{"id":8670,"date":"2020-08-13T16:41:27","date_gmt":"2020-08-13T13:41:27","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=8670"},"modified":"2020-08-13T16:41:27","modified_gmt":"2020-08-13T13:41:27","slug":"phishing-email-scanner","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/phishing-email-scanner\/8670\/","title":{"rendered":"Sahte e-posta taray\u0131c\u0131s\u0131"},"content":{"rendered":"

Son y\u0131llarda, kurumsal a\u011flara e-posta arac\u0131l\u0131\u011f\u0131yla vir\u00fcs bula\u015fmas\u0131 haberleriyle d\u00fczenli olarak kar\u015f\u0131la\u015f\u0131yoruz (ve genellikle fidye yaz\u0131l\u0131m\u0131yla ba\u011flant\u0131l\u0131 oluyorlar). Hal b\u00f6yleyken doland\u0131r\u0131c\u0131lar\u0131n, \u015firket \u00e7al\u0131\u015fanlar\u0131n\u0131 posta kutular\u0131n\u0131 taramaya ikna ederek kurumsal posta hesaplar\u0131ndan kimlik bilgilerini almaya \u00e7al\u0131\u015fmak i\u00e7in d\u00fczenli aral\u0131klarla bu hassasiyeti kullanmalar\u0131 \u015fa\u015f\u0131rt\u0131c\u0131 de\u011fil.<\/p>\n

Bu kurgu, e-postalardaki potansiyel k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m tehdidini bilen, ancak bununla nas\u0131l ba\u015fa \u00e7\u0131k\u0131laca\u011f\u0131n\u0131 yeterince anlamayan ki\u015fileri hedefliyor. Bilgi g\u00fcvenli\u011fi \u00e7al\u0131\u015fanlar\u0131, p\u00fcf noktalar\u0131 \u00e7al\u0131\u015fanlara a\u00e7\u0131klamal\u0131 ve bu t\u00fcr \u00f6rnekleri \u00e7al\u0131\u015fanlar\u0131n siber su\u00e7lular\u0131n kurban\u0131 olmaktan ka\u00e7\u0131nmak i\u00e7in nelere dikkat etmeleri gerekti\u011fini g\u00f6stermek i\u00e7in kullanmal\u0131.<\/p>\n

Kimlik av\u0131 e-postas\u0131<\/h2>\n

Bu doland\u0131r\u0131c\u0131l\u0131k mesaj\u0131, eski hilelerden birini kullanarak ma\u011fdurlara g\u00f6zda\u011f\u0131 verir. \u201cVir\u00fcs Uyar\u0131s\u0131\u201d ve ard\u0131ndan \u00fc\u00e7 \u00fcnlem i\u015fareti yazan ba\u015fl\u0131kta bu y\u00f6ntemi g\u00f6rebilirsiniz. Ne kadar \u00f6nemsiz bir noktalama i\u015fareti gibi g\u00f6r\u00fcnse de, al\u0131c\u0131ya bir terslik oldu\u011fu konusunda ipucu vermesi gereken ilk i\u015faret budur. Bir i\u015f e-postas\u0131nda gereksiz noktalama i\u015faretleri, duygusall\u0131\u011f\u0131n veya profesyonellikten uzakl\u0131\u011f\u0131n i\u015faretidir. Her iki durum da, bir tehditle ilgili bilgileri iletmeyi ama\u00e7lad\u0131\u011f\u0131 varsay\u0131lan bir bildirim i\u00e7in uygunsuzdur.<\/p>\n

\"\"<\/p>\n

Al\u0131c\u0131n\u0131n sormas\u0131 gereken birinci soru \u201cMesaj\u0131 kim g\u00f6nderdi?\u201d olmal\u0131d\u0131r. E-posta, herhangi bir i\u015flem yapmaman\u0131n al\u0131c\u0131n\u0131n hesab\u0131n\u0131n bloke edilmesiyle sonu\u00e7lanaca\u011f\u0131n\u0131 belirtiyor. Bu e-postan\u0131n kurumsal e-posta sunucusunu destekleyen BT hizmeti veya e-posta hizmeti sa\u011flay\u0131c\u0131s\u0131n\u0131n \u00e7al\u0131\u015fanlar\u0131 taraf\u0131ndan g\u00f6nderildi\u011fini varsaymak bir noktaya kadar mant\u0131kl\u0131 olabilir.<\/p>\n

Ancak, hi\u00e7bir sa\u011flay\u0131c\u0131n\u0131n veya dahili hizmetin, posta kutusunun i\u00e7eri\u011fini taramak i\u00e7in kullan\u0131c\u0131n\u0131n bir eylemde bulunmas\u0131n\u0131 \u015fart ko\u015fmayaca\u011f\u0131n\u0131 anlamak \u00e7ok \u00f6nemli. Tarama, e-posta sunucusunda otomatik olarak ger\u00e7ekle\u015fir. Dahas\u0131, \u201cvir\u00fcs etkinli\u011fi\u201d bir hesap i\u00e7inde nadiren ger\u00e7ekle\u015fir. Birisi bir vir\u00fcs g\u00f6ndermi\u015f olsa bile al\u0131c\u0131n\u0131n bu vir\u00fcs\u00fc indirip \u00e7al\u0131\u015ft\u0131rmas\u0131 gerekir. Vir\u00fcs, e-posta hesab\u0131na de\u011fil, bilgisayara bula\u015f\u0131r.<\/p>\n

\u0130lk soruya geri d\u00f6necek olursak, g\u00f6nderene bak\u0131ld\u0131\u011f\u0131nda hemen iki tehlike i\u015fareti ortaya \u00e7\u0131k\u0131yor. Birincisi, e-posta bir Hotmail hesab\u0131ndan g\u00f6nderilmi\u015f; oysa me\u015fru bir bildirim, \u015firketin veya sa\u011flay\u0131c\u0131n\u0131n alan ad\u0131n\u0131 g\u00f6r\u00fcnt\u00fclerdi. \u0130kincisi, mesaj\u0131n \u201cE-posta G\u00fcvenlik Ekibi\u201dnden geldi\u011fi s\u00f6yleniyor. Al\u0131c\u0131n\u0131n \u015firketi bir \u00fc\u00e7\u00fcnc\u00fc taraf posta hizmeti sa\u011flay\u0131c\u0131s\u0131 kullan\u0131yorsa, bu hizmetin ad\u0131 imzada g\u00f6r\u00fcnmek zorundad\u0131r. Posta sunucusu kurumsal altyap\u0131daysa bildirim kurum i\u00e7i BT veya bilgi g\u00fcvenli\u011fi hizmetinden gelecektir ama t\u00fcm ekibin yaln\u0131zca e-posta g\u00fcvenli\u011finden sorumlu olma olas\u0131l\u0131\u011f\u0131 \u00e7ok d\u00fc\u015f\u00fckt\u00fcr.<\/p>\n

S\u0131ra geldi ba\u011flant\u0131ya\u2026 \u00c7o\u011fu modern e-posta istemcisi, k\u00f6pr\u00fcn\u00fcn arkas\u0131na gizlenmi\u015f URL\u2019i g\u00f6sterir. Al\u0131c\u0131dan, \u015firketinize de, posta sa\u011flay\u0131c\u0131s\u0131na da ait olmayan bir alan ad\u0131nda bar\u0131nd\u0131r\u0131lan bir e-posta taray\u0131c\u0131s\u0131na t\u0131klamas\u0131 istenirse bu neredeyse kesinlikle kimlik av\u0131d\u0131r.<\/p>\n

Kimlik av\u0131 sitesi<\/h2>\n

Site bir t\u00fcr \u00e7evrimi\u00e7i e-posta taray\u0131c\u0131s\u0131 gibi g\u00f6r\u00fcn\u00fcyor. Orijinallik izlenimi vermek i\u00e7in bir dizi antivir\u00fcs sa\u011flay\u0131c\u0131s\u0131n\u0131n logolar\u0131 g\u00f6steriliyor. Ba\u015fl\u0131k, al\u0131c\u0131n\u0131n \u015firketinin ad\u0131n\u0131 bile i\u00e7eriyor; bu, taray\u0131c\u0131n\u0131n kimin arac\u0131 oldu\u011funa dair herhangi bir \u015f\u00fcpheyi ortadan kald\u0131rmay\u0131 ama\u00e7l\u0131yor. Site, \u00f6nce bir taramay\u0131 sim\u00fcle ediyor, ard\u0131ndan \u201cE-posta taramas\u0131 tamamlamak ve etkilenen dosyalar\u0131 t\u00fcm silmek i\u00e7in a\u015fa\u011f\u0131daki hesab\u0131n\u0131z\u0131 onaylay\u0131n\u201d \u015feklinde yanl\u0131\u015f bir gramer kullan\u0131larak yaz\u0131lm\u0131\u015f bir mesajla i\u015flemi yar\u0131da kesiyor. Elbette bunun i\u00e7in hesap \u015fifresi gerekiyor.<\/p>\n

\"\"<\/p>\n

Sitenin yap\u0131s\u0131n\u0131 anlamak i\u00e7in i\u015fe taray\u0131c\u0131 adres \u00e7ubu\u011funun i\u00e7eri\u011fini inceleyerek ba\u015flay\u0131n. Birincisi, yukar\u0131da belirtildi\u011fi gibi, do\u011fru alan ad\u0131na sahip de\u011fil. \u0130kincisi, URL b\u00fcy\u00fck olas\u0131l\u0131kla al\u0131c\u0131n\u0131n e-posta adresini i\u00e7erir. Bu tek ba\u015f\u0131na bir sorun de\u011fildir: Kullan\u0131c\u0131 kimli\u011fi URL arac\u0131l\u0131\u011f\u0131yla aktar\u0131lm\u0131\u015f olabilir. Ancak sitenin yasall\u0131\u011f\u0131yla ilgili herhangi bir \u015f\u00fcphe durumunda, adresi rastgele karakterlerle de\u011fi\u015ftirin (ancak e-posta adresi g\u00f6r\u00fcn\u00fcm\u00fcn\u00fc korumak i\u00e7in @ simgesini tutun).<\/p>\n

Bu t\u00fcr siteler, sayfa \u015fablonundaki belirli bo\u015fluklar\u0131 doldurmak i\u00e7in kimlik av\u0131 e-postas\u0131ndaki ba\u011flant\u0131 taraf\u0131ndan iletilen adresi kullan\u0131r. Biz deneme yapmak i\u00e7in var olmayan kurban@sirketiniz.org diye bir adres kulland\u0131k. Site, taray\u0131c\u0131n\u0131n ad\u0131na \u201c\u015firketiniz\u201d kelimesini yerle\u015ftirdi ve t\u00fcm adresi hesab\u0131n ad\u0131na uygun \u015fekilde de\u011fi\u015ftirdi; bunun \u00fczerine var olmayan e-postalardaki var olmayan ekleri taramaya ba\u015flam\u0131\u015f g\u00f6r\u00fcnt\u00fcs\u00fc verdi. Deneyi farkl\u0131 bir adresle tekrarlad\u0131\u011f\u0131m\u0131zda her \u201ctaramadaki\u201d eklerin adlar\u0131n\u0131n ayn\u0131 oldu\u011funu g\u00f6rd\u00fck.<\/p>\n

\"\"<\/p>\n

Di\u011fer bir tutars\u0131zl\u0131k ise taray\u0131c\u0131n\u0131n posta kutusu i\u00e7eri\u011fini kimlik do\u011frulamas\u0131 olmadan taramas\u0131. \u00d6yleyse neden \u015fifreye ihtiyac\u0131 olsun ki?<\/p>\n

\u00c7al\u0131\u015fanlar\u0131n\u0131z\u0131 kimlik av\u0131ndan nas\u0131l koruyabilirsiniz?<\/h2>\n

Hem e-postadaki hem de sahte taray\u0131c\u0131 internet sitesindeki kimlik av\u0131 i\u015faretlerini ayr\u0131nt\u0131l\u0131 olarak analiz ettik. Bu g\u00f6nderiyi \u00e7al\u0131\u015fanlara g\u00f6stermek, onlara ne arayacaklar\u0131 konusunda kabaca bir fikir verecektir. Ancak bu, buz da\u011f\u0131n\u0131n sadece g\u00f6r\u00fcnen k\u0131sm\u0131. Baz\u0131 sahte e-postalar daha karma\u015f\u0131kt\u0131r ve fark edilmesi daha zordur.<\/p>\n

Bu nedenle, \u00f6rne\u011fin Kaspersky Automated Security Awareness Platform<\/a> gibi bir platform \u00fczerinden \u00e7al\u0131\u015fanlara en son siber tehditler hakk\u0131nda s\u00fcrekli fark\u0131ndal\u0131k e\u011fitimi verilmesini \u00f6neriyoruz.<\/p>\n

Ayr\u0131ca, posta sunucusundaki kimlik av\u0131 e-postalar\u0131n\u0131 alg\u0131layabilen ve i\u015f istasyonlar\u0131nda kimlik av\u0131 sitelerine y\u00f6nlendirmeleri engelleyebilen g\u00fcvenlik \u00e7\u00f6z\u00fcmlerini kullan\u0131n. Kaspersky Security for Business<\/a> her ikisini de yapabiliyor. Dahas\u0131, Microsoft Office 365'in yerle\u015fik koruma mekanizmalar\u0131n\u0131 geli\u015ftiren bir \u00e7\u00f6z\u00fcm<\/a> de sunuyoruz.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

E-posta taray\u0131c\u0131s\u0131 k\u0131l\u0131\u011f\u0131nda gizlenen bir kimlik av\u0131 sitesini ve kurbanlar\u0131 yakalama giri\u015fimlerini ayr\u0131nt\u0131l\u0131 bir \u015fekilde inceliyoruz.<\/p>\n","protected":false},"author":2481,"featured_media":8676,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[1921,1074,1660],"class_list":{"0":"post-8670","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-e-posta","10":"tag-kimlik-avi","11":"tag-sosyal-muhendislik"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/phishing-email-scanner\/8670\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/phishing-email-scanner\/21655\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/phishing-email-scanner\/17118\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/phishing-email-scanner\/22983\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/phishing-email-scanner\/21174\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/phishing-email-scanner\/19808\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/phishing-email-scanner\/23608\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/phishing-email-scanner\/22514\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/phishing-email-scanner\/28863\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/phishing-email-scanner\/36661\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/phishing-email-scanner\/15423\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/phishing-email-scanner\/15874\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/phishing-email-scanner\/13831\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/phishing-email-scanner\/24883\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/phishing-email-scanner\/28963\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/phishing-email-scanner\/25831\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/phishing-email-scanner\/22697\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/phishing-email-scanner\/27944\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/phishing-email-scanner\/27774\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/kimlik-avi\/","name":"kimlik av\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8670","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2481"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=8670"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8670\/revisions"}],"predecessor-version":[{"id":8677,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8670\/revisions\/8677"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/8676"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=8670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=8670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=8670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}