Shopify网络安全-ESG跨境

确保使用 HTTPS 与网站建立连接

如果连接到任何要求您输入用户名和密码或其他敏感数据的网站，请检查浏览器中的 URL 旁边是否显示锁定图标。

该锁定图标表示该网站的连接是使用 HTTPS 协议加密的。已加密连接的 URL 是以 https:// 开头的，而不是 http://。使用 http:// 的连接以纯文本的形式发送数据，也就是说可以在途中被截获和读取。

在点击指向您需要输入信息的任何位置的链接之前，请确保 URL 以 https:// 开头。

仅打开您预期收到的附件或链接

不要对附件、链接或表单进行任何交互，除非它们就是您期望收到的并且您知道它们所包含的内容。它们不仅可以将您重定向到旨在窃取您信息的恶意网站，还可以使用恶意软件感染您的设备。

如果链接文本是 URL，请确保它与链接本身中的 URL 匹配。例如，电子邮件正文中书写为 https://help..com 的链接可能会将您定向到位于另一个 URL 的网络钓鱼页面。

许多网络钓鱼攻击试图利用网上银行。如果您收到来自银行的可疑电子邮件，内容是向您提供信用额度特别优惠，请不要点击该链接。相反，在新窗口中手动输入您的银行的 URL，查看优惠是否显示在您的账户控制面板中。

谨慎使用公共 Wi-Fi

当您外出时，公共 Wi-Fi 很方便，但它为犯罪分子提供了许多不同的方式来获取您的信息。您可以采取措施保护自己和，从而降低风险。

验证热点名称

攻击者可以创建未加密的 Wi-Fi 热点，并将热点命名为与同一地区知名热点相似的名称，例如咖啡店的网络。如果您连接到网络钓鱼热点，攻击者可以将您定向到他们自己的页面，在那里您可能会暴露在恶意软件之下或要求您输入私人信息。

在连接前，请确保您要使用的热点是合法的。如果您无法在明显的位置看到热点名称，请询问员工。

禁用设备的访问点

即使您已连接到合法的公共 Wi-Fi 热点，您仍可能因与攻击者处于同一网络而面临风险。公共 Wi-Fi 网络远不如专用网络安全，比如家里或办公场所的网络。

在连接前关闭网络内的文件共享并启用防火墙，从而保护自己。即使采取了这些预防措施，最好也不要使用公共 Wi-Fi 网络发送或接收任何敏感内容。

通过 VPN 发送和接收敏感数据

虚拟专用网络在您的设备和 VPN 公司的服务器之间建立安全连接。VPN 服务器从这里将您的信息转发至 Internet。如果攻击者通过公共 Wi-Fi 热点访问您传输和接收的数据，则数据会被加密，他们将无法使用。

如果您想了解如何选择 VPN，建议先访问 Techradar 和 PC Mag。

不使用 VPN 时，最安全的选择是避免通过公共 wi-fi 传输敏感信息。

如果个人信息受到侵害，请遵循政府指南

个人可识别信息 (PII) 包含可用于识别特定人员或甚至冒充他们的数据。PII 的类型包括：

• 全名。

• 电子邮件地址。

• 街道地址。

• 电话号码。

• 信用卡号。

• 国内身份证号码（例如 SIN、SSN 或护照）。

• 驾照。

• 出生日期。

如果您通过可疑渠道提供了个人可识别信息，或者您的 Shopify 账户遭到入侵，请参考政府提供的指南，例如加拿大政府和美国政府提供的以下信息。

加拿大

建议操作：

• 加拿大皇家骑警队 - 身份盗用和身份欺诈受害者援助指南

提交报告：

• 加拿大反欺诈中心 - 举报事件

美国

操作：

• FTC - 身份盗窃：恢复计划

• FTC - 身份盗窃：步骤

提交报告：

• FBI - Internet Crime Complaint Center（FBI - 互联网犯罪投诉中心）

Make sure your connection to a website uses HTTPS

When you connect to any website where you could be asked to enter a username and password or other sensitive data, check that a lock icon appears beside the URL in your browser.

The lock icon tells you that the connection to the site is encrypted using the HTTPS protocol. URLs for encrypted connections start with https:// rather than http://. Connections that use http:// send data in plain text, meaning it can be intercepted en route and read.

Before clicking a link to anywhere you expect to enter information, make sure that the URL starts with https://.

Open only attachments or links you expect

Don’t interact with attachments, links, or forms unless you are expecting them and know what they contain. Not only can they redirect you to a malicious site designed to steal your information, but they can also infect your device with malware.

When link text is a URL, make sure that it matches the URL in the link itself. For example, a link written out as https://help.shopify.com in the body of an email might direct you to a phishing page at another URL.

Many phishing attacks try to take advantage of online banking. If you receive a suspicious email from your bank with a special offer for a line of credit, then don't click the link. Instead, enter your bank's URL manually in a new window and see if the offer shows up in your account dashboard.

Be careful with public wi-fi

Public wi-fi is convenient when you're on the go, but it vides many different ways for criminals to gain access to your information. You can reduce your risks by taking steps to protect yourself and your data.

Verify hotspot names

An attacker can create their own unencrypted wi-fi hotspot that is named like a reputable one in the same area, such as the network in a coffee shop. If you connect to the phishing hotspot, the attacker can direct you to their own page, where you can be exposed to malware or asked to enter prie information.

Before connecting, make sure that the hotspot you plan to use is legitimate. If you can't see the hotspot name posted in an obvious place, then ask an employee.

Disable access points to your device

Even if you have connected to a legitimate public wi-fi hotspot, then you can still be at risk by being on the same network as an attacker. Public wi-fi networks are much less secure than private networks like the one at your home or office.

Protect yourself by turning off file sharing within your network and enabling your firewall before connecting. Even with these precautions, it's still not a good idea to send or receive any sensitive content using a public wi-fi network.

Send and receive sensitive data over a VPN

A virtual private network establishes a secure connection between your device and the VPN company's servers. From there, the VPN servers relay your information to the internet. If an attacker gains access to the data you are transmitting and receiving through a public wi-fi hotspot, then the data is encrypted and not useful to them.

Techradar and PC Mag are good places to start if you want to learn how to choose a VPN.

Without a VPN, the most secure option is to avoid transmitting sensitive information over public wi-fi.

Follow government guides if your personal information is compromised

Personally identifiable information (PII) consists of data that could be used to identify a particular person, or even impersonate them. Types of PII include.

• full name.

• email address.

• street address.

• telephone number.

• credit card number.

• national identity number (such as SIN, SSN, or passport).

• driver's license.

• date of birth.

If you provided personally identifiable information through a suspicious channel, or your Shopify account was compromised, then refer to guides from your government, such as this information from the Canadian and United States governments.

Canada

What to do:

• RCMP - Identity Theft and Identity Fraud Victim Assistance Guide

File a report:

• Canadian Anti-Fraud Centre - Report an incident

United States

What to do:

• FTC - Identity Theft: A Recovery Plan

• FTC - Identity Theft: Steps

File a report:

• FBI - Internet Crime Complaint Center

特别声明：以上文章内容仅代表作者本人观点，不代表ESG跨境电商观点或立场。如有关于作品内容、版权或其它问题请于作品发表后的30日内与ESG跨境电商联系。