安全 & 欺诈意识

As our reliance on the internet and digital devices for business and personal use increases, 犯罪分子窃取信息以获取经济利益的机会也是如此. Cyber criminals and fraudsters are also becoming more savvy in their attempts to lure people into clicking suspicious links, 下载邮件附件, 或者在社交媒体上“连接”, 哪些通常是窃取敏感信息的网关. 骗子可能伪装成合法组织, 就像高盛, 创建欺诈网站, 发送电子邮件, 或者打电话要钱. These scams are complex as the perpetrators often use genuine real employee names and replicate proprietary documentation.

竞博电竞官方网址) places great importance on cybersecurity and fraud prevention and has programs and technical controls in place to protect client accounts and information. 帮助改善您的个人网络安全状况, 竞博电竞官方网站提供以下有关网络威胁的信息和指导,以帮助保护您, 你的家人, 你的雇主也不会成为网络攻击或诈骗骗局的受害者.

了解网络安全威胁

任何组织或个人都可能成为网络犯罪的目标. 以下是这些行为者使用的一些最常见的战术和攻击类型:

恶意电邮及网站
An unsuspecting e-mail from your bank or favorite retailer may secretly be an attempt to steal your identity or personal information. “Phishing” is a common tactic of cyber criminals that relies on “spoofed” e-mails or fraudulent websites (that look and feel like a well-known website) to collect personal and financial information or infect your machine with malware and viruses. Criminals use this stolen information to commit identity theft, credit card fraud and other crimes. Phishing can also occur by telephone and is becoming increasingly prevalent on social media and professional networking sites.

当您点击一个恶意链接时,您可能会在不知情的情况下在您的设备上安装恶意软件. Malware refers to software that is intentionally designed to cause damage to a digital device. 最常见的恶意软件形式是病毒, which is typically designed to give the criminals who create it some sort of access to the infected devices.  勒索软件是另一种日益流行的恶意软件. 勒索软件访问受害者的文件, 把它们锁起来加密然后要求受害者支付赎金才能把它们拿回来. Ransomware is like the “digital kidnapping” of valuable data – from personal photos and memories to client information, 财务记录和知识产权. 任何个人或组织都可能成为勒索软件的潜在目标.

基于证书的攻击
If you use the same username and password combination across different websites or services, you are particularly susceptible to this cybercrime technique where stolen account credentials are used to gain unauthorized access to a user’s various other online accounts. 凭证填充攻击通常在资金转移之前不会引起注意. 

社会媒体扮演
Criminals are increasingly using social media to build relationships with victims and ultimately steal data. 通常, these actors create fake accounts that appear (and claim) to be official accounts for an individual or organization. 社交媒体模仿也可以指接管真实账户. These accounts can be used for phishing activities or causing an individual or a company reputational damage.

如何保护自己

  • 建立安全电子邮件协议:电子邮件仍然是黑客进行网上诈骗的常见切入点. 不点击可疑邮件的链接或打开附件. 展开通信协议以验证敏感信息, 比如导线指令, 亲自或通过电话. 高盛一般不会通过电子邮件发送电汇指令.
  • 使用密码管理:  Use lengthy, unique, and complex passwords — a great first step toward stopping bad actors. 事实上, 网络安全的最佳实践建议使用长时间, 令人难忘的, 以及难以猜测的密码,比如最喜欢的歌曲歌词. 避免重复使用的密码. 考虑使用密码应用程序, 如LastPass, 密码或Dashlane,以帮助管理多个复杂的密码.
  • 启用“2步认证方式”: 在可行的情况下,对帐户登录使用2因素身份验证(2FA) a.k.a. 两步验证或多因素验证, commonly done via a PIN sent over text message or email and done most securely when a hardware token or phone application is used. 至少, 为您的电子邮件启用此功能, 细胞提供者, 金融网站, 密码管理器, 云文件存储和社交媒体.
  • 锁定社交媒体: Periodically review and adjust social media account settings to better control who can view the content posted. Hackers and social engineers frequently obtain critical information about a target from social media sources. 在发布信息时,一定要考虑到这些信息可能会被用来对付你.
  • 减少你的公共网络足迹: 定期检查你所有的网上账户. 减少和/或混淆互联网上的个人信息, 删除不必要的数据, 删除未使用的账户, 避免在多个账户之间共享或重复使用密码,以最大限度地减少暴露.
  • 保护关键数据:  知道你所有敏感的个人信息都存储在哪里. 确保您的敏感数据总是被加密存储, 如果你的设备丢失或被盗,可以防止别人看到. 还可以考虑对敏感数据进行第二次加密备份, whether on a flash drive stored in a safety deposit box or in the cloud using a reputable service such as Dropbox, iCloud, 或谷歌驱动.
  • 保护你的个人设备: Configure devices securely, considering what your risks would be if your device were stolen. Use a difficult to guess passcode as a backup to biometric security such as a thumb print or Face ID, 确保你的设备是加密的. 请确保邮件等敏感数据不显示在锁屏界面.
  • 更新您的软件: 保持你所有的软件都是最新的. 一旦软件更新可用,尽快应用它们. 考虑在可用的地方启用自动更新.
  • 安全的无线网络访问:注意使用公共Wi-Fi可能会使你的通讯和设备暴露在风险中. 如果您必须使用公共Wi-Fi, consider a virtual private network (VPN) solution to protect your communications — particularly when traveling and using public Wi-Fi at the airport or hotel. 或者,考虑使用移动热点,以保护敏感信息. 在家里,使用访客网络.
  • 冻结的信贷额度: Thwart identity theft and minimize fraud risk with a call to major credit-reporting bureaus Experian, TransUnion和Equifax, 以及Innovis, 非官方的第四信用局, 在你的信用报告上设置安全冻结. 考虑注册一个身份盗窃保护服务,比如LifeLock, 克罗尔, 或益百利, 它还提供信用监控. 这些建议适用于所有家庭成员.
     

理解金融诈骗

Financial fraud occurs when someone takes money or other assets from you through deception or criminal activity. 以下是一些常见的财务欺诈例子:

投资诈骗
Investment scams involve getting you or your business to agree to a financial transaction on the promise of a questionable financial opportunity. 实施这些骗局, 欺诈者通常通过电子邮件联系来提供机会, 通过一个网站, 或通过电话, often going through great lengths to gain the victim's trust and even that they may be in a genuine relationship. These offers are typically low risk –high reward investments that typically sound “too good to be true”— because they are! 要判断你是否成为投资诈骗的目标,你应考虑:

  • 你是如何被联系到的?? 与高盛的任何联系都将来自@gs.com电子邮件地址(不是从一个免费的电子邮件帐户,如雅虎, Gmail或@gs之外的任何其他域.Com”)和/或在高盛(goldmansachs)网站上找到.com网站
  • Did I find the investment opportunity 通过一个网站 not associated with 竞博电竞官方网址)? E.g. 比较网站
  • 我是否在与高盛无关的网站上提供了我的个人信息?
  • Have I been contacted by cold call or e-mail offering a low risk – high return investment opportunity?
  • 电子邮件或文档是否包含大量的拼写错误或印刷错误?
  • 我是否提供有照片的身份证或地址证明文件? 如果你有, consider notifying the organisation that issued them and contacting your regional fraud prevention service
  • 我是不是被迫转账以避免错过一个机会?

身份盗窃
Identity theft occurs when someone steals your personal information and uses it without your permission. 你的信息如何被使用的例子包括开银行账户, taking out credit cards and loans or applying for government benefits and documents in your name.

但是,如何保护自己不被窃取身份并没有明确的规定, 除了上面列出的网络安全良好做法, 你可以通过以下方式保护自己:

  • 不与您不熟悉的任何人/任何网站共享您的个人数据
  • 安全处理不需要的文件,如公用事业账单或银行对账单

商业电子邮件妥协
商业电子邮件妥协 (BEC) scams are carried out when a cybercriminal compromises legitimate business or personal email accounts to intercept the communication between the victim and their business partner or to conduct unauthorized transfers of funds. 欺诈者通常倾向于拦截来自投资公司的电子邮件电汇指令, 房地产机构, 还有艺术品经销商来冒充一个可靠的线人.

除了上面列出的网络安全良好做法,你还可以通过以下方法来保护自己:

  • 与收件人口头确认付款指示,而不是通过电子邮件
  • Watching for irregularities when receiving transfer instructions or sudden change of payment information via email

如果你收到来自高盛的陌生电话或电子邮件,但你不确定, 或者你认为是骗人的, 请转发至 abuse@gs.com. 高盛会调查这封邮件,然后回复你. 如果你是公司的客户, 请通知您的销售代表或投资专业人士, 也.

For further information on staying safe, the following resources provide helpful information:

联合王国

香港及新加坡

美国

马库斯——高盛®