Banking on a Genuine Phishing Email银行对一个真正的网络钓鱼电子邮件

My bank emailed me this week to remind me of how to keep my savings secure online.我的银行以电子邮件寄给我这周提醒我，如何保持我的储蓄安全的在线体验。 The headers looked genuine and it was properly addressed with decent grammar and spelling.标题期待真正的，这是妥善处理与体面的语法和拼写。 So, at first glance it didn’t seem to be a所以，乍看之下，似乎没有什么是一个 phishing attack诈骗攻击 . 。 But, I figured a bank shouldn’t be emailing me at all unless it’s via its logged in secure website channel, after all anyone snooping on my internet connection will now know I have a bank account.不过，我想通银行不应该通过电子邮件发送我在所有的，除非它的通过其记录在安全的网站频道，毕竟任何人窥探我的网际网路连线，将现在知道我有一个银行帐户。

Anyway, I called the bank’s press office to offer them some advice about how they should and shouldn’t be contacting us.无论如何，我所谓的银行的新闻办公室向他们提供一些意见，有关如何，他们应不应该与我们联系。

As I said, other banks use an inline communication system to send messages only once you’re logged into your account.正如我刚才所说，其他银行使用内置的通信系统传送讯息，只有当您登录到您的帐户。 This ensures that communications to and fro are genuine, encrypted and hopefully secure.这可确保通信和来来往往是否为正版，加密和安全的希望。 There are occasions when a bank may need to contact you via regular email if you have not logged in for a while and it’s an important message they need to get to you.有场合，当银行可能需要与您联系，通过定期的电子邮件如果您还没有登录在了一会儿，它的一个重要的讯息，他们需要得到你。 Regardless, my bank’s email, at the very top of the message offered a link that they suggested I click if I was having “difficulty viewing this newsletter”.不管怎样，我的银行的电子邮件，在很热门的讯息，提供了一个链接，他们建议我按一下，如果我是“有困难，检视此时事通讯” 。 Another big no-no.另一个大没有没有。 That’sa common ploy in phishing bait-mail. that'sa共同的伎俩，在网络钓鱼诱饵电子邮件。 Needless to say, I clicked nothing.不用说，我点击无关。 How would a less experienced user know this to be genuine?如何将一经验不足的用户知道这是正版的吗？

Anyway, the email itself was all “In the interest of improved online security for our valued customers, we thought we’d give you some helpful pointers on how to ensure that your online savings are kept secure.” (Oh, there is a grammatical error in there, “in the interest”, should be “interests”, maybe it was a phish, after all, grammar is not a strong point with phishers of men, and women).无论如何，电子邮件本身是所有“ ，在利益的改善，在线安全，为我们尊贵的客户，我们以为我们很乐意给你一些有用的指针，就如何确保您的在线储蓄存放安全。 ” （哦，是有语法错误在那里， “在利益” ，应该是“利益” ，也许这是一个诱骗，毕竟，语法是不是一个强大的点与钓鱼式攻击的男子，和妇女） 。 Apparently, this security thing is “scary”!显然，这个安全性的事是“可怕” ！

But, the scaremongering message then goes on to calm the reader down again: “It’s nothing to lose sleep over, just basic housekeeping really.” They suggest the following, which has to be the most contrived and useless piece of advice regarding password generation:但是，靠吓讯息，接着就平静读者再次说： “这没有什么好失去的睡眠，只是基本的家务真的， ”他们提出以下，这已成为最contrived和无用的奉劝关于密码一代：

When setting your password, make sure it’s something memorable to you, so that you don’t have to write it down. 当您设定的密码，确保它的一些难忘的你，让你不用将它写下来。 Try steering clear of the obvious, like your kids names or pets… anything that is an obvious link to you or your family really. 尝试督导明确的明显，像您的孩子或宠物的名字…的事，便是一个明显的链接到您或您的家人真的。

Usually, for a password to be memorable, it’s going to have to be something you can remember like a name or a something similar.通常，一个密码被难忘的，它的去要的东西您能记住像一个名称或一类似。 But, making passwords memorable is not what anyone should do.但是，决策的密码难忘的是没有什么人应该做的事。 A password needs to have mixed characters, letters, and numbers, be fairly long and have no personal relevance that might be guessed.一个密码，需要有混合字符，字母和数字，在相当长的，并没有个人的相关性可能猜到。 It’s also best if it has no repeating letters, no real words, and passes the general这也是最好的，如果它没有重复信件，没有实质的话，通过一般 password strength tests密码强度测试 . 。 Otherwise, bruteforce or guesswork could allow anyone who gets hold of your username access to your account.否则， bruteforce或猜测可能允许任何人，谁得到的掌握，您的用户名进入您的帐户。 Much better is my好得多是我的 passwords for scientists密码科学家 approach coupled with a service like的做法，再加上服务一样， Passpack passpack . 。

The final piece of advice in the bank’s thrilling “newsletter” is that “if you do think that someone has been using your password, change it immediately and contact us on this number.最后奉劝在该银行的惊险“简报”是“如果你觉得有人一直在使用您的密码，改变它立即联系我们对这个数目。 They cite a phone number.他们举出一个电话号码。 Of course, if this were a phish, then who’s to say that it’sa genuine bank call center number.当然，如果这是一个诈骗邮件，那么谁的说，这是真正的银行电话中心的号码。 How would you know for sure that you were speaking to your bank when you called?你会如何确实知道你的发言给您的银行当您所谓的呢？ You might call the number thinking your password has been compromised, and hand over all sorts of details on request.你可能要求的数目思想，您的密码已经失密，并交出各种细节的要求。 The only numbers you should ever call to contact your bank are those you can read once you’re genuinely logged into your account or the one found on legitimate printed statements and literature from your bank.唯一的号码，您应该以往任何时候都呼吁您的银行联系，是那些您可以阅读一旦您真正登录到您的帐户或一发现对合法印刷报表和文学从您的银行。

Maybe I’m being a little unfair on the bank in question, but I don’t think so, they’ve had many years now to get the security and privacy policies honed and it’s not as if banking fraud is something novel to the online realm.也许我作为一个小的不公平对银行的问题，但我不这么认为，他们已经多年，现在得到的安全和隐私政策磨练和它的不作为，如果银行诈骗是小说线上的境界。 This kind of email from a bank really is inexcusable.这种电子邮件从一间银行，实在是不可原谅的。 The only redeeming feature is a not at the foot of the email that does offer some useful advice to the gullible, read it or weep (we’ll ignore the shoddy grammar):唯一挽救的功能是不是在脚下的电子邮件，并提供一些有用的意见，向轻信，阅读或流泪（我们会忽视伪劣语法） ：

It is also important to remind you that we will never email you asking you for your account number or log on details, so if you do receive an email claiming to do so from us, please contact us straight away. 它也是重要的要提醒你，我们绝不会以电子邮件通知您，要求您为您的帐户号码或登录详细资料，因此，如果您收到一封电子邮件，声称这样做，从我们，请与我们联系直线距离。 And make sure that you never respond to any such unsolicited email with PINs, log in details or passwords, no matter who they claim to be from. 并且一定要知道你永远不回应任何此类不请自来的电子邮件与销，请登录细节或密码，不管是谁，他们声称是从。

UPDATE: The更新： Official Google Blog Google官方博客 just posted on the subject of genuine phishing emails as opposed to the kind that come from one’s bank that are actually genuine emails.刚刚张贴关于这一主题的真正的网络钓鱼电子邮件作为反对那种来自一个人的银行，其实是真正的电子邮件。