评论
打印
Imagine you get an email from Netflix saying your account is suspended.
想象一下,您收到了一封来自Netflix的电子邮件,说您的帐户已被暂停。
It looks official, it even uses your name.
邮件甚至用了你的名字,看起来还挺正式。
But this email is not real.
但这封电子邮件并不是真实的。
It's a personalized, targeted hacking attempt, called "spear phishing,"
这是一种个人化的并且有针对性的黑客攻击手段,也就是所谓的“鱼叉式网络钓鱼”。
and it's getting harder and harder to tell a real email from a dangerous one.
而且,危险的电子邮件和真实的电子邮件已经越来越难区分了。
Cyber criminals aren't just targeting random individuals for credit card info.
网络罪犯已经不止会随机套取用户的信用卡信息了。
CEOs and big companies like Sony, Facebook and Google have all been duped.
连许多总裁以及索尼、Facebook和谷歌之类的大企业都被上当了。
And of course...
当然了,还有...
The Russian government hackers penetrated the computer network of the Democratic National Committee.
俄罗斯政府的黑客入侵了民主党全国委员会的计算机网络。
Wikileaks just recently published a bunch of these emails.
维基解密最近刚发布了一堆这样的电子邮件。
And all it took was one phishing email.
而这一切都源于一封钓鱼邮件。
It was a pretty standard spear phishing attack.
那其实是非常标准的一次鱼叉式网络钓鱼攻击操作。
An employee at the Democratic Congressional Campaign Committee, known as the D-triple-C,
民主党国会竞选委员会,即D3C的一名员工,
got an email that looked like a Google Security alert, asking her to log-in and change her password.
收到一封类似谷歌安全警报的电子邮件,要求她登录并更改密码。
It looked legitimate, and that was the point.
邮件看起来非常合理,问题就出在这里。
It was actually sent by Russian hackers.
但邮件实际上是俄罗斯黑客发的。
They installed malware that took screenshots of what she was doing.
随后他们给她的电脑安装了能够对她操作过程进行截屏的恶意软件。
And they tracked every key she typed.
获取了她输入的每一个密码。
Once she went logged in to the DCCC's network, the Russians could, too.
她一登录D3C的网络,俄罗斯人也就可以了。
From there, they had access to all sorts of documents: opposition research, field operation plans, bank accounts.
这样以来,他们就获取了她的所有资料:反对派研究,宣传计划,银行账户等等等等。
They even installed malware into at least nine other computers.
此外,他们至少还给其他9台电脑安装了恶意软件。
One of those computers belonged to an employee who also had access to the Democratic National Committee.
其中一台计算机属于另外一名可以进入民主党全国委员会网络的员工。
Using the same methods as before, the Russians were able to log in to the DNC network.
俄罗斯人故技重施,又获得了DNC网络的登录权限。
Once inside, they stole thousands of emails later released during the convention.
进入内网之后,他们窃取了数千封电子邮件,而这些邮件都是要在之后的大会上公布的。
Debbie Wasserman-Schultz has announced she will resign as head of the Democratic National Committee.
黛比·瓦瑟曼 - 舒尔茨宣布,她将辞去民主党全国委员会主席的职务。
It comes after those leaked DNC emails.
这已经是DNC电子邮件泄露之后发生的事情。
All because of that one phishing email.
所有这些都是因为一封网络钓鱼邮件。
The Russians also sent phishing emails to 76 people within the Clinton campaign, including campaign chairman John Podesta.
俄罗斯人曾经还给76位参与筹划希拉里·克林顿竞选的工作人员发送过钓鱼邮件,其中还包括竞选主席约翰·波德斯塔。
This was the actual email he received — a Google security notice telling him to click the link to change his password.
这就是他收到的那封电子邮件 - 谷歌安全通知让他点击链接更改密码。
His chief of staff thought the email seemed fishy so she flagged it to the campaign's IT staff.
他的幕僚长觉得这封电子邮件看起来很可疑,就把它发给了活动的技术人员。
An IT staffer agreed it was suspect, and instructed Podesta to change his password immediately.
一名IT员工认同了她的看法,让波德斯塔立即更改他的账户密码。
But in his haste, he wrote "legitimate" when he meant to say "illegitimate" The rest is history.
然而,匆忙之下,他把“非法的”写成了“合法的”。剩下的大家已经知道了。
The ongoing dump of hacked emails from the account of Clinton campaign manager John Podesta.
希拉里·克林顿竞选主席约翰·波德斯塔账户被黑客窃取电子邮件一事仍在继续。
Every day a new batch, and the Clinton campaign knows this could be a problem for them every day until election day.
每天都有一批邮件被窃取,克林顿竞选活动方也知道,这个问题可能会一直持续到竞选开始。
So how do you prevent this from happening to you?
那大家要怎么防范这种事情发生在自己身上呢?
Well first, take Clinton's IT guy's advice.
首先呢,大家要采纳克林顿技术人员的建议。
Set-up two-factor authentication on everything you can.
尽可能设置双重身份验证。
But even that's not a guaranteed safeguard.
但这么做并不能保证万无一失。
If you get an unexpected email, examine the url closely.
如果您收到了陌生邮件,请仔细查看网址。
And just in case, don't click the link in the email and go to directly to the website instead.
为了以防万一,请不要点击电子邮件中的链接,改为直接访问网站。
But you're actually more likely to see that phishing link on your phone.
另外,相比电脑,手机更容易收到这种网络钓鱼链接。
Not just in an email but in a text or messaging app, too.
而且,不仅仅是电子邮件中可能夹杂这种链接,文本或者聊天软件中也可能收到。
56% of people click on mobile phishing links.
有56%的用户都点击了移动端的网络钓鱼链接。
Ultimately, if you think something looks fishy, don't take the bait.
最后,如果你觉得某条信息看起来很可疑,那就不要上钩。
