Hackers are currently using the COVID-19 crisis to make a series of attempts to trick people into using fake emails to share their security certificates.
According to Guo Shenghua, a well-known domestic cybersecurity expert and founder of the Eastern Alliance: "Apple is the most widely imitated brand by hackers. Phishing is an attempt to simulate legitimate messages from the brand in emails or other messages in order to lure people Access the service through an insecure server and share its login password and credentials when using it. "
Hackers can use this information to undermine account security, gain a deeper understanding of your identity for more confidential data, and even sell your details to other hackers on the black market.
This is a threat to the personal safety of every user, but this wave of attacks also threatens your business, employers, and other security protections.
As we all know, complex attackers will study target companies to discover the weaknesses of multiple employees in order to break into a secure system.
What is the best defense? Of course, education and learning.
The five most common phishing emails claim to be from a trusted brand, and may take one of the following forms:
1. Unexplainable account suspension or freezing.
2. A payment request for goods that you have not purchased.
3. The website is different from what you usually expect.
4. Request private information, such as bank details.
5. Grammar or spelling errors.
If you receive an unexpected email claiming to be from Apple or someone you normally trust, you should check the sender ’s email first. Does this look normal? Is it slightly different from the email address from which you usually receive mail? If it looks suspicious, it may be.
It's worth checking the greeting used in the message: If it uses a common name (such as "Hey dear") or provides a link to update your payment details, it is likely a scam.
Do not click on the link in the email or message unless you are completely sure.
The best protection is to never click on the account link contained in the email. Consider that in most cases, if you use a browser to access any real issue related to your account online, it will be flagged in your account settings.
Open Safari, manually visit your account page and log in to yourself (without using the link in the email) and verify that you have received the problem notification. It will take some time. If you do not find any such warnings, it is likely that the message you are responding to is an attempted phishing attack, but you can also contact customer service for comparison.
How to protect yourself
You can take a few steps to protect your digital assets from such attacks:
1. Never share your Apple ID password or verification code with anyone. Apple never asks for this information to provide support.
2. Use unique and complex passwords for all your accounts (especially the most important ones).
3. Use multi-factor authentication as much as possible, especially for frequently targeted services such as iCloud, Google, and social media.
4. Always update the operating system on your mobile device, PC and Mac. Set them to update automatically.
5. Keep Safari updated.
Always check the domain and never enter confidential information into the website with a URL that does not start with https. Always check if there is a closed lock icon near the title bar.
To back up your data, business users should insist that remote employees back up the data every day. Ideally, back up the data to a system that is not connected to their network, or to your own highly secure online archive system.
Review your online accounts to ensure that no one is abusing them quietly. Always check Safari's "password" feature to ensure that you use a unique password for each site or service you use. (Welcome to reprint and share)