I want to renew
Phishing refers to a large number of criminals sending fraudulent spam or short messages or instant messaging messages that claim to come from banks or other well-known institutions to induce recipients to give sensitive information (such as username, password, account ID or credit card details ), And then use this information to impersonate the victim for fraudulent financial transactions in order to obtain economic benefits.
I. Common security risks
Phishing refers to a large number of criminals sending fraudulent spam or short messages or instant messaging messages that claim to come from banks or other well-known institutions to induce recipients to give sensitive information (such as username, password, account ID or credit card details ), And then use this information to impersonate the victim for fraudulent financial transactions in order to obtain economic benefits. Victims often suffer significant financial losses or all personal information is stolen and used for criminal purposes.
(B) Trojan horse virus
Trojan horse is a remote control-based hacking tool. It usually masquerades as a package, compressed file, picture, video, etc., and entices users to download and install through channels such as web pages and emails. Electronic equipment such as computers or mobile phones will be controlled by criminals who write Trojan horse programs, which will cause damage to information files, such as modification or theft of electronic accounts, and theft of electronic account funds.
(Three) social traps
Social traps refer to online fraud methods in which some criminals use social engineering methods to obtain cardholder personal information and steal cardholder account funds through some important information.
(4) Pseudo base station
"Fake base stations" generally consist of a host computer and a laptop computer. Through the "fake base stations", criminals can search for mobile phone card information within a certain range around the device, and impersonate any mobile phone number to force users' mobile phones by impersonating the base stations of operators Send short messages such as scams and advertising.
(V) Information leakage
At present, some small and medium-sized websites have weak security protection capabilities and are vulnerable to hacking. Many registered users ’usernames and passwords are leaked as a result. And if the user's payment account is set with the same username and password, theft is extremely easy to occur.
Second, security tools
A security tool is equivalent to putting a lock on your account or funds. If you can use network security payment tools reasonably, you can greatly reduce the risk of network payments and make your payments safer and more secure. At present, the mainstream network security payment tools in the market mainly include the following categories:
The first is digital certificates. After the digital certificate is installed on the computer or mobile phone, even if the account payment password is stolen, it needs to be paid on the machine that has the digital certificate installed to ensure the security of funds.
The second is the SMS verification code. The SMS verification code is a one-time random dynamic password sent by the bank or a third party to the customer through the mobile phone bound by the customer when paying.
The third is dynamic password. A secure payment tool that does not require a computer connection, a one-time random password that is changed regularly and a password set by the customer.
The fourth is USBKey. A secure payment tool that is connected to a computer's USB interface and needs to be plugged into a computer when making a payment.
Users can choose a suitable network security payment tool according to their actual situation and the advice of the bank or payment institution.
Third, the security strategy
(1) Keep a good account, password and USBKey (or Ukey, network shield, U shield, etc.)
1. Don't believe in any act of taking account number, USBKey and password, and don't easily disclose your ID number, account number, password, etc. to others.
2. The password should be set as a combination of numbers and uppercase and lowercase letters as much as possible. Do not use birthdays, names and other easily guessable content as passwords.
3. If the USBKey password is leaked, it should be reissued or replaced as soon as possible.
(2) Identify the website URL
When shopping online, please go to a regular and well-known online merchant for online payment. When you make a transaction, please confirm that the URL in the address bar is correct.
(3) Ensure computer system security
1. Download and install online banking, mobile banking security controls, and client software from the bank's official website.
2. Set the Windows login password. For Windows XP and above systems, please turn on the built-in firewall and disable the remote login function.
3. Download and install the latest operating system and browser security patches regularly.
4. Install anti-virus software and firewall software, and upgrade in time.
(D) enhance safety awareness
1. Use an online banking certificate certified by a national authority. It is recommended to enable both the USBKey and SMS password functions.
2. When activating the SMS password, be sure to confirm that the mobile phone number that receives the SMS is my own mobile phone number.
3. Don't trust the SMS, phone call and any information on non-bank official websites received by your mobile phone.
4. Don't trust the phone fraud that fake public security officers, fake police officers, fake judges, fake prosecutors, etc. require transfer in the name of "safe account".
5. Avoid logging in and using online banking in public places or on other people's computers. When exiting online banking or temporarily leaving your computer, be sure to unplug the USBKey.
6. It is recommended not to browse other websites when operating online banking. Some websites' malicious code may obtain information on your computer.
7. It is recommended to set reasonable transaction limits for different electronic payment methods. Please carefully check the transaction content for each transaction and confirm the operation before proceeding. Do not leave the trading terminal halfway when the transaction is not completed, and click Exit after the transaction is completed.
8. Regularly check and verify online banking transaction records. Through customized bank SMS reminder services and reconciliation emails, you can get timely information reminders such as bank login, balance changes, and account setting changes.
(5) Combination of online banking security tools (from high to low according to the number of ★) It is recommended that customers choose a tool combination with a high security level!
Security toolset Security Level
USBKey + SMS password ★★★★★
Online banking certificate + SMS password ★★★★
Online banking certificate ★★
SMS password ★★
Normal login ★
4. What should I do if I am found to be cheated?
Network security is important to prevent. Once found to be deceived, you should contact the bank and payment institution as soon as possible, take corresponding emergency measures, and call the local police.
(1) What should I do if I have entered the password on the phishing website?
1. If you can still log in to your account: please change your payment password and login password immediately. At the same time, enter the transaction details query to see if there are suspicious transactions. If so, you must call the bank or payment agency's customer service number immediately.
2. If you have also entered your bank card information: please call your bank immediately to apply for a temporary freezing of your account or report the loss of your phone (at this time, your bank account can only be credited but not credited).
3． If you are no longer able to log in: please call the customer service phone of your bank or payment institution immediately to apply for temporary supervision of your account.
4． Scan your computer with the latest version of anti-virus software to ensure that there are no Trojans on the phishing website. If found, please change the login and payment password again after confirming the computer security.
(2) What should I do if I find my account funds are stolen?
1. It is necessary to change the account password at the first time and transfer the balance funds at the same time.
2. Enter transaction management, look for suspicious transactions, and keep unauthorized fund transactions.
3． If the bank card account is stolen, please call the bank immediately to apply for a temporary freezing of the account or report the loss of the phone (at this time, your bank account can only be credited but not paid out).