Fraud Tactics

了解最新消息 FTC Scam Alerts.

不同的欺诈手段都有一个共同的目标:获取你的365体育滚球, 用于欺诈用途的机密和财务信息.

从获得你的信息'旧的方式'通过丢弃的邮件, to emails that ask you to verify personal information under the guise of a trusted source ― like your financial institution ― fraudulent activity comes in many different forms.

欺诈的策略包括

Adware

在您的计算机上显示广告内容的软件. 就像它的兄弟间谍软件一样,一些广告软件是在你完全知情和同意的情况下运行的,一些则不是. 通常是一种烦恼,而不是安全风险, adware may also monitor browsing activities and relay that information to someone else over the Internet.

Bot or Web Bot

来自“机器人.一个自动化程序, 例如网络爬虫, 在互联网上执行或模拟人类行为. 被搜索引擎用于合法的目的, 即时消息(IM)程序, 及其他互联网服务. 网络机器人也可以用来控制计算机, launch attacks, and compromise data; may act as part of a blended threat.

僵尸网络或僵尸大军

一组被入侵并被置于某365体育滚球控制下的计算机. 365体育滚球使用 malware 安装在被攻陷的电脑上发动拒绝服务攻击,发送 spam(五)有其他恶意行为的.

拒绝服务(DoS)

An attack on a computer or network in which bandwidth is flooded or resources are overloaded to the point where the computer or network's services are unavailable to clients. 也可以通过简单地关闭资源的恶意代码来执行.

Dumpster Diving

Thieves rummage through trash looking for bills or other paper that includes your personal information.

Jury Duty Scam

消费者应警惕被称为“陪审团责任骗局”的身份盗窃漏洞." In this scam, the scammer telephones their victim posing as a local court official who claims the victim has failed to report for jury duty, and as a result, 已经签发了对他或她的逮捕令. 受害者会理所当然地声称,他们从未收到过任何陪审员义务通知. 为了“澄清事情”,骗子然后要求保密信息(i.e.,社会保障号码,出生日期)或付款资料(i.e.,信用卡号码,银行账户详细信息)的指控.

This is a scam. 消费者被敦促不要在电话中提供任何365体育滚球信息. These scam artists are attempting to commit identity theft by appealing to the victim's sense of social conscience and fear of prosecution.

Keylogging

键盘记录器监视键盘上键入的内容, 以及产生的鼠标移动或点击. 键盘记录器包括硬件和软件
versions. A fraudster can go through the logs looking for account credentials and answers to challenge questions.  复杂的软件键盘记录器也可以捕获
屏幕上显示什么.

Malware

恶意软件的简称, 是否在用户不知情或未经用户许可的情况下访问计算机. 恶意软件可能被用来收集或销毁信息.

Man-in-the-Browser (MitB)

Man-in-the-Browser (MitB) attacks move the proxy function of a 中间人(MitM) attack from an external application into an extension of the browser itself. 从本质上讲,MitB是MitM的一个复杂变体.  

在MitB攻击中,欺诈者仍然可以看到所有发送或接收的数据. 欺诈者仍然可以收集登录名、密码和质疑问题信息. Additionally, 欺诈者可以使用已经认证的会话来独立导航站点, 增加新的收款人或启动资金转移, 而不会在浏览器屏幕上显示它们的任何活动.

用于使用多因素身份验证的站点, MitB可以保持休眠状态,直到用户发起一个骗子感兴趣的行为, 比如增加一个新的收款人. 添加新的收款人时, MitB可以修改发送到银行站点的数据, 同时仍然将用户输入的内容显示回浏览器屏幕.

例如,用户添加帐户#12345作为一个新的收款人. MitB将发送到银行网站的内容改为账号#31254. 提示用户输入一次性密码(OTP). 用户通过短信接收OTP. 用户在浏览器中输入OTP来验证加码的收款人. 用户屏幕上的确认页面显示已成功输入收款人#12345, 而银行应用程序实际上有一个新的收款人#31254.

中间人(MitM)

在一个中间人(MitM)的攻击中, 用户认为他们直接与一个真正的银行网站交互, 而实际上有一个代理函数正在进行拦截, manipulating, 并在用户的浏览器和真正的银行站点之间转发这14个数据.

Pharming

Pharming takes place when you type in a valid Web address and you are illegally redirected to a Web site that is not legitimate. 这些“假”网站要求提供信用卡号码等365体育滚球信息, 银行帐户信息, 社会安全号码和其他敏感信息.

Phishing

A scam that involves the use of replicas of existing Web pages to try to deceive you into entering personal, 财务或密码数据. 嫌疑人通常使用紧急或恐吓战术,如威胁关闭账户.

Pop-Ups

在计算机屏幕上以“弹出窗口”形式出现的一种网络广告形式, 弹出窗口的目的是增加Web流量或捕获电子邮件地址. However, sometimes pop-up ads are designed with malicious intent like when they appear as a request for personal information from a financial institution, for example.

RetroVirus

这种病毒专门针对你的计算机防御系统. It will look for vulnerabilities within your computer operating system or any third party security software. 大多数安全厂商都有某种形式的防篡改措施, 所以保持补丁的更新是很重要的. 逆转录病毒通常与另一种形式的攻击相结合.

Rootkits

允许某人秘密获得特权的程序.g. “administrator” or “root”) access to a computer by way of a hidden program that is installed on a victim’s computer.

Skimming

扫描设备被放置在ATM上, 商业登记处或无人值守的终点站,如油泵, 并用于在合法交易期间“浏览”您的卡上的数据.  然后,窃贼可以利用你的卡信息进行欺骗性的购买或取款.

盯紧你正在使用的自动取款机. 寻找松动的面板和阅读器,或者ATM本身不匹配的外观. 只要可能, 使用知名机构的自动取款机, 哪些更有可能定期检查.

When making purchases, be aware if the clerk takes your card out of your sight when there is no need. Experts say organized crime rings are now planting skimming devices and enlisting the help of the cashier, 谁通常会赚点小钱. 显然是某些类型的企业, 如餐厅, 不能总是在你眼皮底下进行交易. 只要尽可能保持警惕,并密切关注您的帐户活动.

社会工程

通过诱骗某人发布信息来获取信息. Dating websites are frequently used by fraudsters to gain trust and obtain personal information and even log-in credentials.

Spam

不请自来的电子邮件, usually sent in bulk to a large number of random accounts; often contains ads for products or services. Also used in phishing 诈骗和其他网络诈骗. 使用电子邮件过滤软件可将其减至最少.

垃圾邮件或即时垃圾邮件

不请自来的即时消息, usually sent in bulk to a large number of IM accounts; often contain marketing materials and links to product Web pages. 也可能用于网络钓鱼诈骗或传播 malware. See also, spam.

Spoofing

欺骗是指攻击者伪装成其他人,提供虚假数据. 网络钓鱼已经成为最常见的网页欺骗形式. 另一种形式的欺骗是URL欺骗. This happens when an attacker exploits bugs in your Web browser in order to display incorrect URLs in your browser location bar. 另一种形式的欺骗被称为“中间人”. This occurs when an attacker compromises the communication between you and another party on the Internet. 可以对许多防火墙进行更新或配置,以显著防止这种类型的攻击.

Spyware

A program that self-installs on a computer and covertly gathers information about a person’s Internet use, passwords, etc.

Trojan horse

A program that appears to be a useful file from a legitimate source but tricks the victim into opening it to steal information or harm the system.

Virus

A program that can replicate itself and spread from one computer to another by attaching itself to an existing program. 

Vishing

Vishing is a type of phishing attack where the attacker uses a local phone number in the fake email as a means of obtaining your sensitive information. The goal is to fool you into believing the email is legitimate by instructing you that responding to the request by phone is safer than responding by email and shows authenticity. The unsuspecting caller is then tricked through an automated phone system to relinquish their sensitive information.

Worm

A self-replicating program that uses a computer network to send copies of itself to other computers on the network to send copies of itself to other computers on the network and does so without any user intervention.

Zero Day Attack

When a Trojan finds its way onto computers and into the browser by exploiting software vulnerabilities before the vendor has had a chance to create a workaround.