So cyber criminals have you in their sights, a new scam is catching Aussies off guard with hackers sending fishing emails and then using a tool that can steal your web security in real time.

黑客發送釣魚郵件，然後使用一種工具實時竊取您的網絡安全，這種新騙局讓澳大利亞人猝不及防。

So what do you need to know and how can you avoid becoming a victim?

那麼，您需要了解什麼，如何避免成為受害者？

For more, we're joined by Jordan Newham from CyberCX live in Canberra.

更多精彩內容，我們將連線來自堪培拉 CyberCX 現場的 Jordan Newham。

Thanks for joining us.

感謝您的參與。

So Jordan, this scam sounds very widespread.

所以喬丹，這個騙局聽起來非常普遍。

What is it?

是什麼？

Yeah.

是啊

Well, you're absolutely right, Jervo, this is just a fact of life in the digital age, scams are getting increasingly and incredibly sophisticated in the ways they're trying to make us part with our hard earned cash.

你說得太對了，傑沃，這只是數字時代生活中的一個事實，詐騙手段越來越高明，讓人難以置信。

So even if you're a very consider yourself a technologically savvy internet user, this is a scam that could easily trip you up.

是以，即使你認為自己是一個精通技術的互聯網用戶，這也是一個很容易絆倒你的騙局。

And we know that there's around 7 and a half million Australians who use Gmail.

我們知道，大約有 750 萬澳大利亞人使用 Gmail。

This is a scam that's actively being exploited on Gmail, the hackers will be downloading a set of tools and software from the dark web at a very low cost.

這是一個在 Gmail 上被積極利用的騙局，黑客將以極低的成本從暗網下載一套工具和軟件。

And then using that software to send an email to you that looks quite legitimate, like it is from Gmail or Google, and asking you to click on a link and sign back into Gmail because of some security reason or other.

然後利用該軟件向你發送一封電子郵件，這封電子郵件看起來非常合法，像是來自 Gmail 或 Google，並要求你點擊一個鏈接，以某種安全為由重新登錄 Gmail。

Now, the clever part about this scam that's quite devastating is that's a legitimate Gmail sign in page.

現在，這個騙局頗具破壞性的巧妙之處在於，這是一個合法的 Gmail 登錄頁面。

Unfortunately, once you've clicked the link, you're not on your computer anymore, you're on the scammer's computer.

不幸的是，一旦你點擊了鏈接，你就不再是在自己的電腦上了，而是在金光黨的電腦上。

And they're harvesting your information and getting full access to your account.

他們會收集你的資訊，並完全訪問你的賬戶。

Okay, what are the red flags?

好吧，有哪些紅旗？

How can we look out for this one?

我們怎樣才能注意到這一點？

Yeah, as I said, scammers are getting increasingly sophisticated, they're using AI and other tools to make it harder for us to spot the red flags, but they are there.

是的，正如我所說的，金光黨們越來越狡猾，他們利用人工智能和其他工具讓我們更難發現紅旗，但它們確實存在。

So the first red flag to look out for is, have you ever received an email from this person before, even if they're claiming to be from Gmail or Google, from their security team.

是以，要注意的第一個紅旗就是，你以前是否收到過這個人的電子郵件，即使他們聲稱自己來自 Gmail 或 Google，來自他們的安全團隊。

Um, if you've never received an email from them before, that's a red flag, uh, the terms of phrase and the grammar they use might feel a bit off.

嗯，如果你以前從未收到過他們的郵件，那就說明他們的用語和文法可能有點問題。

So again, they're probably using AI to craft even better and cleverer messages which are harder to detect, they don't have typos and really obvious mistakes.

是以，他們很可能又在利用人工智能製作更好、更巧妙的資訊，這些資訊更難被發現，沒有錯別字和非常明顯的錯誤。

But they might say something like this email hopes to find you well, rather than I hope this email finds you well.

但他們可能會說 "這封郵件希望你一切順利"，而不是 "我希望這封郵件能讓你一切順利"。

Right.

對

Geez, you've got to be really vigilant, don't you?

天哪，你真的得提高警惕，不是嗎？

Um, so many people have already fallen victim to this.

嗯，已經有很多人成了受害者。

What happens if you do log in and click on that link?

如果您登錄並點擊該鏈接，會發生什麼情況？

Well, help is always at hand.

好吧，幫助總是唾手可得。

Uh, unfortunately, if you have clicked on it, your credentials might now be in the the pocket of a scammer.

不幸的是，如果您點擊了它，您的證書就可能落入金光黨的口袋。

But the really important thing would be to stay vigilant for this sort of scam in the first place, so prevention is better than cure.

但真正重要的是，首先要對這類騙局保持警惕，防患於未然。

Um, make sure you're using unique and complex passwords.

請確保您使用的密碼是唯一且複雜的。

So if you think you have seen this email in your Gmail and you've clicked on it and you've fallen victim to this, make sure you go and change that that password and your login credentials for Gmail immediately.

是以，如果你認為自己在 Gmail 中看到了這封郵件，並點擊了它，從而成為受害者，請確保立即更改密碼和 Gmail 登錄憑證。

Um, if you are visiting websites and you see a URL, it might look like a Gmail sign in page, but the URL has some strange characters or extra numbers in there, that's a red flag.

嗯，如果你在訪問網站時看到一個網址，它可能看起來像一個 Gmail 登錄頁面，但網址中有一些奇怪的字元或額外的數字，這就是一個危險信號。

Um, and make sure that if you are victim to this, you are reporting it to Google and also to ACCC Scamwatch, which has lots of resources for victims of scams.

嗯，如果你是受害者，請確保向谷歌和澳洲商會詐騙觀察報告，該網站為詐騙受害者提供了大量資源。

Jordan, just really quickly too, how often should we change our passwords?

喬丹，請問我們應該多久更換一次密碼？

Well, the general advice is you should change your passwords as often as you change your toothbrush.

一般的建議是，你應該像換牙刷一樣頻繁地更換密碼。

So if you're going by a new toothbrush because the old one's worn out, that's a sort of indication that it's time to change your passwords as well.

是以，如果你因為舊牙刷用壞了而去買新牙刷，這也表明你也該換密碼了。

But the best thing you can do these days is actually get a password manager and just outsource all of that so that you know all you won't know any of your passwords off by heart anymore, but your password manager will be using really complex, you know, 15, 16 character long passwords for all your accounts.

但現在你能做的最好的事情其實是找一個密碼管理器，把所有的事情都外包出去，這樣你就不會再對任何密碼爛熟於心了，但你的密碼管理器會為你的所有賬戶使用非常複雜的 15、16 個字符的長密碼。

You don't have to worry about it.

你不必擔心。

Great advice.

好建議

I feel like I need to change some of my passwords right now.

我覺得我現在需要更改一些密碼。

What about you, Nat?

你呢，納特？

Yeah, and my toothbrush.

是啊，還有我的牙刷。