[mtr]

最好花點時間睇原文

https://blog.certfa.com/posts/the-retur ... ng-kitten/

https://unwire.hk/2018/12/15/phishingattack/life-tech/

... 黑客向受害人發送的電郵中埋藏了一張圖片，黑客可透過它實時知道受害人在何時接觸這封電郵。受害人輸入帳戶名稱與密碼後，黑客在背後實時使用這些資料登入。而受害人之後會被轉到輸入 SMS 認證碼的畫面，黑客可即時取得這個認證碼，突破雙重認證。

[mtr]

Our recommendations to users:

- Do not click on unknown links. For reviewing suspicious activities on your account or change the password, instead of clicking on any link, you can go to your “My Account” settings from your email directly which is more safer.

- Use email encryption such PGP for sensitive emails which prevent hackers reading your emails in the first place.

- Do not store classified and sensitive information as a plain text in your mailbox.

- HTTPS being before a domain names in a URL does not mean that the content of a website is secure or trusted - it’s just a secure extension of the HTTP protocol. Do not forget many phishing websites are currently operating under HTTPS protocol too.

[peterso]