Phishing/sr-el: Difference between revisions

From xat wiki
(Updating to match new version of source page)
(Updating to match new version of source page)
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{shortcut}}<languages/>
{{shortcut}}<languages/>{{toc}}
<div style="float:right; margin: 15px 0 0 15px">__TOC__</div>
Da li ste ikada bili u situaciji kada se ulogujete na vaš nalog i vidite da vam xats, dani ili powersi nedostaju? Da li sumnjate da neovlašćeni korisnici imaju pristup vašem nalogu? Možda ste žrtva nečega što zovemo "phishing."
Da li ste ikada bili u situaciji kada se ulogujete na vaš nalog i vidite da vam xats, dani ili powersi nedostaju? Da li sumnjate da neovlašćeni korisnici imaju pristup vašem nalogu? Možda ste žrtva nečega što zovemo "phishing."
<span id="whatphishing"></span>
==Šta je pecanje?==


==Šta je pecanje?==
<span id="whatphishing"></span>
Pecanje je trik korišćen od strane kriminalaca koji žele da ukradu vaše informacije, kao što su e-mail adresa i šifra. Ako ne bi postojala pukotina u bezbednosti, ne biste bili hakovani. Sve dok znate šta tražite, možete biti spašeni od pecanja. Verovatno ste bili upozoreni pre od vaše online praznine o takvim sajtovima, ali većina korisnika ne misli ili ne brine o tome dok koriste njihov xat nalog. Na xatu, postoje kriminalci koji žele da ukradu vašu e-mail adresu, šifru, xats, dane, powerse ili sve, vaš identitet.
Pecanje je trik korišćen od strane kriminalaca koji žele da ukradu vaše informacije, kao što su e-mail adresa i šifra. Ako ne bi postojala pukotina u bezbednosti, ne biste bili hakovani. Sve dok znate šta tražite, možete biti spašeni od pecanja. Verovatno ste bili upozoreni pre od vaše online praznine o takvim sajtovima, ali većina korisnika ne misli ili ne brine o tome dok koriste njihov xat nalog. Na xatu, postoje kriminalci koji žele da ukradu vašu e-mail adresu, šifru, xats, dane, powerse ili sve, vaš identitet.
<span id="howphishing"></span>
<div class="mw-translate-fuzzy">
==Kako prevara funkcioniše?==
</div>


==How does phishing work?==
<span id="howphishing"></span>
A criminal may create a page that looks exactly the same as xat's registered user account management page. Then, the criminal will create a link (which will redirect to the page) and come up with a convincing way to lure a user into clicking on the link. An example might be offering xats, days and/or powers for free, as long as you click on the link and enter your e-mail address and password into the text box provided. That is definitely a {{Color|#FF0000|'''red flag'''}}. Under NO circumstances should you ever click on the link, nor should you enter your e-mail address and password, regardless of whether or not you think it is free. Just by clicking on the link itself, the criminal may already have your IP address.
A criminal may create a page that looks exactly the same as xat's registered user account management page. Then, the criminal will create a link (which will redirect to the page) and come up with a convincing way to lure a user into clicking on the link. An example might be offering xats, days and/or powers for free, as long as you click on the link and enter your e-mail address and password into the text box provided. That is definitely a {{Color|#FF0000|'''red flag'''}}. Under NO circumstances should you ever click on the link, nor should you enter your e-mail address and password, regardless of whether or not you think it is free. Just by clicking on the link itself, the criminal may already have your IP address.


Line 14: Line 15:


Besides creating a duplicate page, there is also another way that criminals are using to steal personally identifiable information from users. What they're doing is either asking users for their flash shared object file, or asking users to download a third party program on their computer called ".sol Editor" and wanting users to provide them the "Value" that's located above the category "Number." Under NO circumstances should you provide them the value that's associated with your account. Giving them the value is just like giving them the password and you will end up being phished.
Besides creating a duplicate page, there is also another way that criminals are using to steal personally identifiable information from users. What they're doing is either asking users for their flash shared object file, or asking users to download a third party program on their computer called ".sol Editor" and wanting users to provide them the "Value" that's located above the category "Number." Under NO circumstances should you provide them the value that's associated with your account. Giving them the value is just like giving them the password and you will end up being phished.
<span id="howprotect"></span>
==How can I protect myself?==


==How can I protect myself?==
<span id="howprotect"></span>
In order to prevent yourself from getting phished by a criminal, we highly recommend you follow these precautionary steps:
In order to prevent yourself from getting phished by a criminal, we highly recommend you follow these precautionary steps:


'''Step 1:''' When you are logging into your account, ALWAYS make sure that you are on xat's registered user account management [https://xat.com/web_gear/chat/register.php page]. You can find out if you are on the correct page by looking at the URL bar, which is located at the top-left corner of your web browser. If the link shows '''https://xat.com/web_gear/chat/register.php''', you are on the correct page. If it shows anything other than the link provided, do NOT enter your e-mail address, username or password on that page. Leave the page immediately, and report the phishing website by submitting a [https://util.xat.com/support/open.php ticket] under the category "Report Phishing Site." You do not need to be a paid user to submit a ticket in this department.
'''Step 1:''' When you are logging into your account, ALWAYS make sure that you are on xat's account [https://xat.com/login panel]. You can find out if you are on the correct page by looking at the URL bar, which is located at the top-left corner of your web browser. If the link shows '''https://xat.com/login''', you are on the correct page. If it shows anything other than the link provided, do NOT enter your e-mail address, username or password on that page. Leave the page immediately, and report the phishing website by submitting a [https://util.xat.com/support/open.php ticket] under the category "Report Phishing Site". You do not need to be a paid user to submit a ticket in this department.


'''Step 2:''' When you are logging into your account, you have the option of either entering the e-mail address that is associated with your account, or your registered username. When it comes to entering your password, ALWAYS make sure it is the password that is associated with your account, and not your e-mail address. xat will NEVER ask you for the password that is associated with your e-mail address under any circumstances. In order to ensure your account is fully protected, use a password that is not the same password as your e-mail address. Also, make sure your password is alphanumeric, which consists of both letters and numbers (but not symbols). Make sure that your password is not easily guessable. As  long as it contains at least 10 characters (or more), you will be fine. Do not make your password too long or you might forget it. We highly recommend you avoid using patterns or words in your password, and to always change your password on a monthly basis. It's better to be safe than sorry.
'''Step 2:''' When you are logging into your account, you have the option of either entering the e-mail address that is associated with your account, or your registered username. When it comes to entering your password, ALWAYS make sure it is the password that is associated with your account, and not your e-mail address. xat will NEVER ask you for the password that is associated with your e-mail address under any circumstances. In order to ensure your account is fully protected, use a password that is not the same password as your e-mail address. Also, make sure your password is alphanumeric, which consists of both letters and numbers (but not symbols). Make sure that your password is not easily guessable. As  long as it contains at least 10 characters (or more), you will be fine. Do not make your password too long or you might forget it. We highly recommend you avoid using patterns or words in your password, and to always change your password on a monthly basis. It's better to be safe than sorry.


'''Step 3:''' When it comes to fully protecting your account, we highly recommend that you enable xat's account security features: [[Special:MyLanguage/Account protection|Account Protection]], [[Special:MyLanguage/Account_Protection#Account_Locking|Account Locking]] and [[Special:MyLanguage/Authentication|Account Authentication]]. For more information on any of these account security features, click the respective links.
'''Step 3:''' When it comes to fully protecting your account, we highly recommend enabling [[Special:MyLanguage/Account protection|Account Protection]]. There are three levels of protection, and the higher the number, the stronger/stricter your protection is. For more information on each of these levels, click [[Special:MyLanguage/Account protection|here]].
 
'''Step 4:''' Depending on your Account Protection setting, you will be required to log into xat through a security check email. Make sure the sender of this email is '''[email protected]''' and not a criminal pretending to be xat. Criminals may try to deceive users by recreating xat's email address with closely resembling characters. If the email address is different, please report this as a phishing email. Even if the email address is an exact match, however, this is still no guarantee the email is legitimate, and you should take caution at all times. Consider whether you were expecting the email or if it was sent to you unexpectedly. Also, it is crucial to increase the security of the email address associated with your account, to prevent unauthorized users from gaining access. If you lose access to your email address, e.g. because it was compromised, you will lose access to your account. To learn more about keeping your account and email address secure, click [[Special:MyLanguage/External_security|here]].
<span id="spotphishing"></span>
==Tips for spotting a phishing e-mail==
 
Always check the 'from' e-mail address of the email you received and check the characters aren't suspicious. Even e-mail addresses can sometimes be spoofed.
 
Phishers will often attempt to make the e-mail look as legitimate as possible by including a logo or professional name such as "Account Support" or "Security Help."


Hover over links in an e-mail before deciding to click on them. The link could direct you to a suspicious address completely unrelated to the text in the link. Never open or download anything unless you are certain they come from a safe source.
<span id="helpphished"></span>
==What do I do if I think I've been phished?==
==What do I do if I think I've been phished?==
<span id="helpphished"></span>
 
If you suspect that an unauthorized user may have compromised your account, do NOT panic. It will only make the situation much worse than it needs to be. The first thing you need to do is change the password to not only your account, but your e-mail address as well, for extra security measures. Also, if you remember the link of the phishing website you were on, report the phishing website as soon as possible by submitting a [https://util.xat.com/support/open.php ticket] under the category "Report Phishing Site" and provide as much sufficient proof about the occurrence as you can, such as the date and time of when you went on the phishing website and the date and time of when you got phished. The sooner you report the phishing website, the faster the phishing website will be shut down.  
If you suspect that an unauthorized user may have compromised your account, do NOT panic. It will only make the situation much worse than it needs to be. The first thing you need to do is change the password to not only your account, but your e-mail address as well, for extra security measures. Also, if you remember the link of the phishing website you were on, report the phishing website as soon as possible by submitting a [https://util.xat.com/support/open.php ticket] under the category "Report Phishing Site" and provide as much sufficient proof about the occurrence as you can, such as the date and time of when you went on the phishing website and the date and time of when you got phished. The sooner you report the phishing website, the faster the phishing website will be shut down.  



Latest revision as of 04:32, 24 August 2022

Da li ste ikada bili u situaciji kada se ulogujete na vaš nalog i vidite da vam xats, dani ili powersi nedostaju? Da li sumnjate da neovlašćeni korisnici imaju pristup vašem nalogu? Možda ste žrtva nečega što zovemo "phishing."

Šta je pecanje?

Pecanje je trik korišćen od strane kriminalaca koji žele da ukradu vaše informacije, kao što su e-mail adresa i šifra. Ako ne bi postojala pukotina u bezbednosti, ne biste bili hakovani. Sve dok znate šta tražite, možete biti spašeni od pecanja. Verovatno ste bili upozoreni pre od vaše online praznine o takvim sajtovima, ali većina korisnika ne misli ili ne brine o tome dok koriste njihov xat nalog. Na xatu, postoje kriminalci koji žele da ukradu vašu e-mail adresu, šifru, xats, dane, powerse ili sve, vaš identitet.

Kako prevara funkcioniše?

A criminal may create a page that looks exactly the same as xat's registered user account management page. Then, the criminal will create a link (which will redirect to the page) and come up with a convincing way to lure a user into clicking on the link. An example might be offering xats, days and/or powers for free, as long as you click on the link and enter your e-mail address and password into the text box provided. That is definitely a red flag. Under NO circumstances should you ever click on the link, nor should you enter your e-mail address and password, regardless of whether or not you think it is free. Just by clicking on the link itself, the criminal may already have your IP address.

NOTE: If you come across a page that asks you for the password that's associated with your e-mail address (not your account), it's a phishing website. xat will NEVER ask you for that under any circumstances. Also, do NOT use the same password for any other e-mail addresses or accounts you may have, even if it has nothing to do with xat. You're only increasing your chances of other accounts you have getting compromised.

Besides creating a duplicate page, there is also another way that criminals are using to steal personally identifiable information from users. What they're doing is either asking users for their flash shared object file, or asking users to download a third party program on their computer called ".sol Editor" and wanting users to provide them the "Value" that's located above the category "Number." Under NO circumstances should you provide them the value that's associated with your account. Giving them the value is just like giving them the password and you will end up being phished.

How can I protect myself?

In order to prevent yourself from getting phished by a criminal, we highly recommend you follow these precautionary steps:

Step 1: When you are logging into your account, ALWAYS make sure that you are on xat's account panel. You can find out if you are on the correct page by looking at the URL bar, which is located at the top-left corner of your web browser. If the link shows https://xat.com/login, you are on the correct page. If it shows anything other than the link provided, do NOT enter your e-mail address, username or password on that page. Leave the page immediately, and report the phishing website by submitting a ticket under the category "Report Phishing Site". You do not need to be a paid user to submit a ticket in this department.

Step 2: When you are logging into your account, you have the option of either entering the e-mail address that is associated with your account, or your registered username. When it comes to entering your password, ALWAYS make sure it is the password that is associated with your account, and not your e-mail address. xat will NEVER ask you for the password that is associated with your e-mail address under any circumstances. In order to ensure your account is fully protected, use a password that is not the same password as your e-mail address. Also, make sure your password is alphanumeric, which consists of both letters and numbers (but not symbols). Make sure that your password is not easily guessable. As long as it contains at least 10 characters (or more), you will be fine. Do not make your password too long or you might forget it. We highly recommend you avoid using patterns or words in your password, and to always change your password on a monthly basis. It's better to be safe than sorry.

Step 3: When it comes to fully protecting your account, we highly recommend enabling Account Protection. There are three levels of protection, and the higher the number, the stronger/stricter your protection is. For more information on each of these levels, click here.

Step 4: Depending on your Account Protection setting, you will be required to log into xat through a security check email. Make sure the sender of this email is [email protected] and not a criminal pretending to be xat. Criminals may try to deceive users by recreating xat's email address with closely resembling characters. If the email address is different, please report this as a phishing email. Even if the email address is an exact match, however, this is still no guarantee the email is legitimate, and you should take caution at all times. Consider whether you were expecting the email or if it was sent to you unexpectedly. Also, it is crucial to increase the security of the email address associated with your account, to prevent unauthorized users from gaining access. If you lose access to your email address, e.g. because it was compromised, you will lose access to your account. To learn more about keeping your account and email address secure, click here.

Tips for spotting a phishing e-mail

Always check the 'from' e-mail address of the email you received and check the characters aren't suspicious. Even e-mail addresses can sometimes be spoofed.

Phishers will often attempt to make the e-mail look as legitimate as possible by including a logo or professional name such as "Account Support" or "Security Help."

Hover over links in an e-mail before deciding to click on them. The link could direct you to a suspicious address completely unrelated to the text in the link. Never open or download anything unless you are certain they come from a safe source.

What do I do if I think I've been phished?

If you suspect that an unauthorized user may have compromised your account, do NOT panic. It will only make the situation much worse than it needs to be. The first thing you need to do is change the password to not only your account, but your e-mail address as well, for extra security measures. Also, if you remember the link of the phishing website you were on, report the phishing website as soon as possible by submitting a ticket under the category "Report Phishing Site" and provide as much sufficient proof about the occurrence as you can, such as the date and time of when you went on the phishing website and the date and time of when you got phished. The sooner you report the phishing website, the faster the phishing website will be shut down.

Under NO circumstances should you EVER log into another user's account, even if you've been granted permission to. You will be in direct violation of xat's Terms of Service. Failure to comply with xat's terms of service will result in your account being torched and/or deleted.