Yeqa uye kokuqukethwe okuyinhloko

Indlela Yokuzivikela Ekuhlaselweni kwe-Phishing

I-phishing iyindlela enqala yokwebiwa kwama-akhawunti. Ukusebenza kwe-phishing yanamuhla, izimpawu zengozi, nezivikelo eziyamisayo ngempela.

Kugcine kubuyekezwa: Ephreli 14, 2026

Isifinyezo

  • I-phishing iyisizathu esinqala sokwebiwa kwama-akhawunti — abahlaseli bakukhohlisa ukuthi unikeze imininingwane yakho esayithini ekhombisa ukuba ngeyeqiniso.
  • Amakhithi e-phishing anamuhla akhopisha amakhasi okungena ngokusobala futhi adlulise amakhodi akho e-2FA ngesikhathi sangempela.
  • Okhiye bokuqinisekisha be-hardware (YubiKey, FIDO2) yizo zodwa izivikelo eziphephile ngokwasekuqaleni ukumelana ne-phishing.
  • Iziphathi zamagama okugcina zikuvikela ngokwenqaba ukugcwalisa ngokuzenzakalelayo esizindeni esigabadekile.
  • Hlola isizinda esiyiso ngaphambi kokuthayipha imininingwane, futhi ungangeni ngekheli esivela nje ku-imeyili.

Yini i-phishing?

I-phishing iwuhlaselo lwendlela yenhlalo lapho umhlaseli edala ikhophi ecacelayo yewebhusayithi eqinisekile — ngokuvamile ifana ngokuphelele — amkhohlise umuntu ukuthi afake imininingwane yakhe khona. Ngesikhathi umuntu efaka ifomu, umhlaseli ubamba igama lomsebenzisi, iphasiwedi, noma yimuphi umkhombandlela wesibili, bese ewasebenzisa ukuthatha i-akhawunti yangempela emizuzwini embalwa.

Igama lisuselwa emfuzasweni yoku-"dolobha" izisulu ngento yokukhetha (ngokuvamile i-imeyili). Ukubhalwa kwashintsha ukugcizelela ukuthi abahlaseli ngokuvamile basebenzisa amanombolo e-phon (i-phishing ye-SMS, noma "smishing") nekhompyutha ebukeka ingeyeqhinga.

Kungani i-phishing iseyisizathu esinqala

Ukudilika kwama-akhawunti amaningi namuhla akubandakanyi ukuphula ikhompyutha, ukuphula amagama okugcina, noma ukweqa ukubethela. Kubandakanya umuntu othayiphayo iphasiwedi esayithini yobuxoki. I-phishing:

  • Isinqobile — umhlaseli angathuma izigidi ze-imeyili ngokukhokha i-VPS nesizinda esisebenzisa igama labanye
  • Kunzima ukuyihlunga — amakhithi anamuhla ayazungezisa izizinda, asebenzise ukulondoloza okusemthethweni, futhi azivumelanise nezihluzi ngesikhathi sangempela
  • Iyasebenza — ngisho nabasebenzisi abaqwashisiwe bayehluleka emazamweni acoliwe okuqondiswa (i-spear phishing)
  • Ikhula — i-phishing eyedwa ephumelele ngokuvamile inikeza ukufinyelela ezinsizeni eziningi eziholana ngokusebenzisa kabusha amagama okugcina

Umbiko we-Verizon Data Breach Investigations ka-2024 wathola ukuthi i-phishing yayiyindlela yokuqala yokufinyelela kwezihlaselo ezingaphezu kwa-36% yazo zonke izikhukhula — ngaphezu nanoma yiluphi olunye ususelo olulodwa.

Ukusebenza kwe-phishing yanamuhla

I-phishing ikhule kakhulu ngaphambili kwe-imeyili ze-"inkosi waseNigeria" zawo-2000. Ukuhlasela kwe-phishing kwanamuhla ngokuvamile kubandakanya:

1. Isilinganiso esiyenganekwane

Ngokuvamile i-imeyili, umyalezo, noma umyalezo wengxoxo odalela ukusheshisa ("I-akhawunti yakho izocindezelwa"), igunya ("Iqembu lokuphepha lika-Microsoft"), noma inquisitiveness ("Umuntu ukukhombe esithombeni"). I-spear-phishing iya ngaphambili ngezinhloso zomuntu ezisutswa ku-LinkedIn, ezindaweni zokudilika, noma izincwadi zangaphambili.

2. Isayithi yobuxoki efana ngokuphelele

Abahlaseli basebenzisa amakhithi e-phishing abiwe enimini akhopisha i-HTML, i-CSS, ne-JavaScript yesayithi yomgomo. Amakhithi amaningi athengiswa njengensiza (i-phishing-as-a-service), ngamadashobhodi asebenzayo nokusekela kwamakhasimende.

3. I-proxy yangesikhathi sangempela ye-2FA

Ingxenye eyingozi: amakhithi anamuhla awadingi kuphela ukubamba iphasiwedi yakho. Asebenza njengo-proxy we-man-in-the-middle odlulisa yonke into oyithayiphayo — kuhlanganisa nekhodi yakho ye-TOTP — esayithini yangempela emizuzwini embalwa, edlulela i-2FA eyiningi. Le ndlela ibizwa ngokuthi i-adversary-in-the-middle (AiTM) futhi isetshenziswayo kumathuluzi afana ne-Evilginx2 ne-Modlishka.

4. Ukwebiwa kwethokeni lesukhwini

Uma uqinisekisha nge-proxy, umhlaseli ubamba i-cookie yeseshini wakho futhi angayisebenzisa uku-logi ngisho noma washintsha iphasiwedi yakho. Yingakho ukusabela kwe-phishing kuhlanganisa ukukhipha amaseshini asebenzayo, hhayi ukuguquguquka kwephasiwedi kuphela.

Okuyamisayo ngempela i-phishing

Okhiye bokuqinisekisha be-hardware (FIDO2 / WebAuthn)

Lesi yisigaba kuphela sezivikelo ephephile ekuhlaselweni kwe-phishing ngokwasekuqaleni. Uma ungena ngokhiye we-FIDO2, ukhiye wakho uqinisekisha ngobusika isizinda esiyiso sesayithi ecela uqinisekisho. Isayithi yobuxoki — noma ibukeka kahle kangakanani — inezizinda ezehlukile, ngakho-ke ukhiye wenqaba ukusabela. Ukuxhumana kobusika akupheli ngokuphelele.

Google yakhuma yanika amandla i-YubiKey yazo zonke izisebenzi ezingaphezu kwe-85,000 ngo-2017 yabika ngaphandle kohlaselo oluphumelelayo lwe-phishing ku-akhawunti zenkampani eminyakeni elandelayo.

Amapasskey

Amapasskey yinhlobo eyehlukene esibuyiswayo kulwasakazi le-FIDO2. Asebenzisa ubusika obuphawulekile besizinda futhi akhiwe ku-iOS, Android, macOS, ne-Windows. Uma isayithi oyisebenzisayo isekela amapasskey, ukunika amandla kwenye kwenza i-akhawunti leyo iphephile ekuhlaselweni kwe-phishing.

Iziphathi zamagama okugcina

Iphathi yamagama okugcina iyivikelo yakho yesibili ngoba igcwalisa kuphela imininingwane esizindeni esiyiso lapho igcinwa khona. Uma ufinyelela ku-paypaI.com (I enkulu) esikhundleni sika-paypal.com, iphathi yakho ngokuzithulela inqaba ukugcwalisa ifomu. Leyo yenqabo iyexwayiso elikhulu lokuthi kukhona okungalungi.

I-imeyili nokuhlungwa kwe-DNS

Abahlinzeki be-imeyili basebenzisa i-DMARC, i-SPF, ne-DKIM ukuhlola amadresi omthumeli akhombisekile. Abahlinzeki abaningi banamuhla babamba izinyathelo ezicacile, kodwa ukuhlasela okuqondisiwe kusaphithizela. Nika amandla izinkinobho "bika i-phishing" kuklayenti yakho ye-imeyili ukuze usizise ukuthuthuka kwezihluzi.

Izimpawu zengozi ezifanele uqaphele

Uma uthola umyalezo okucela ukungena, ukuqinisekisha, noma ukwenza ngokushesha:

  • Ukusheshisa nezinsongo — "I-akhawunti yakho izovalwa ngehora elingu-24"
  • Isibingelelo esjwayelekile — "Mphathi othandekayo" esikhundleni segama lakho
  • Izizinda ezifanayopaypaI.com, app1e.com, secure-microsoft-login.net
  • Izixhumano ezingalindelekile — ikakhulukazi amafayela e-.zip, .html, noma .pdf akucela ukungena ukuze uwabuke
  • Amaphutha egramma noma okulungiselela — izinkampani ezinkulu zihlola ukubhala kwe-imeyili zazo
  • Ukungahambelani kwekheli — vlola ikheli buhle uhlole uma indawo yokuya ihambelana nombhalo

Uma kukhona okuzwakala okungalungi, vala i-imeyili. Hamba esayithini ngokwakho. Uma kukhona inkinga yangempela, uyoyibona uma ungena ngesiqhelo sakho.

Okufanele ukwenze uma uwe esicuphanweni

Phangisa — isikhathi sibalulekile ngoba abahlaseli baqala ukusebenzisa imininingwane emizuzwini embalwa.

  1. Shintsha iphasiwedi ngokushesha kumshini owehlukile (umakhalekhukhwini wakho, isibonelo, uma uwe esicuphanweni kukhompyutha yakho yezingoma)
  2. Khipha wonke amaseshini asebenzayo ezilungiselweni ze-akhawunti — lokhu kukhipha noma ubani osebenzisa amathokeni esukhwini abiwe
  3. Nika amandla i-2FA uma yayingakhona, futhi sebenzisa ukhiye we-hardware noma ipasskey uma kunokwenzeka
  4. Hlola umsebenzi ongavunyelwe — ama-imeyili athumwe, ukungena kwamuva, izinguquko zokukhokha, imithetho entsha yokudlulisa
  5. Azise inhlangano eniwe uma kuyinkampani yezimali noma ye-akhawunti yomsebenzi
  6. Hlola ama-akhawunti anye asebenzisa iphasiwedi efanayo — ngisho uma uqinisekile ukuthi awuphindi amagama okugcina, hlola

Isiphetho

I-phishing iyathanda ngoba idlulela ubuchwepheshe itake abantu. Izivikelo ezihle kakhulu zihlanganya izigaba ezintathu: iziphathi zamagama okugcina (zenqaba ukugcwalisa ezizindeni ezingalungile), i-2FA ephephile ekuhlaselweni kwe-phishing (okhiye be-hardware noma amapasskey abopheka esizindeni sangempela), kanye nokuqwashisa okwepilo (ungangeni ngekheli elivela ku-imeyili).

Nika amandla okuthathu ku-akhawunti yakho ebaluleke kakhulu — i-imeyili yakho — kuqala. Kusukela lapho, konke okusele okuphilwa kwakho kwedijithali kuba nephepho elibonakalayo.

Indlela Yokuzivikela Ekuhlaselweni kwe-Phishing

Uhlu oluhlelekile lokuhlola ukuqinisa ama-akhawunti akho ukumelana namahlaselo e-phishing.

  1. Sebenzisa iphathi yamagama okugcina:Faka iphathi yamagama okugcina eyethembekile (1Password, Bitwarden, Proton Pass) uyivumele ukugcwalisa imininingwane ngokuzenzakalelayo. Ingena ngokuzenzakalelayo kuzizinda ezifanayo, ikunikeza umhloli we-phishing owakhiwe ngaphakathi.
  2. Nikeza amandla i-2FA ephephile ekuhlaselweni kwe-phishing:Faka ukhiye we-hardware we-FIDO2 (YubiKey, Google Titan) noma ipasskey ku-akhawunti zakho ezibaluleke kakhulu — qala nge-imeyili, bese kubhange, igcina lamafu, nophathi wamagama okugcina. Lezi yizo zodwa izindlela ze-2FA eziyamisayo ngempela i-phishing yanamuhla.
  3. Ungangeni ngekheli elivela ku-imeyili:Uma uthola i-imeyili ekucela ukungena, vala i-imeyili uye esayithini ngokwakho ngebhukhimakhi noma ngokubhala i-URL. Ikheli eli-imeyilini lingase libe yikhophi ephelele; ibhukhimakhi kusiphequluli sakho ayikho.
  4. Hlola isizinda esiyiso ngaphambi kokuthayipha:Ngaphambi kokufaka noma iyiphi iphasiwedi, bheka i-URL ephelele ebhareni yekheli. Funa i-https, ukubhalwa kahle, kanye namasabudomain angeyona eyalindwa njenge-paypal.com.secure-login.net.
  5. Bika bese uqhubeka:Bika ukuzama kwe-phishing kumhlinzeki wakho we-imeyili (abaningi banephiqika elithi "Bika i-phishing"). Bese uqhubeka nosuku lwakho — i-phishing iyingozi kuphela uma uliwa yiyo, futhi ukuqwashisa kuyingxenye enkulu yempi.

Imibuzo Ebuzwa Kaningi