{"id":4079,"date":"2021-10-06T11:11:23","date_gmt":"2021-10-06T09:11:23","guid":{"rendered":"https:\/\/www.websupport.cz\/blog\/?p=4079"},"modified":"2025-03-11T21:18:26","modified_gmt":"2025-03-11T20:18:26","slug":"jak-se-branit-proti-phishingu","status":"publish","type":"post","link":"https:\/\/www.websupport.cz\/blog\/2021\/10\/jak-se-branit-proti-phishingu\/","title":{"rendered":"4 u\u017eite\u010dn\u00e9 rady, jak se br\u00e1nit proti phishingu"},"content":{"rendered":"\n

Bezpochyby si tak\u00e9 v\u0161\u00edm\u00e1te p\u0159ib\u00fdvaj\u00edc\u00edch \u00fanik\u016f osobn\u00edch \u00fadaj\u016f, nej\u010dast\u011bji pak ze soci\u00e1ln\u00edch s\u00edt\u00ed. Experti varuj\u00ed p\u0159ed n\u00e1r\u016fstem hackersk\u00fdch \u00fatok\u016f s vyu\u017eit\u00edm pr\u00e1v\u011b podobn\u011b unikl\u00fdch \u00fadaj\u016f. P\u0159i\u010dem\u017e \u010d\u00edm v\u00edc dat je pro hackery dostupn\u00fdch, t\u00edm v\u011bt\u0161\u00ed je ohro\u017een\u00ed potenci\u00e1ln\u00ed ob\u011bti. A proto je nejvy\u0161\u0161\u00ed \u010das nau\u010dit se proti takov\u00fdm hrozb\u00e1m efektivn\u011b chr\u00e1nit.<\/em><\/p>\n\n\n\n

Manipulace a zneu\u017eit\u00ed lidsk\u00fdch slabost\u00ed<\/h4>\n\n\n\n

Ofici\u00e1ln\u00ed n\u00e1zev zn\u00ed \u201esoci\u00e1ln\u00ed in\u017een\u00fdrstv\u00ed\u201c. Jde o manipulaci prost\u0159ednictv\u00edm zneu\u017eit\u00ed lidsk\u00fdch slabost\u00ed, jak\u00fdmi jsou t\u0159eba sklony ke zv\u011bdavosti, l\u00edtosti, un\u00e1hlen\u00fdm reakc\u00edm pod tlakem atp. \u010cili mluv\u00edme o jedn\u00e9 z nejjednodu\u0161\u0161\u00edch<\/strong> a z\u00e1rove\u0148 nej\u00fasp\u011b\u0161n\u011bj\u0161\u00edch technik vyu\u017e\u00edvan\u00fdch p\u0159i po\u010d\u00edta\u010dov\u00fdch \u00fatoc\u00edch<\/strong>, kdy se v\u00e1s \u00fato\u010dn\u00edci sna\u017e\u00ed oklamat a doc\u00edlit toho, \u017ee jim necht\u011bn\u011b po\u017eadovan\u00e9 \u00fadaje osobn\u011b vyd\u00e1te.<\/p>\n\n\n\n

Mo\u017en\u00e1 si \u0159\u00edk\u00e1te, \u017ee zrovna o va\u0161e \u00fadaje nikdo nestoj\u00ed a \u017ee pro hackery nejste nijak zaj\u00edmav\u00ed. Opak je ale pravdou. M\u00e1te p\u0159ece identitu, kter\u00e1 se d\u00e1 zneu\u017e\u00edt k trestn\u00e9 \u010dinnosti. Jste uzlem v s\u00edti, p\u0159es n\u011bj\u017e se \u00fato\u010dn\u00edci mohou dostat k va\u0161im p\u0159\u00e1tel\u016fm a zn\u00e1m\u00fdm. Na soci\u00e1ln\u00edch s\u00edt\u00edch m\u016f\u017eete sd\u00edlet r\u016fzn\u00e9 informace, pravdiv\u00e9 i nepravdiv\u00e9. M\u00e1te po\u010d\u00edta\u010d, kter\u00fd se d\u00e1 ovl\u00e1dnout a zneu\u017e\u00edt na \u0159\u00edzen\u00e9 \u00fatoky. M\u00e1te tak\u00e9 hlas ve volb\u00e1ch, kter\u00fd kandid\u00e1ti tou\u017e\u00ed z\u00edskat a koneckonc\u016f m\u00e1te (alespo\u0148 n\u011bjak\u00e9) pen\u00edze \u2013 a ty jsou zaj\u00edmav\u00e9 v\u017edycky. <\/p>\n\n\n\n

Takto bychom mohli pokra\u010dovat je\u0161t\u011b hodn\u011b dlouho. Ano, pr\u00e1v\u011b vy jste velmi d\u016fle\u017eit\u00fd \u010dl\u00e1nek. A proto se mus\u00edte um\u011bt chr\u00e1nit, pokud se nechcete st\u00e1t loutkou v ruk\u00e1ch tzv. soci\u00e1ln\u00edch in\u017een\u00fdr\u016f. Mezi nej\u010dast\u011bj\u0161\u00ed formy \u00fatok\u016f pat\u0159\u00ed jednozna\u010dn\u011b phishing<\/strong>, o n\u011bm\u017e se pobav\u00edme n\u00ed\u017ee.<\/p>\n\n\n\n

Chra\u0148te svou identitu a pen\u00edze<\/h4>\n\n\n\n

Dost mo\u017en\u00e1 jste se s phishingem u\u017e n\u011bkdy setkali. P\u0159ijde v\u00e1m e-mail ze zn\u00e1m\u00e9 instituce \u010di velk\u00e9 spole\u010dnosti, v n\u011bm\u017e jste \u017e\u00e1d\u00e1ni o \u00fahradu slu\u017eby, kterou jste si v\u016fbec neobjednali, nebo o vypln\u011bn\u00ed va\u0161ich \u00fadaj\u016f pod r\u016fzn\u00fdmi z\u00e1minkami. <\/p>\n\n\n\n

V phishingov\u00e9m e-mailu se obvykle nach\u00e1z\u00ed odkaz (link nebo tla\u010d\u00edtko), kter\u00fd v\u00e1s p\u0159esm\u011bruje na fale\u0161nou webovou str\u00e1nku, leckdy jen t\u011b\u017eko rozpoznatelnou od t\u00e9 skute\u010dn\u00e9. A pokud takovou nepravost v\u010das neodhal\u00edte, zad\u00e1te sv\u00e9 p\u0159ihla\u0161ovac\u00ed \u00fadaje p\u0159\u00edmo \u00fato\u010dn\u00edkovi, p\u0159\u00edpadn\u011b mu rovnou po\u0161lete pen\u00edze. <\/p>\n\n\n\n

Bohu\u017eel to nen\u00ed tak dlouho, kdy byly podvodn\u00e9 e-maily odes\u00edlan\u00e9 i pod na\u0161\u00edm jm\u00e9nem. Vyz\u00fdvaly k \u00fahrad\u011b platby za \u00fadajn\u00e9 prodlou\u017een\u00ed platnosti dom\u00e9ny a nap\u0159\u00edklad na Slovensku se p\u00e1r na\u0161ich z\u00e1kazn\u00edk\u016f opravdu stalo ob\u011btmi t\u011bchto \u00fatok\u016f<\/a>. <\/p>\n\n\n\n

Jak jste u\u017e asi pochopili, phishing je podvodn\u00e1 technika, pomoc\u00ed kter\u00e9 se od v\u00e1s \u00fato\u010dn\u00edci sna\u017e\u00ed vyl\u00e1kat osobn\u00ed \u00fadaje a \u010dasto tak\u00e9 pen\u00edze. Jde o typ scamu (anglicky podvod \u010di \u0161vindl) s vyu\u017eit\u00edm technik onoho soci\u00e1ln\u00edho in\u017een\u00fdrstv\u00ed, tedy manipulace.<\/p>\n\n\n\n

Oby\u010dejn\u011b \u00fato\u010dn\u00edk nejprve sb\u00edr\u00e1 \u00fadaje o sv\u00fdch ob\u011btech. P\u0159i sou\u010dasn\u00e9m trendu masivn\u00edch \u00fanik\u016f dat ze soci\u00e1ln\u00edch s\u00edt\u00ed nen\u00ed \u017e\u00e1dn\u00fd probl\u00e9m si pot\u0159ebn\u00e9 \u00fadaje na spr\u00e1vn\u00fdch m\u00edstech jednodu\u0161e dohledat \u010di koupit. Jakmile m\u00e1 \u00fato\u010dn\u00edk dostate\u010dn\u00e9 mno\u017estv\u00ed dat, pokra\u010duje d\u00e1l a za\u010d\u00edn\u00e1 samotn\u00fd phishing \u010dili tzv. loven\u00ed citliv\u00fdch \u00fadaj\u016f od ob\u011bt\u00ed. Nakonec \u00fato\u010dn\u00edk vyu\u017eije z\u00edskan\u00e1 data a vy tak m\u016f\u017eete p\u0159ij\u00edt (nejen) o pen\u00edze. <\/p>\n\n\n\n

4 rady, jak se br\u00e1nit proti phishingu<\/h4>\n\n\n\n

P\u0159edstavte si, \u017ee jste dostali e-mail, jeho\u017e odes\u00edlatelem m\u00e1 b\u00fdt t\u0159eba \u010cesk\u00e1 po\u0161ta (d\u00e1le \u010cP), kter\u00e1 od v\u00e1s \u017e\u00e1d\u00e1 zaplacen\u00ed za p\u0159epravu \u00fadajn\u00e9ho bal\u00edku. Podobn\u00e9 e-maily toti\u017e na\u0161im z\u00e1kazn\u00edk\u016fm chod\u00ed neust\u00e1le. Jak tedy postupovat p\u0159i prvn\u00edm podez\u0159en\u00ed?<\/p>\n\n\n\n

1. Zamyslete se nad re\u00e1ln\u00fdm d\u016fvodem, pro\u010d jste takov\u00fd e-mail dostali<\/strong><\/p>\n\n\n\n

Objednali jste si v posledn\u00ed dob\u011b n\u011bjak\u00fd bal\u00edk? Pokud ano, odkud? Zaplatili jste p\u0159edem, nebo jste zvolili platbu a\u017e p\u0159i p\u0159evzet\u00ed? Potom by p\u0159ece \u010cP nic nem\u011blo v\u00e9st k tomu, aby v\u00e1m pos\u00edlala v\u00fdzvy k platb\u011b p\u0159es e-mail. Nav\u00edc, samotn\u00e1 \u010cP takto nikdy nepostupuje.<\/p>\n\n\n\n

2. Zkontrolujte skute\u010dn\u00e9ho odes\u00edlatele e-mailu<\/strong>V e-mailu se v\u00e1m v\u017edy zobrazuje jm\u00e9no odes\u00edlatele. \u00dato\u010dn\u00edk si v\u011bt\u0161inou d\u00e1 pr\u00e1ci s t\u00edm, aby cel\u00e1 akce p\u016fsobila d\u016fv\u011bryhodn\u011b, tud\u00ed\u017e to pro v\u00e1s nen\u00ed sm\u011broplatn\u00e9. D\u016fle\u017eit\u00e9 ale je zkontrolovat e-mailovou adresu odes\u00edlatele<\/strong>. Uk\u00e1\u017eeme si to na autentick\u00fdch p\u0159\u00edkladech podvodn\u00fdch e-mail\u016f, kter\u00e9 byly p\u0159ed ned\u00e1vnem rozes\u00edl\u00e1ny na Slovensku a vyd\u00e1v\u00e1ny za e-maily od Slovensk\u00e9 po\u0161ty (d\u00e1le SP).<\/p>\n\n\n\n

\"\"<\/a>
Posledn\u00ed p\u0159ipomenut\u00ed k odesl\u00e1n\u00ed bal\u00edku<\/figcaption><\/figure><\/div>\n\n\n\n

Je na prvn\u00ed pohled z\u0159ejm\u00e9, \u017ee e-mail nep\u0159i\u0161el z ofici\u00e1ln\u00ed adresy SP. Dom\u00e9na ds-up.com je v\u0161ak skute\u010dn\u00e1 a zobrazuje se na n\u00ed webov\u00e1 str\u00e1nka jak\u00e9si madridsk\u00e9 spole\u010dnosti ve \u0161pan\u011bl\u0161tin\u011b. Jej\u00ed e-mailov\u00fd \u00fa\u010det tak m\u016f\u017ee b\u00fdt hacknut\u00fd. <\/p>\n\n\n\n

O tom sv\u011bd\u010d\u00ed i dal\u0161\u00ed e-mail, kter\u00fd p\u0159i\u0161el na\u0161emu slovensk\u00e9mu z\u00e1kazn\u00edkovi z toto\u017en\u00e9 e-mailov\u00e9 adresy, dokonce ve stejn\u00fd den. Tentokr\u00e1t m\u011bla b\u00fdt odes\u00edlatelem Tatra banka.<\/p>\n\n\n\n

\"\"<\/a>
Nov\u00e9 bezpe\u010dnostn\u00ed pokyny<\/figcaption><\/figure><\/div>\n\n\n\n

3. Zkontrolujte p\u0159edm\u011bt zpr\u00e1vy<\/strong><\/p>\n\n\n\n

Je text p\u0159edm\u011btu napsan\u00fd spr\u00e1vn\u011b? \u00dato\u010dn\u00edci k upout\u00e1n\u00ed pozornosti adres\u00e1ta \u010dasto pou\u017e\u00edvaj\u00ed v p\u0159edm\u011btu e-mailu zn\u00e1m\u00e9 zkratky jako \u201eRE:\u201c nebo \u201eFWD:\u201c. Tak\u017ee p\u0159edm\u011bt m\u016f\u017ee zn\u00edt nap\u0159\u00edklad \u201eRE: VR\u00c1CEN\u00cd PLATBY\u201c. Ruku na srdce, \u010dlov\u011bk pak skute\u010dn\u011b m\u00e1 siln\u00e9 nutk\u00e1n\u00ed takov\u00fd e-mail otev\u0159\u00edt. C\u00edlem je toti\u017e vyvolat u adres\u00e1ta dojem, \u017ee jde o sou\u010d\u00e1st ji\u017e existuj\u00edc\u00ed konverzace, p\u0159\u00edpadn\u011b dokonce o odpov\u011b\u010f na jeho vlastn\u00ed e-mail. T\u00edm se tud\u00ed\u017e \u0161ance na bezmy\u0161lenkovit\u00e9 otev\u0159en\u00ed e-mailu zvy\u0161uje. V p\u0159\u00edpad\u011b podvodn\u00fdch e-mail\u016f od SP a Tatra banky ale takov\u00e1 technika pou\u017eita nebyla. <\/p>\n\n\n\n

4. E-mail \u010dt\u011bte pe\u010dliv\u011b (klidn\u011b dvakr\u00e1t) a v\u0161\u00edmejte si jazykov\u00e9ho stylu i chyb<\/strong><\/p>\n\n\n\n

V\u011bt\u0161inou jde o automatick\u00e9 p\u0159eklady text\u016f z ciz\u00edho jazyka. Upozornit v\u00e1s m\u016f\u017ee minim\u00e1ln\u011b to, \u017ee sd\u011blen\u00ed zn\u00ed nep\u0159irozen\u011b a obsahuje chyby. Vra\u0165me se tedy k na\u0161emu slovensk\u00e9mu p\u0159\u00edpadu e-mailu s bal\u00edkem.<\/p>\n\n\n\n

\"\"<\/a><\/figure>\n\n\n\n

Chyby viditeln\u00e9 na prvn\u00ed pohled<\/h4>\n\n\n\n

Projd\u011bme si na z\u00e1klad\u011b uk\u00e1zky v\u00fd\u0161e jasn\u00e9 chyby, kter\u00e9 lze snadno odhalit: <\/p>\n\n\n\n