网络电子邮件钓鱼陷阱需警惕

音频下载[点击右键另存为]
It's probably a good time to change your email password, because the largest phishing scam in two years has hit more than 30,000 email accounts worldwide. Some of the accounts compromised include Gmail, Yahoo, and AOL accounts as well as EarthLink and Comcast email addresses. Microsoft email addresses ending in / hotmail.com, live.com, and msn.com have also been hacked. Now phishing is when you're tricked into providing your email and password information to people posing as legitimate companies you already do business with, maybe even a fake message appearing to be from a social network, or the criminals then use that information to log on to your email and use it as a base to send out a massive amount of spam. And this scam actually came to light when the lists of hacked accounts were posted online. Rik Ferguson with Trend Micro is an expert who follows these incidents closely.
I was checking the process before I spoke to you. If I went to the underground market to buy some accounts, like I can pick up 1,000 hotmail accounts' user name and password for ten bucks. And if I was after Yahoo accounts, I could get those for eight dollars per thousand. So, yeah, it's an everyday activity and it's a thriving black market. The motivation behind getting hold of legitimate email accounts rather than registering their own fake accounts is all of those email accounts will have associated address books, contact books. And those emails are more likely to reach their recipients, and not be automatically filtered out than the ones that are generated by fake accounts.
Google has made this statement: We recently became aware of the phishing scheme through which hackers gained user credentials for web-based Gmail accounts. As soon as we learned of the attacks, we forced password resets on all the affected accounts. We recognize how many people depend on Gmail and strive to make it as secure as possible.
Microsoft has launched an investigation into the attack. But in the meantime, experts say the best way to protect yourself is to change your password now and do it frequently.
At cnn Center, I'm Errol Barnett.

Glossary:

phishing: In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

pose as: to pretend to be someone else, in order to deceive people

user credentials: Information that a user provides to prove his or her identity. In basic authentication, the user credentials are simply a username and password.