Yeqa uye kokuqukethwe okuyinhloko

Indlela Yokuzivikela Ekuhlaselweni kwe-Phishing

I-Phishing isalokhu iyindlela eyinhloko yokubiwa kwamaakhawunti. Funda ukuthi i-phishing yesimanje isebenza kanjani, izimpawu ezibomvu okufanele uzibheke, nezindlela zokuzivikela ezisebenzayo ezimisa ukuhlaselwa.

2026-04-14

TL;DR

  • I-Phishing yimbangela eyinhloko yokuthathwa kwamaakhawunti — abahlaseli bakukhohlisa ukuthi unike amagama okuqala esizeni esingamanga.
  • Amathuluzi e-phishing wesimanje akopisha amakhasi okungena ngendlela ephelele futhi adlulise amakhodi akho e-2FA ngesikhathi sangempela.
  • Okhiye bezokuphepha be-hardware (YubiKey, FIDO2) kuwukuphela kokuzivikela okuvikeleke ku-phishing ngokwakheka.
  • Abaphathi bamagama-imfihlo bakuvikela ngokwenqaba ukugcwalisa ngokuzenzakalelayo esizeni esingalungile.
  • Hlola isizinda esiqondile ngaphambi kokuthayipha amagama okuqala, futhi ungalokothi ungene ngokulandelela isixhumanisi ku-imeyli.

Yini i-phishing?

I-Phishing ukuhlaselwa kwe-social engineering lapho umhlaseli adale ikhopi ekhombisayo yewebhusayithi esemthethweni — ngokuvamile ephelele ku-pixel — futhi akhohlise isichaphakazelo ukuthi sifake amagama okuqala lapho. Uma isichaphakazelo sithayipha ifomu, umhlaseli ubamba igama lomsebenzisi, iphasiwedi, nanoma yini eyesibili, bese kuwasebenzisa ukuthatha i-akhawunti langempela ngaphakathi kwamasekhondi.

Igama livela emqathangweni wokuzingela izichaphakazelo ngomgoqozi (ngokuvamile i-imeyli). Ukupelwa kushintshile ukugcizelela ukuthi abahlaseli bavame ukusebenzisa izinombolo zocingo (i-SMS phishing, noma "smishing") nengqalasizinda ebukeka ingeyazochwepheshe.

Kungani i-phishing isalokhu iyisongo esingu-1

Ukuphulwa kwamaakhawunti amakhulu nanamuhla akubandakanyi ukuhakwa, ukuqhekeka kwamagama-imfihlo, noma ukudlula ubethelwano. Kubandakanya umuntu othayipha iphasiwedi esizeni esingamanga. I-Phishing:

  • Ishibhile — umhlaseli angathuma izigidi zama-imeyli ngenani le-VPS nesizinda esingamanga
  • Kunzima ukuhlunga — amathuluzi wesimanje azulazula emazindeni, asebenzise uku-hosting okusemthethweni, futhi azivumelanise nezihlunga ngesikhathi sangempela
  • Asebenza — ngisho nabasebenzisi abazi ngezokuphepha bayawela imizamo ehloselwe kahle (ukuzingela ngemkhonto)
  • Ayakhula — i-phishing eyodwa ephumelelayo ivame ukunika ukufinyelela ezinsizeni eziningi ezixhumene ngokusebenzisa kabusha amagama-imfihlo

I-Verizon Data Breach Investigations Report ka-2024 yathola ukuthi i-phishing yayiyivekta yokuqala yokufinyelela ngaphezu kuka-36% wokuphulwa konke — kunakho konke okunye okubanga okukodwa.

Indlela i-phishing yesimanje esebenza ngayo

I-Phishing iye yavela ngale kwawo "amakhosikazi ase-Nigeria" ama-imeyli ka-2000s. Ukuhlaselwa kwe-phishing kwesimanje kuvame ukubandakanya:

1. Umgoqozi okhombisayo

Ngokuvamile i-imeyli, umbhalo, noma umlayezo wengxoxo owenza ukuphuthuma ("Iakhawunti lakho lizomiswa"), ugunya ("ithimba lezokuphepha le-Microsoft"), noma ukufisa ukwazi ("Othile wakubeka ku-isithombe"). Ukuzingela ngemkhonto kuthatha lokhu kude ngemininingwane yomuntu siqu eyathathwa ku-LinkedIn, amadambu okuphulwa, noma ukuxhumana kwangaphambili.

2. Isayithi esingamanga esiphelele nge-pixel

Abahlaseli basebenzisa amathuluzi e-phishing asevelelayo akopisha i-HTML, i-CSS, ne-JavaScript yesayithi eliqondiwe. Amathuluzi amaningi athengiswa njengensiza (i-phishing-as-a-service), ngamadeshi asebenzayo nokusekelwa kwamakhasimende.

3. I-proxy yesikhathi sangempela ye-2FA

Ingxenye eyingozi: amathuluzi wesimanje akabambi nje iphasiwedi yakho. Asebenza njengo umuntu-phakathi-nendlela proxy odlulisa konke okuthayiphayo — kubandakanya nekhodi yakho ye-TOTP — esizeni sangempela ngaphakathi kwamasekhondi, adlule i-2FA eminingi. Leli chwepheshe libizwa ngokuthi umuntu ongalungile-phakathi-nendlela (AiTM) futhi lusetshenziselwa amathuluzi afana ne-Evilginx2 ne-Modlishka.

4. Ukwebiwa kwe-session token

Uma usuqinisekisiwe nge-proxy, umhlaseli ubamba ikhukhi yakho ye-session futhi angayisebenzisa ukuhlala engenile ngisho nasemva kokushintsha iphasiwedi yakho. Yingakho impendulo ye-phishing ihlanganisa ukususa izikathi zokungenela ezisebenzayo, hhayi nje ukujikeleza iphasiwedi.

Yini emisa i-phishing ngempela

Okhiye bezokuphepha be-hardware (FIDO2 / WebAuthn)

Lesi yisigaba sokuzivikela esiphephile ku-phishing ngokwakheka. Uma ungena ngokhiye we-FIDO2, ukhiye wakho uqinisekisa ngokobuchwepheshe isizinda esiqondile sesayithi esicela ukuqinisekiswa. Isayithi esingamanga — nokuba sibukeka siphelele kanjani — sinesizinda esihlukile, ngakho ukhiye wenqaba ukuphendula. Ukuxhumana ngokobuchwepheshe akuqedeki.

I-Google yafaka ngesiqiniseko ama-YubiKey kubo bonke basebenzi abangaphezu kuka-85,000 ngo-2017 futhi yabika akukho ukuhlaselwa kwe-phishing okuphumelelayo emaakhawuntini enkampani eminyakeni emuva kwalokho.

Ama-passkey

Ama-passkey akuvuselela kwe-FIDO2 okuvumelana namakhasimende. Asebenzisa ukubophezela okufanayo kobuchwepheshe futhi akhelwe ku-iOS, Android, macOS, ne-Windows. Uma isayithi osisebenzisayo sisekela ama-passkey, ukunika amandla okukodwa kwenza lelo akhawunti liphephe ku-phishing.

Abaphathi bamagama-imfihlo

Umphathi wamagama-imfihlo ungumugqa wakho wesibili wokuzivikela ngoba ugcwalisa amagama okuqala kuphela esizindeni esiqondile lapho agcinwe khona. Uma uhlala ku-paypaI.com (i-I enkulu) esikhundleni se-paypal.com, umphathi wakho uthule wenqaba ukugcwalisa ifomu. Lowo nqabo uyisixwayiso esikhulu sokuthi into ayilungile.

I-imeyli ne-DNS filtering

Abahlinzeki be-imeyli basebenzisa i-DMARC, i-SPF, ne-DKIM ukubona amakheli omthumeli angamanga. Abahlinzeki besimanje abaminingi babamba imizamo ecacile, kodwa ukuhlaselwa okuqondiwe kusalokhu kuyedlula. Nika amandla amaqhosha "bika i-phishing" kuklayenti yakho yeposi ukuze usize izihlugi zithuthuke.

Izimpawu ezibomvu okufanele uzibheke

Uma uthola umlayezo okucela ukuthi ungene, uqinisekise, noma wenze ngokuphuthuma:

  • Ukuphuthuma nezinsongo — "Iakhawunti lakho lizovalwa emahoreni angama-24"
  • Ukubingelela okujwayelekile — "Mthetheleli othandekayo" esikhundleni segama lakho
  • Amazizinda afanayopaypaI.com, app1e.com, secure-microsoft-login.net
  • Ama-attachment angalindelekile — ikakhulukazi amafayela .zip, .html, noma .pdf akucela ukuthi ungene ukuze uwabone
  • Amaphutha olimi noma ukufometha — izinkampani ezinkulu zihlola ama-imeyli azo
  • Ukungafani kwesixhumanisi — beka isandla phezu kwesixhumanisi futhi uhlole ukuthi indawo iyafana nombhalo

Uma noma yini izwakala ingalungile, vala i-imeyli. Zulazulela esizeni ngokwakho. Uma kunenkinga yangempela, uzoyibona uma ungena ngomkhuba wakho ovamile.

Okufanele wenze uma uwele kwelinye

Yenza ngokushesha — isivinini sibalulekile ngoba abahlaseli baqala ukusebenzisa amagama okuqala ngaphakathi kwamaminithi.

  1. Shintsha iphasiwedi ngokushesha kwelinye idivayisi (ucingo lwakho, isibonelo, uma uwele kulo ku-laptop yakho)
  2. Susa zonke izikathi zokungenela ezisebenzayo ezimiselelweni ze-akhawunti — lokhu kukhupha noma ubani osebenzisa ama-session tokens awebiwe
  3. Nika amandla i-2FA uma yayingekho, futhi sebenzisa ukhiye we-hardware noma i-passkey uma kungenzeka
  4. Hlola umsebenzi ongagunyaziwe — ama-imeyli athunyelwe, ukungena kwakamuva, ukushintsha kwezikweletu, imithetho emisha yokudlulisela
  5. Yazisa isikhungo esithintekayo uma kuyiakhawunti lezimali noma lomsebenzi
  6. Hlola amanye amaakhawunti asebenzise iphasiwedi efanayo — ngisho noma uqinisekile ukuthi awaphindisebenzisi amagama-imfihlo, hlola

Ukuphothula

I-Phishing ichuma ngoba idlula ubuchwepheshe futhi iqondise abantu. Ukuzivikela okuhle kuvangamanya izigaba ezintathu: abaphathi bamagama-imfihlo (benqaba ukugcwalisa emazindeni angalungile), i-2FA ephikisana ne-phishing (okhiye be-hardware noma ama-passkey abophezele esizindeni sangempela), nokusolisela okunempilo (ungalokothi ungene ngokusuka ku-isixhumanisi se-imeyli).

Nika amandla kokuthathu ku-akhawunti lakho elibaluleke kakhulu — i-imeyli yakho — kuqala. Kusukela lapho, impilo yakho yedijithali iba phephile ngendlela ebalulekile.

Indlela Yokuzivikela ku-Phishing

Uhlu lokuhlola olungokoqobo, oluhlelelwe ukuqinisa amaakhawunti akho ngokumelene nokuhlaselwa kwe-phishing.

  1. Sebenzisa umphathi wamagama-imfihlo:Faka umphathi wamagama-imfihlo othembekile (1Password, Bitwarden, Proton Pass) futhi uvumele ukuthi ugcwalise amagama okuqala. Uzowenqaba ukugcwalisa emazindeni afanayo, ekunika isibonisi se-phishing esakhiwe ngaphakathi.
  2. Nika amandla i-2FA ephikisana ne-phishing:Engeza ukhiye we-FIDO2 we-hardware (YubiKey, Google Titan) noma i-passkey emaakhawuntini akho abaluleke kakhulu — i-imeyli kuqala, bese kubhange, ukugcinwa kwefu, nomphathi wamagama-imfihlo. Lezi yizindlela ze-2FA kuphela ezimisa i-phishing yesimanje ngempela.
  3. Ungalokothi ungene ngezixhumanisi ze-imeyli:Uma uthola i-imeyli ekucela ukuthi ungene, vala i-imeyli futhi uzulazulele esizeni ngokwakho ngebhukmakhi noma ngokuthayipha i-URL. Isixhumanisi ku-imeyli singaba ikopi ephelele; ibhukmakhi kubhrawuza yakho akunjalo.
  4. Hlola isizinda esiqondile ngaphambi kokuthayipha:Ngaphambi kokufaka nayiphi iphasiwedi, bheka i-URL ephelele emthweni wekheli. Funa i-https, ukupelwa okufanele, futhi akukho amazindana angeziwe afana ne-paypal.com.secure-login.net.
  5. Bika futhi uqhubeke:Bika ukuzama kwe-phishing kumhlinzeki we-imeyli yakho (amaningi anequbeka "Bika i-phishing"). Bese uqhubeka nosuku lwakho — i-phishing iyingozi kuphela uma uyiwela, futhi ukwazi yingxenye enkulu yokulwa.

Frequently Asked Questions

Related Articles

What Is 2fa

Privacy Checklist

Encrypted Email