Banking on a Genuine Phishing Email銀行對一個真正的網絡釣魚電子郵件

My bank emailed me this week to remind me of how to keep my savings secure online.我的銀行以電子郵件寄給我這週提醒我，如何保持我的儲蓄安全的在線體驗。 The headers looked genuine and it was properly addressed with decent grammar and spelling.標題期待真正的，這是妥善處理與體面的語法和拼寫。 So, at first glance it didn’t seem to be a所以，乍看之下，似乎沒有什麼是一個 phishing attack詐騙攻擊 . 。 But, I figured a bank shouldn’t be emailing me at all unless it’s via its logged in secure website channel, after all anyone snooping on my internet connection will now know I have a bank account.不過，我想通銀行不應該通過電子郵件發送我在所有的，除非它的通過其記錄在安全的網站頻道，畢竟任何人窺探我的網際網路連線，將現在知道我有一個銀行帳戶。

Anyway, I called the bank’s press office to offer them some advice about how they should and shouldn’t be contacting us.無論如何，我所謂的銀行的新聞辦公室向他們提供一些意見，有關如何，他們應不應該與我們聯繫。

As I said, other banks use an inline communication system to send messages only once you’re logged into your account.正如我剛才所說，其他銀行使用內置的通信系統傳送訊息，只有當您登錄到您的帳戶。 This ensures that communications to and fro are genuine, encrypted and hopefully secure.這可確保通信和來來往往是否為正版，加密和安全的希望。 There are occasions when a bank may need to contact you via regular email if you have not logged in for a while and it’s an important message they need to get to you.有場合，當銀行可能需要與您聯繫，通過定期的電子郵件如果您還沒有登錄在了一會兒，它的一個重要的訊息，他們需要得到你。 Regardless, my bank’s email, at the very top of the message offered a link that they suggested I click if I was having “difficulty viewing this newsletter”.不管怎樣，我的銀行的電子郵件，在很熱門的訊息，提供了一個鏈接，他們建議我按一下，如果我是“有困難，檢視此時事通訊” 。 Another big no-no.另一個大沒有沒有。 That’sa common ploy in phishing bait-mail. that'sa共同的伎倆，在網絡釣魚誘餌電子郵件。 Needless to say, I clicked nothing.不用說，我點擊無關。 How would a less experienced user know this to be genuine?如何將一經驗不足的用戶知道這是正版的嗎？

Anyway, the email itself was all “In the interest of improved online security for our valued customers, we thought we’d give you some helpful pointers on how to ensure that your online savings are kept secure.” (Oh, there is a grammatical error in there, “in the interest”, should be “interests”, maybe it was a phish, after all, grammar is not a strong point with phishers of men, and women).無論如何，電子郵件本身是所有“ ，在利益的改善，在線安全，為我們尊貴的客戶，我們以為我們很樂意給你一些有用的指針，就如何確保您的在線儲蓄存放安全。 ” （哦，是有語法錯誤在那裡， “在利益” ，應該是“利益” ，也許這是一個誘騙，畢竟，語法是不是一個強大的點與釣魚式攻擊的男子，和婦女） 。 Apparently, this security thing is “scary”!顯然，這個安全性的事是“可怕” ！

But, the scaremongering message then goes on to calm the reader down again: “It’s nothing to lose sleep over, just basic housekeeping really.” They suggest the following, which has to be the most contrived and useless piece of advice regarding password generation:但是，靠嚇訊息，接著就平靜讀者再次說： “這沒有什麼好失去的睡眠，只是基本的家務真的， ”他們提出以下，這已成為最contrived和無用的奉勸關於密碼一代：

When setting your password, make sure it’s something memorable to you, so that you don’t have to write it down. 當您設定的密碼，確保它的一些難忘的你，讓你不用將它寫下來。 Try steering clear of the obvious, like your kids names or pets… anything that is an obvious link to you or your family really. 嘗試督導明確的明顯，像您的孩子或寵物的名字…的事，便是一個明顯的鏈接到您或您的家人真的。

Usually, for a password to be memorable, it’s going to have to be something you can remember like a name or a something similar.通常，一個密碼被難忘的，它的去要的東西您能記住像一個名稱或一類似。 But, making passwords memorable is not what anyone should do.但是，決策的密碼難忘的是沒有什麼人應該做的事。 A password needs to have mixed characters, letters, and numbers, be fairly long and have no personal relevance that might be guessed.一個密碼，需要有混合字符，字母和數字，在相當長的，並沒有個人的相關性可能猜到。 It’s also best if it has no repeating letters, no real words, and passes the general這也是最好的，如果它沒有重複信件，沒有實質的話，通過一般 password strength tests密碼強度測試 . 。 Otherwise, bruteforce or guesswork could allow anyone who gets hold of your username access to your account.否則， bruteforce或猜測可能允許任何人，誰得到的掌握，您的用戶名進入您的帳戶。 Much better is my好得多是我的 passwords for scientists密碼科學家 approach coupled with a service like的做法，再加上服務一樣， Passpack passpack . 。

The final piece of advice in the bank’s thrilling “newsletter” is that “if you do think that someone has been using your password, change it immediately and contact us on this number.最後奉勸在該銀行的驚險“簡報”是“如果你覺得有人一直在使用您的密碼，改變它立即聯繫我們對這個數目。 They cite a phone number.他們舉出一個電話號碼。 Of course, if this were a phish, then who’s to say that it’sa genuine bank call center number.當然，如果這是一個詐騙郵件，那麼誰的說，這是真正的銀行電話中心的號碼。 How would you know for sure that you were speaking to your bank when you called?你會如何確實知道你的發言給您的銀行當您所謂的呢？ You might call the number thinking your password has been compromised, and hand over all sorts of details on request.你可能要求的數目思想，您的密碼已經失密，並交出各種細節的要求。 The only numbers you should ever call to contact your bank are those you can read once you’re genuinely logged into your account or the one found on legitimate printed statements and literature from your bank.唯一的號碼，您應該以往任何時候都呼籲您的銀行聯繫，是那些您可以閱讀一旦您真正登錄到您的帳戶或一發現對合法印刷報表和文學從您的銀行。

Maybe I’m being a little unfair on the bank in question, but I don’t think so, they’ve had many years now to get the security and privacy policies honed and it’s not as if banking fraud is something novel to the online realm.也許我作為一個小的不公平對銀行的問題，但我不這麼認為，他們已經多年，現在得到的安全和隱私政策磨練和它的不作為，如果銀行詐騙是小說線上的境界。 This kind of email from a bank really is inexcusable.這種電子郵件從一間銀行，實在是不可原諒的。 The only redeeming feature is a not at the foot of the email that does offer some useful advice to the gullible, read it or weep (we’ll ignore the shoddy grammar):唯一挽救的功能是不是在腳下的電子郵件，並提供一些有用的意見，向輕信，閱讀或流淚（我們會忽視偽劣語法） ：

It is also important to remind you that we will never email you asking you for your account number or log on details, so if you do receive an email claiming to do so from us, please contact us straight away. 它也是重要的要提醒你，我們絕不會以電子郵件通知您，要求您為您的帳戶號碼或登錄詳細資料，因此，如果您收到一封電子郵件，聲稱這樣做，從我們，請與我們聯繫直線距離。 And make sure that you never respond to any such unsolicited email with PINs, log in details or passwords, no matter who they claim to be from. 並且一定要知道你永遠不回應任何此類不請自來的電子郵件與銷，請登錄細節或密碼，不管是誰，他們聲稱是從。

UPDATE: The更新： Official Google Blog Google官方博客 just posted on the subject of genuine phishing emails as opposed to the kind that come from one’s bank that are actually genuine emails.剛剛張貼關於這一主題的真正的網絡釣魚電子郵件作為反對那種來自一個人的銀行，其實是真正的電子郵件。