that this is not a substitute being cautious to avoiding being phished (see above).

Use different passwords for different accounts

You should NEVER use the same password on your email account or xat account as you use for your login to ANY other site. If someone managed to phish your password on their site, they would have control of your email as well. Often this means they can access all your accounts on every site you use and it's more difficult to regain control of them again. If your email password is used on other sites, including xat.com, you should change it right away. If your email account has been phished you should contact your email provider for assistance.

Utilizaţi parole complexe

Pentru a crea o parolă complexă care nu poate fi ghicită cu uşurinţă, combinaţi litere şi numere într-o parolă lungă de cel puţin 8 caractere, deşi 14 caractere este ideal. Evitaţi să va folosiţi numele, numele de utilizator, ziua de naştere, caractere repetate şi cuvinte uzuale în parola dumneavoastră.

Giving personal information

Don't share your password with anybody else, regardless of how much you trust them. They could take over your account, or they could fall for a phishing scam using your account information. Also, do not give your register link to someone else (link looks like http://xat.com/web_gear/chat/register.php?UserId=123456&k2=123456). Do not share anything odd with another user including cookies or web page source. If a user asks you for data from your PC they are almost certainly trying to steal your account.

Schimbaţi-va parola în mod regulat

Este recomandat să va schimbaţi parola în mod regulat, cel puţin o dată pe lună.

Ce pot să fac dacă am fost înşelat (phished)?

If you think your account has been phished, immediately change your password for your xat account, and your password for your email account. Use the forgotten password feature on xat if you can't login. Changing your passwords will keep out the phisher. For other problems please contact us by ticket at http://xat.com/ticket with "xat I may have been phished" as the subject of the message.


Logging into other users' accounts

Under no circumstances should you ever log in to someone else's account. This is a direct violation of xat.com's terms of service and discovery of this may lead to your own accounts being deleted. If another user needs help they should open a ticket.

Cum pot să raportez site-urile suspecte de phishing?

Go to http://xat.com/ticket and report the site to the "Report Phishing Site" department and xat will take appropriate action.

Think you're a pro on avoiding being phished?

If you think that you're now educated on phishing, why not prove it? To test your knowledge, take the xat Phishing Quiz now.