menyu
Iyo Yekupedzisira Nhungamiro Yekunzwisisa Phishing Muna 2023
Saka, chii chiri phishing?
Phishing inzira yesocial engineering inonyengerera vanhu kuti vaburitse mapassword avo kana kukosha ruzivo. Kurwiswa kwePhishing kunogona kunge kuri kwemaemail, mameseji, uye kufona.
Kazhinji, kurwiswa uku kunoita sevhisi dzakakurumbira uye makambani anoonekwa nevanhu zviri nyore.
Kana vashandisi vakadzvanya chinongedzo che phishing mumutumbi weemail, vanotumirwa kune inotaridzika vhezheni yesaiti yavanovimba nayo. Ivo vanokumbirwa magwaro avo ekupinda panguva ino mune phishing scam. Kana vangoisa ruzivo rwavo pawebhusaiti yenhema, anorwisa ane zvaanoda kuti awane yavo chaiyo account.
Kurwiswa kwePhishing kunogona kukonzera kubiwa kweruzivo rwemunhu, ruzivo rwezvemari, kana ruzivo rwehutano. Kana munhu anorwisa achinge awana mukana kune imwe account, vanogona kutengesa mukana weakaundi kana kushandisa ruzivo irworwo kubira mamwe maakaundi emunhu akabatwa.
Kana iyo account yatengeswa, mumwe munhu anoziva kuita purofiti kubva kuaccount anotenga zvitupa zveakaundi kubva kune yakasviba webhu, uye mari pane yakabiwa data.
Heino ratidziro yekukubatsira iwe kunzwisisa matanho mukurwiswa kwe phishing:
Kurwiswa kwePhishing kunouya nenzira dzakasiyana. Phishing inogona kushanda kubva parunhare, meseji, email, kana pasocial media meseji.
Generic phishing emails ndiyo yakajairika mhando yekurwisa phishing. Kurwiswa kwakafanana neizvi kwakajairika nekuti zvinotora kashoma kuedza.
Hackers vanotora runyorwa rweemail kero dzakabatana nePaypal kana social media account uye kutumira a yakawanda email kuputika kune vangango batwa.
Kana munhu akabatwa achidzvanya chinongedzo muemail, zvinowanzovaendesa kune yenhema vhezheni yewebhusaiti inozivikanwa uye inovakumbira kuti vapinde neruzivo rweakaundi yavo. Pavanongoendesa yavo account info, hacker ane zvaanoda kuti awane account yavo.
Mupfungwa yakati, rudzi urwu rwokunyengera kwakafanana nokukanda mambure muchikoro chehove; nepo dzimwe nzira dzekubira dzichinyanya kunangwa.
Spear phishing inguvai anorwisa anonanga munhu chaiye pane kutumira generic email kune boka revanhu.
Kurwiswa kweSpear phishing edza kunyatsogadzirisa chinangwa uye kuzvivanza semunhu angave achiziva.
Kurwiswa uku kuri nyore kune scammer kana uine ruzivo rwemunhu painternet. Anorwisa anokwanisa kutsvagira iwe netiweki yako kugadzira meseji inoenderana uye inogutsa.
Nekuda kwehuwandu hwehuwandu hwemunhu, kurwiswa kwepfumo phishing kwakaoma kuziva kana zvichienzaniswa neanowanzo kurwisa phishing.
Iwowo haana kunyanya kuwanda, nekuti anotora nguva yakawanda kuti matsotsi aabudise zvakanaka.
Mubvunzo: Ndeipi mwero webudiriro yeemail yekunyepa?
Mhinduro: Spearphishing maemail ane avhareji email yakavhurika-chiyero che 70% uye 50% yevanogamuchira tinya chinongedzo muemail.
Kuenzaniswa nekurwiswa nepfumo phishing, whaling kurwisa kwakanyanya kunangwa.
Kurwiswa kwewhaling kunoteera vanhu vari musangano rakadai semukuru mukuru kana mukuru wezvemari wekambani.
Chimwe chezvinangwa zvinowanzoitika pakurwiswa kwewhaling ndechokushandisa munhu anenge abatwa newaya mazakwatira emari kune ari kumurwisa.
Zvakangofanana neakajairika phishing pakuti kurwiswa kuri muchimiro cheemail, whaling inogona kushandisa marogo ekambani nemakero akafanana kuti azvivanze.
Mune zvimwe zviitiko, anorwisa anoteedzera CEO uye shandisa iyo persona kunyengerera mumwe mushandi kuti aburitse data rezvemari kana kuendesa mari kuakaundi yevanorwisa.
Sezvo vashandi vasina mukana wekuramba chikumbiro kubva kune mumwe munhu ari kumusoro, kurwiswa uku kwakanyanyisa.
Varwi vanowanzopedza nguva yakawanda vachigadzira whaling kurwisa nekuti vanowanzobhadhara zvirinani.
Zita rekuti “whaling” rinoreva kuti zvinangwa zvine simba rakawanda rezvemari (CEO's).
Angler phishing ine mwero mhando itsva ye phishing kurwisa uye iripo pasocial media.
Ivo havateedzere iyo yechinyakare email fomati ye phishing kurwisa.
Pane kudaro, vanozviita sevamiriri vevashandi vemakambani emakambani uye vanonyengedza vanhu kuti vavatumire ruzivo kuburikidza nemeseji yakananga.
Chitsotsi chakajairika kutumira vanhu kune yenhema vatengi webhusaiti webhusaiti iyo inodhawunirodha malware kana nemamwe mazwi ransomware pamudziyo wemunhu akabatwa.
Kurwiswa kwevishing ndiko kana scammer inokudana kuedza kuunganidza ruzivo rwemunhu kubva kwauri.
Matsotsi anowanzo kuita kunge bhizinesi rine mukurumbira kana sangano rakaita seMicrosoft, IRS, kana bhangi rako.
Ivo vanoshandisa kutya-maitiro kuti iwe uratidze yakakosha account data.
Izvi zvinovabvumira kuwana zvakananga kana zvisina kunanga maakaundi ako akakosha.
Vishing kurwisa kune hunyengeri.
Varwi vanogona kutevedzera vanhu vaunovimba navo zviri nyore.
Tarisa Hailbytes Muvambi David McHale achitaura nezvekuti marobocall achapera sei nehunyanzvi hweramangwana.
Kurwiswa kwakawanda kwe phishing kunoitika kuburikidza nemaemail, asi kune nzira dzekuziva kuvimbika kwavo.
Paunovhura email tarisa kuti uone kana kwete kubva kune yeruzhinji email domain (kureva. @gmail.com).
Kana ichibva kune yeruzhinji email domain, ingangove kurwisa kwephishing sezvo masangano asingashandise veruzhinji domain.
Asi, madhomeini avo angangove ebhizinesi ravo (kureva. email domain yeGoogle ndeye @google.com).
Nekudaro, kune trickier phishing kurwisa kunoshandisa yakasarudzika domain.
Izvo zvinobatsira kuita nekukurumidza kutsvaga kwekambani uye kutarisa pamutemo wayo.
Kurwiswa kwePhishing nguva dzose kunoedza kushamwaridzana newe nekukwazisa kwakanaka kana tsitsi.
Semuenzaniso, mune yangu spam kwete kare kare ndakawana phishing email nekukwazisa kwe "Anodiwa shamwari".
Ini ndaitoziva kuti iyi yaive email yekunyepedzera semutsetse wenyaya waiti, "GOOD NEWS ABOUT YOUR FUNDS 21/06/2020".
Kuona idzo mhando dzekukwazisa kunofanirwa kuve nekukasira tsvuku mireza kana usati wambopindirana neiyo yekubata.
Zviri mukati meiyo phishing email zvakakosha, uye iwe uchaona zvimwe zvinosiyana zvinoumba zvakanyanya.
Kana zviri mukati zvichinzwika zvisina musoro, saka kazhinji itsotsi.
Semuenzaniso, kana mutsetse wenyaya ukati, "Wahwina Lottery $1000000" uye usingayeuki kutora chikamu saka iwoyo mureza mutsvuku.
Kana zvirimo zvichigadzira pfungwa yekukurumidzira senge "zvinoenderana newe" uye zvinotungamira pakudzvanya chinonyumwira chinongedzo saka inogona kunge iri chitsotsi.
Phishing maemail anogara aine chinongedzo chekufungira kana faira rakanamirwa kwavari.
Nzira yakanaka yekutarisa kana chinongedzo chine hutachiona kushandisa VirusTotal, webhusaiti inotarisa mafaera kana zvinongedzo kune malware.
Muenzaniso wePhishing Email:
Mumuenzaniso, Google inotaura kuti iyo email inogona kuve nengozi.
Inoziva kuti zvirimo zvinoenderana nemamwe maemail akafanana ephishing.
Kana email ikasangana nemaitiro mazhinji ari pamusoro, saka inokurudzirwa kuti uiudze ku reportphishing@apwg.org kana phishing-report@us-cert.gov kuitira kuti ivharwe.
Kana iwe uri kushandisa Gmail pane sarudzo yekuzivisa iyo email ye phishing.
Kunyangwe kurwiswa kwe phishing kwakanangana nevashandisi vasina kujairika ivo vanowanzo tarisa vashandi vekambani.
Nekudaro vanorwisa havasi kugara vachitevera mari yekambani asi data rayo.
Panyaya yebhizinesi, data yakakosha kudarika mari uye inogona kukanganisa zvakanyanya kambani.
Vapambi vanogona kushandisa data rakaburitswa kupesvedzera veruzhinji nekukanganisa kuvimba kwevatengi uye kusvibisa zita rekambani.
Asi handiyo chete mibairo inogona kubva pane izvozvo.
Zvimwe zvinokonzeresa zvinosanganisira kukanganiswa kwevatyairi kuvimba, kukanganisa bhizinesi, uye kukurudzira faindi pasi peGeneral Data Protection Regulation (GDPR).
Kudzidzisa vashandi vako kubata nedambudziko iri kunokurudzirwa kuti uderedze kubudirira kwe phishing kurwisa.
Nzira dzekudzidzisa vashandi kazhinji ndeyekuvaratidza mienzaniso ye phishing email uye nzira dzekuvaona.
Imwe nzira yakanaka yekuratidza vashandi phishing ndeyekutevedzera.
Phishing simulations ndeyekunyepedzera kurwiswa kwakagadzirirwa kubatsira vashandi kuti vaone phishing pachavo pasina mhedzisiro yakaipa.
Isu tava kugovera matanho aunoda kutora kuti umhanye inobudirira phishing campaign.
Phishing inoramba iri iyo yakanyanya kutyisidzira kuchengetedza maererano neWIPRO's state of cybersecurity report 2020.
Imwe yedzakanakisa nzira dzekuunganidza data uye kudzidzisa vashandi ndeye kumhanyisa yemukati phishing mushandirapamwe.
Zvinogona kuve nyore zvakakwana kugadzira email yekufivha ine phishing chikuva, asi kune zvakawanda zvakawanda kwairi kupfuura kurova kutumira.
Tichakurukura maitiro ekuita bvunzo dze phishing nemukati mekukurukurirana.
Zvadaro, isu tichaenda pamusoro pekuti unoongorora uye kushandisa sei data raunounganidza.
Mushandirapamwe we phishing hausi wekuranga vanhu kana vakawirwa nechitsotsi. A phishing simulation ndeyekudzidzisa vashandi maitiro ekuita kune phishing emails. Iwe unoda kuve nechokwadi chekuti uri kuve pachena nezve kuita phishing kudzidzisa mukambani yako. Isa pamberi pekuzivisa vatungamiriri vekambani nezve yako phishing mushandirapamwe uye tsanangura zvinangwa zvemushandirapamwe.
Mushure mekutumira yako yekutanga yekutanga phishing email bvunzo, unogona kuita kambani-yakafara chiziviso kune vese vashandi.
Chinhu chakakosha chekutaurirana kwemukati ndechekuita kuti meseji ienderane. Kana iwe uri kuita yako wega phishing bvunzo, saka ipfungwa yakanaka kuti uuye neyakagadzirwa mhando yezvako zvekudzidzisa zvinhu.
Kuuya nezita rechirongwa chako kuchabatsira vashandi kuti vaone zvedzidzo yako muinbox mavo.
Kana iwe uri kushandisa inogadziriswa phishing bvunzo sevhisi, saka ivo vangangove neizvi zvakavharwa. Zvemukati zvedzidzo zvinofanirwa kugadzirwa pachine nguva kuitira kuti iwe ugone kuve nekutevera kwekutevera mushure memushandirapamwe wako.
Ipa vashandi vako mirairo uye ruzivo nezve yako yemukati phishing email protocol mushure mekutanga bvunzo yako.
Iwe unoda kupa vaunoshanda navo mukana wekupindura nemazvo kukudzidziswa.
Kuona huwandu hwevanhu vanonyatsoona uye kushuma iyo email iruzivo rwakakosha kuwana kubva mukuyedzwa kwe phishing.
Ndechipi chinofanira kuva chaunonyanya kukoshesa pamushandirapamwe wako?
Kubatanidzwa.
Iwe unogona kuedza kumisa mhedzisiro yako pahuwandu hwekubudirira uye kukundikana, asi iwo manhamba haatombokubatsira iwe nechinangwa chako.
Kana iwe uchimhanyisa bvunzo yekunyepedzera uye pasina anodzvanya pane chinongedzo, zvinoreva here kuti bvunzo yako yakabudirira?
Mhinduro pfupi ndeye "kwete".
Kuva nechikamu che100% chekubudirira hazvituridzi sekubudirira.
Zvinogona kureva kuti bvunzo dzako dzekuphishing dzaive nyore kuona.
Kune rimwe divi, kana iwe ukawana yakakura yekutadza chiyero nebvunzo yako yekuphishing, zvinogona kureva chimwe chinhu chakasiyana zvachose.
Zvinogona kureva kuti vashandi vako havasati vakwanisa kuona kurwiswa kwe phishing.
Kana iwe ukawana mwero wepamusoro wekudzvanya pamushandirapamwe wako, pane mukana wakanaka wekuti iwe unofanirwa kudzikisa kuoma kwemaemail ako ephishing.
Tora nguva yakawanda yekudzidzisa vanhu padanho ravo razvino.
Iwe pakupedzisira unoda kuderedza chiyero che phishing link clicks.
Iwe unogona kunge uchinetseka kuti chii chakanaka kana chakashata chekudzvanya mwero ne phishing simulation.
Maererano ne sans.org, yako yekutanga phishing simulation inogona kupa avhareji yekudzvanya mwero we25-30%.
Izvozvo zvinoita senhamba yepamusoro chaizvo.
Sezvineiwo, vakashuma izvozvo mushure memwedzi 9-18 yekudzidzira phishing, iyo yekudzvanya chiyero chebvunzo yephishing yaive pasi pe5%.
Nhamba idzi dzinogona kubatsira sefungidziro yakakasharara yezvaunoda mhedzisiro kubva pakudzidziswa kwe phishing.
Kuti utange yako yekutanga phishing email simulation, ita shuwa yekuchena iyo IP kero yechishandiso chekuyedza.
Izvi zvinoita kuti vashandi vagamuchire email.
Paunenge uchigadzira yako yekutanga yekunyepedzera phishing email usaite kuti ive nyore kana kuomesesa.
Unofanirawo kuyeuka vateereri vako.
Kana vaunoshanda navo vasiri vashandisi vanorema vesocial media, saka haingave iri zano rakanaka kushandisa fake LinkedIn password reset phishing email. Iyo tester email inofanirwa kuve neyakakwana kukwezva kwakafara zvekuti munhu wese mukambani yako angave nechikonzero chekudzvanya.
Mimwe mienzaniso yemaemail ekubira ane kukwezva kwakawanda anogona kuva:
Ingorangarira psychology yekuti meseji ichatorwa sei nevateereri vako usati warova send.
Ramba uchitumira maemail ekudzidzira phishing kuvashandi vako. Ita shuwa kuti uri kuwedzera zvishoma nezvishoma kuoma nekufamba kwenguva kuti uwedzere hunyanzvi hwevanhu.
Zvinokurudzirwa kutumira email pamwedzi. Kana iwe "phish" sangano rako kakawanda, ivo vanogona kubata zvishoma nekukurumidza.
Kubata vashandi vako, zvishoma kure-kurinda ndiyo nzira yakanakisa yekuwana mamwe echokwadi mhedzisiro.
Kana iwe ukatumira mhando imwechete ye "phishing" maemail nguva dzese, hausi kuzodzidzisa vashandi vako maitiro ekuita kune akasiyana scams.
Unogona kuedza makona akati wandei anosanganisira:
Sezvo iwe uchitumira mishandirapamwe mitsva, gara iva nechokwadi chekuti uri kunyatso gadzirisa kukosha kweshoko kune vateereri vako.
Kana iwe ukatumira email yekuphishing isina hukama nechinhu chaunofarira, unogona kusawana yakawanda yemhinduro kubva kumushandirapamwe wako.
Mushure mekutumira mishandirapamwe yakasiyana kune vashandi vako, zorodza mamwe emakambani ekare akanyengedza vanhu kekutanga uye ita mutsva mutsva pamushandirapamwe iwoyo.
Iwe unozogona kutaura kushanda kwekudzidziswa kwako kana ukaona kuti vanhu vari kudzidza nekuvandudza.
Kubva ipapo iwe unozogona kutaura kana ivo vachida imwe dzidzo yekuona imwe mhando ye phishing email.
Pane zvinhu zvitatu pakuona kana iwe uchizogadzira yako wega phishing chirongwa chekudzidzisa kana kunze kwechirongwa.
Kana iwe uri injinjiniya yekuchengetedza kana uine imwe mukambani yako, unogona nyore kuburitsa sevhavhavha uchishandisa pre-yagara iripo phishing chikuva kugadzira mishandirapamwe yako.
Kana iwe usina chero mainjiniya ekuchengetedza, kugadzira yako wega chirongwa chekubira kunogona kunge kuri kunze kwemubvunzo.
Iwe unogona kunge uine yekuchengetedza mainjiniya musangano rako, asi ivo vanogona kunge vasina ruzivo nesocial engineering kana phishing bvunzo.
Kana iwe uine mumwe munhu ane ruzivo, saka ivo vangave vakavimbika zvakakwana kuti vagadzire yavo yega phishing chirongwa.
Ichi chinhu chikuru chaicho kumakambani madiki kusvika epakati.
Kana timu yako iri diki, zvingasava nyore kuwedzera rimwe basa kuchikwata chako chekuchengetedza.
Zviri nyore kuita kuti chimwe chikwata chine ruzivo chikuitire basa racho.
Iwe wapfuura neiri gwara rese kuti uone kuti ungadzidzisa sei vashandi vako uye wagadzirira kutanga kuchengetedza sangano rako kuburikidza nekudzidzira phishing.
Chii zvino?
Kana iwe uri injinjiniya yekuchengetedza uye uchida kutanga kumhanyisa yako yekutanga phishing mishandirapamwe izvozvi, enda pano kuti udzidze zvakawanda nezve phishing simulation chishandiso chaunogona kushandisa kuti utange nhasi.
Kana…
Kana iwe uchifarira kudzidza nezve anochengetedzwa masevhisi ekukuridzira phishing mishandirapamwe, dzidza zvakawanda pano nezve maitiro aungaita yako yemahara muyedzo wekudzidzira phishing.
Shandisa rondedzero kuona maemail asina kujairika uye kana ari phishing wobva wavaudza.
Kunyangwe paine phishing mafirita kunze uko anogona kukudzivirira, haisi 100%.
Phishing maemail ari kugara achishanduka uye haana kumbofanana.
To chengetedza kambani yako kubva pakurwiswa kwe phishing iwe unogona kutora mukati phishing simulations kuderedza mikana yekubudirira kurwisa phishing.
Tinovimba kuti wakadzidza zvakakwana kubva kugwaro iri kuti uone zvaunofanira kuita padhuze kuti uderedze mikana yako yekurwisa phishing pabhizinesi rako.
Ndokumbira usiye mhinduro kana uine chero mibvunzo kwatiri kana iwe uchida kugovera chero ruzivo rwako kana ruzivo nezve phishing campaigns.
Usakanganwa kugovera gwaro iri uye kuparadzira izwi!
Hailbytes
9511 Queens Guard Ct.
Laurel, MD 20723
Telefon: (732) 771-9995
Email: info@hailbytes.com
