如何防止駭客入侵你的通訊軟體騙走你的金錢
How to prevent a cracker from hacking into your communication software to steal your money?

小編服務的歐漾淨水品牌公司在去年發生了德國客戶被駭客入侵,造成了對方金錢被騙損失以及我們雙方後續處理成本的事情;
One of our German clients was hacked last year. It caused they lost a sum of money and the cost of both of us dealing with the follow-up.

哪知道今年九月底,又有一位香港客戶被駭了65,000多美元,讓我心裡頗為難受,心想是不是我們的防備工作不夠好,
Surprisingly, at the end of September this year, one of our Hong Kong clients was also hacked and lost US$65,000. These things make me fed very depressed and wonder if our precautions were not good enough.

讓香港客戶蒙受損失?特地打電話到香港去關心客戶,還好香港客戶相當理解,說明是他們自己本身的疏忽。
I specially called to our Hong Kong customer to express our concern and also thank them for their understanding. They even said it was their own carelessness.

所以我再將這篇文章稍作修改與補強,讓各位能夠將以防備。
Therefore, in order to let you can prevent it, I decided to revise this article and add some new things in it.

一)駭客的一貫做法是:
Crackers do it all the time.

通常用釣魚信,傳email到你的信箱,引誘你打開他的附加檔,再趁機進入你的email,串改你的信件再用你的名字與你的客戶聯絡。
They usually sent a phishing email to your account. When you open its attached file, they hack into your account and alter your email. Then, they use your name to contact with your clients.

我們的第一位德國客戶被害的經過是這樣:
The experience of our German client was as below

駭客首先去註冊了一個網址,跟我們的官網網址相當的相似,讓我們沒有戒心:
The cracker registered a web address in advance. It was pretty similar to our official website. That’s why our German client fell into the trap.

歐漾網址:easywellwater.com
Our official website addresseasywellwater.com

駭客新註冊:esaywellwater.com
The cracker’s web addressesaywellwater.com

另外駭客還申請了幾乎與我們客人一模一樣的email address,當他取得任一方的密碼以後,就用假的客人email來跟我們連絡,又用與我們相似的email去跟我們客戶對話,等到我們要通知客人匯款時,駭客逮到了機會,告訴我們的客戶他要更換銀行帳戶,把錢匯到他指定的銀行,我們客人不疑有他,這樣平白無故損失了一大筆錢。
Besides, the cracker even registered an email address which was almost the same as our client’s. After he had gotten the password from one of us, he used the fake email address to contact our company. After that, he communicated with our client via the fake email which was also similar to ours. When we asked our client to remit money, the cracker would told him that he need to change the bank account and remit money to the bank he appointed. By following the cracker’s instructions, our German client lost a large sum of money.

更高招的是,當我們用駭客的email來信時(以為這郵件來自我們客戶),按回覆時,郵件會自動變成歹徒的email address.
The magical trick they are playing is when you reply the mail from the hackers (pretending to be our customers' e-mail address), it will automatically convert to the hackers' e-mail address when you press "REPLY"!

香港客戶被駭的經過是這樣, 駭客進入了香港客戶的採購email,駭客將我們傳給香港客戶的proforma invoice,P/I裡面修改了駭客的匯款銀行及帳號,再將這張偽造的P/I傳給香港客戶,要香港客戶匯款到他偽造的帳戶。
The experience of our Hong Kong client was as follow
The cracker hacked into the email of their purchasing department, and modified the remitting bank and account on the proforma invoice which we sent to them. Then, the cracker sent the fake P/I to our Hong Kong client again, and requested them to direct money to his account.

當你發現有下列事情時,請務必避免, 以免誤入駭客的圈套。
Be careful with these following situations to avoid falling into the cracker’s trap.

) 不要回覆這些郵件
First, do not reply these emails.

1 沒有收件人名字的郵件
1. An email without the recipient’s name.

2 用很像快遞公司的名稱寄郵件給你。
2. The sender’s name looks like a courier company.

3 自己取了一個銀行的名字,說是他那邊有一筆錢要匯給你。
3. Someone who uses bank’s name and says that there is a sum of money to be remitted to you.

4 莫名其妙要你報價,也沒有說是要你報價哪一個項目,更沒有提到你的公司名稱或你個人名字。
4. Someone asks you to provide quotation without a reason, and he doesn’t mention anything about you, your product or your company’s name.

5 對方的郵件裡面沒有他的官方網站,或他的郵件地址是用免費地址。
5. His company’s official website address was not shown in the email or he uses a free email address.

6 直接問你有沒有庫存,他馬上要下訂單。
6. Someone told you that he would place the order right away if you had any stocks.

7 歹徒的一慣伎倆,都會有一個附加檔在email裡面,要你打開,請勿打開附加檔。
7. If the email is sent by a cracker, it usually has an attached file. Please do not open it.

二)如何避免被入侵
Second, how to avoid being hacked?

2.1 使用在網路的所有通訊軟體進入密碼要越複雜越好,: emailFBLINE(不容易被我駭客破解密網)
2.1 Taking communication software for example, such as LINE, Facebook and Email, the more complex the password, the better and more secure that password is.

2.2 回覆email,不可以從客戶的來信直接按「回覆」鍵,需另外開一個新email,或用forward方式回覆,或在客人的郵件上面複製他的email address,再貼在要回覆的郵件上。
2.2 When you want to reply to an email, do not press the “reply” button straightly. You have to compose an new email, or use the way of forwarding. You can also copy client’s email address to another email you want to send to him.

2.3 時常檢視對方的email address是否與我們的很相似。
2.3 It is important to check if the sender’s email address is similar to ours.

2.4 常常檢視客戶的email address是否有異狀。
2.4 Check the client’s email address regularly for anomalies.

2.5 仔細留意對方郵箱地址:假冒或使用與其他知名網站相似的郵箱地址。
2.5 Watch out for sender’s email address to make sure it is not fake or similar to those well-known websites’.

2.6 每個月或每一季,更改你的email進入密碼。
2.6 Change your email password monthly or quarterly.

) 最好的辦法是:
Third, the best way.

3.1 在貴公司要發出的每一封email信件下面告知客戶,並打上: 「注意:本公司匯款帳號不會隨意更改,請匯款前再次電話確認」除了通知客戶自己小心外,也讓駭客歹徒知難而退。
3.1 Our company bank account will not change at will. Please confirm by telephone again before remittance. You can put in these words in each email you send to clients. On the one hand, it can remind clients to be careful; on the other hand, it can make cracker get his purpose hard.

3.2  在你公司的Outlook的系統加裝一個垃圾郵件攔截軟體,中華電信提供一種叫「SPAM」,多少可以幫你過濾掉一些垃圾郵件。
3.2 You can add a spam blocker to the Microsoft Outlook system. Besides, Chunghwa Telecom provides a service which is called “SPAM”. It can help people filter some spam more or less.

3.3 如果真的要客人變更匯款銀行帳號,除了email通知客戶以外,務必再親自打電話去告知(或再用傳真告知)
3.3 If your company really wants to change the account of remitting bank, you have to notify the client by email and call them in person or fax.

3.4 定期告知所有客戶,當有人通知他要變更匯款銀行帳號時,請他務必要再打電話回來與我們確認。
3.4 You can inform your client periodically that if someone asks them to change the remitting bank account, please call back to confirm.

) 先具備能夠判斷哪些是email的陷阱的知識
Forth, learn how to judge if an email is a scam.

) MIS部門注意事項
Fifth, the matters needing attention for MIS department.

1 防毒軟體是否過期,並每月抽查電腦是否被植入木馬程式。
1. Check the anti-virus isn’t expired, and inspect the company computers monthly to make sure they didn’t get infected by Trojan Horse.

2 每月抽查工作伙伴的信箱,是否用forward回覆郵件.
2. Randomly inspect employee’s mailbox every month to ensure that they use the way of forwarding to reply emails.

3 定期稽查業務、財務、採購單位是否更改email進入密碼。
3. Inspecting the sales department, the finance department and the procurement department have changed their email password periodically.

六)財務部注意事項
Sixth, the matters needing attention for Finance Department.

1 如果採購單位要財務匯款,但賣方的銀行匯款帳號與前次不同,務必請採購親自打電話去確認,並要對方提供書面銀行帳號變更通知,並加蓋大小印章或簽名。請財務再確認,客戶確認書面的可靠性,例:信紙的信頭是否與前一樣…
If the purchasing department wants to remit money, only to find the seller’s bank account is different from last time, please ask them to call to confirm. Besides, they should request the seller to provide the written notice of bank account change and stamp or sign on it. Last, the finance department should reconfirm the papers are reliable. For example, is the letterhead the same as before?

七)採購部門
Seventh, the matters needing attention for Purchasing Department.

1 注意不要被駭客入侵你的email或其他與客戶連絡的通訊軟體。
1. Don’t let cracker hack in to your email account or other communication software which you contact with clients.

2 協力廠要我們匯款,注意銀行與帳號是否與以前不同,一定要做到無失誤,否則被駭客欺騙,損失的是我們。
2. If the subcontractor asks you to remit money, please confirm the bank account is the same as before. If you were deceived, the company would lose money.

) 如何防犯遭勒索病毒入侵
Last, what can we do when we get hacked by ransomware?

我們公司不幸的也遭勒索病毒軟體入侵。有天公司副總發現她的桌機銀幕的文字檔一直而且快訴的一一的變黑,然後一一消失。還好公司IT主管知道這是遭勒索軟體病毒侵襲,我們馬上拔掉桌機的電源,雖然損失了一部電腦,但還好沒有釀成大禍,不然等到整個ERP系統遭勒索病毒感染併而造成報銷,再接到勒索軟體駭客的金錢勒索,事情就大了。
Unfortunately, our company also got hacked by ransomware. One day, our deputy general manager found that the text on her computer screen was rapidly darkening and disappearing. Our head of IT department recognized it as ransomware and unplugged the computer right away. Although we lost a computer, we luckily keep the loss to the minimum. If we hadn’t dealt with it immediately, the entire ERP system would have been crashed by ransomware, and the cracker would demand ransom. We would lose more money.

下列幾項簡單步驟可以防犯、處理勒索病毒的入侵:
Here are some simple ways that people can prevent or handle ransomware.

在每台個人桌機加裝防毒軟體,並且每年更新防毒軟體。
Install antivirus software on each computer and update it every year.

不要隨意地去打開釣魚信件。
Do not open the phishing emails.

在你公司的Outlook的系統加裝一個垃圾郵件攔截軟體,中華電信提供一種叫「SPAM」,將釣魚信件列入黑名單。
Add a spam blocker to the Microsoft Outlook system. In addition, Chunghwa Telecom provides a service which is called “SPAM”. It can blacklist phishing emails.

遇到桌機畫面有異常,馬上拔掉該桌機的電源。
If the computer screen displays weird, please unplug it right away.

養成每天或每週備份ERP、官網…內部資料,如果遭遇勒索軟體時, 可以重新將備份資料取出重灌。
Back up the internal data weekly or daily to ensure that if you get hacked by ransomware, you can re-install them.

arrow
arrow

    飲啖薄 發表在 痞客邦 留言(4) 人氣()