{"id":145297,"date":"2021-11-05T12:20:36","date_gmt":"2021-11-05T09:20:36","guid":{"rendered":"https:\/\/www.enerjigazetesi.ist\/?p=145297"},"modified":"2021-11-05T12:24:44","modified_gmt":"2021-11-05T09:24:44","slug":"saldirganlar-simdi-de-is-e-postalarinin-pesinde","status":"publish","type":"post","link":"https:\/\/www.enerjigazetesi.ist\/en\/saldirganlar-simdi-de-is-e-postalarinin-pesinde\/","title":{"rendered":"(Turkish) Sald\u0131rganlar \u015eimdi de \u0130\u015f E-Postalar\u0131n\u0131n Pe\u015finde!"},"content":{"rendered":"

Sorry, this entry is only available in Turkish<\/a>. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.<\/p>

<\/p>\n

Bir su\u00e7lunun kurumsal bir e-posta hesab\u0131na eri\u015fmesini ve para \u00e7almak i\u00e7in hesap sahibinin kimli\u011fini s\u0131zd\u0131rmas\u0131n\u0131 i\u00e7eren Business Email Compromise (BEC) sald\u0131r\u0131lar\u0131n\u0131n i\u015fletmelere faturas\u0131 a\u011f\u0131r oluyor. \u00c7o\u011funlukla insan hatas\u0131n\u0131 istismar eden BEC sald\u0131r\u0131lar\u0131yla ilgili dikkat edilmesi gerekenler s\u0131raland\u0131.<\/strong><\/h2>\n

BEC sald\u0131r\u0131lar\u0131<\/strong>, sald\u0131rganlar\u0131n herhangi bir \u015firketi, \u00e7al\u0131\u015fanlar\u0131n\u0131, m\u00fc\u015fterilerini<\/strong> veya i\u015f ortaklar\u0131n\u0131<\/strong> doland\u0131rmak i\u00e7in \u015firket \u00e7al\u0131\u015fan\u0131na ait e-posta hesab\u0131n\u0131<\/strong> ele ge\u00e7irdi\u011fi veya taklit etti\u011fi bir \"\"sald\u0131r\u0131 t\u00fcr\u00fc. \u0130nsanlar s\u0131k e-posta ald\u0131klar\u0131<\/strong> birinin e-posta adresine<\/strong> g\u00fcvenme e\u011filimindedirler ve her seferinde do\u011frulu\u011funu kontrol etmezler. Sald\u0131rganlar bu g\u00fcvenden faydalanarak \u015firket a\u011f\u0131nda kullan\u0131lan bir e-postay\u0131<\/strong> ele ge\u00e7irebilirler veya \u00e7ok benzerini olu\u015fturabilirler. \u00c7ok uluslu \u00e7al\u0131\u015fan \u015firketler<\/strong> ya da avukat, finans m\u00fcd\u00fcr\u00fc, mali m\u00fc\u015favir<\/strong> gibi \u00fcst d\u00fczey \u00e7al\u0131\u015fanlar\u0131 olan \u015firketler bu t\u00fcr sald\u0131r\u0131lara daha a\u00e7\u0131kt\u0131r.<\/p>\n

Siber su\u00e7lular hedeflerine<\/strong> ula\u015fabilmek i\u00e7in sinsilikle tasarlanm\u0131\u015f tuzaklar<\/strong> kurarlar ve su\u00e7lular\u0131 tuza\u011fa d\u00fc\u015f\u00fcrmek<\/strong> i\u00e7in sab\u0131rla beklerler. ESET T\u00fcrkiye \u00dcr\u00fcn ve Pazarlama M\u00fcd\u00fcr\u00fc <\/em>Can Erginkurban, siber sald\u0131rganlar\u0131n en \u00e7ok tercih ettikleri y\u00f6ntemleri s\u0131ralayarak kurumlar\u0131n alabilecekleri \u00f6nlemler hakk\u0131nda \u015fu \u00f6nerilerde bulundu;<\/span><\/p>\n

Sald\u0131rganlar hangi teknikleri kullan\u0131yorlar<\/strong><\/h3>\n

E-posta adresi<\/strong> ve alan ad\u0131nda yap\u0131lan, kolay fark edilemeyecek ufak de\u011fi\u015fiklikler,<\/p>\n

– \u015eirket hakk\u0131nda bilgi toplamak i\u00e7in g\u00fcvenilir<\/strong> birinden g\u00f6nderilmi\u015f gibi duran sahte e-postalar<\/strong>,<\/p>\n

– A\u011fa s\u0131zarak \u015firket i\u00e7i verilere<\/strong> ve yaz\u0131\u015fmalara eri\u015fim<\/strong> sa\u011flamak i\u00e7in kullan\u0131lan zararl\u0131 yaz\u0131l\u0131mlar,<\/p>\n

– \u0130yi tasarlanm\u0131\u015f ve \u00f6ncekilere benzeyen sahte faturalar,<\/strong><\/p>\n

Avukat, savc\u0131, polis<\/strong> gibi insanlar\u0131n sorgulamaya cesaret edemeyece\u011fi mevkilerin taklit edilmesiyle olu\u015fturulan talepler<\/p>\n

CEO, CFO<\/strong> gibi \u00fcst d\u00fczey y\u00f6neticilerin e-posta hesaplar\u0131n\u0131n ele ge\u00e7irilmesi<\/strong> ve daha alt d\u00fczey bir y\u00f6neticiden para transferi yap\u0131lmas\u0131n\u0131n<\/strong> istenmesi<\/p>\n

\u015eirketler hangi \u00f6nlemleri alabilirler<\/strong><\/h3>\n

BEC doland\u0131r\u0131c\u0131l\u0131\u011f\u0131<\/strong>n\u0131n planlanmas\u0131nda ve ger\u00e7ekle\u015ftirilmesinde yer alan geli\u015fmi\u015f sosyal m\u00fchendislik teknikleri sald\u0131r\u0131lar\u0131n fark edilmesini olduk\u00e7a zorla\u015ft\u0131r\u0131r. Yine de e-posta g\u00fcvenli\u011fi<\/strong> a\u00e7\u0131s\u0131ndan en iyi uygulama \u00f6rneklerine uymak sald\u0131r\u0131lar\u0131n \u015firketinizde ba\u015far\u0131 \u015fans\u0131n\u0131z\u0131 \u00f6nemli \u00f6l\u00e7\u00fcde azaltacakt\u0131r.<\/p>\n

BEC sald\u0131r\u0131lar\u0131 genellikle \u00e7ok daha uzun soluklu sald\u0131r\u0131lar\u0131n bir par\u00e7as\u0131d\u0131r. Sald\u0131rganlar\u0131n \u015firket a\u011f\u0131na s\u0131zarak<\/strong> belirli bir s\u00fcre fark edilmeden i\u00e7eride kalmalar\u0131 gerekebilir. Bu t\u00fcr s\u0131zmalar\u0131 fark edebilmenizi sa\u011flayan EDR \u00e7\u00f6z\u00fcmlerinin zaman\u0131nda yerle\u015ftirilmi\u015f olmas\u0131 ve sistemin s\u00fcrekli izlenmesi<\/strong> bir anda milyonlarca dolara<\/strong> \u00e7\u0131kabilecek zararlar\u0131n \u00f6n\u00fcne ge\u00e7menizi sa\u011flayabilir.<\/p>\n

Titizlikle belirleyece\u011finiz e-posta kurallar\u0131 ile benzer ama ayn\u0131 olmayan domainlerden gelen ve yan\u0131tlanan epostalar\u0131 ay\u0131rabilirsiniz. S\u0131k kullan\u0131lan ve \u015firket i\u00e7i domainler<\/strong> i\u00e7in renk kodu<\/strong> tan\u0131mlayabilirsiniz. \u015eirket e-posta hesaplar\u0131n\u0131 mutlaka \u00e7ok fakt\u00f6rl\u00fc kimlik do\u011frulama<\/strong> ile korumal\u0131s\u0131n\u0131z.<\/p>\n

SMTP protokol\u00fc<\/strong> ne yaz\u0131k ki istedi\u011finiz alan ad\u0131ndan ve e-posta adresinden posta g\u00f6nderebilmenize olanak sa\u011flar. E-posta g\u00fcvenlik yaz\u0131l\u0131m\u0131n\u0131zda yan\u0131tlama adresi farkl\u0131 olan e-postalar i\u00e7in \u00f6zel kurallar<\/strong> olu\u015fturabilirsiniz. Bu \u015fekilde sahte e-postalar\u0131 ay\u0131klama \u015fans\u0131n\u0131z <\/strong>y\u00fckselir.<\/p>\n

\u00c7al\u0131\u015fanlar\u0131n\u0131za genel siber g\u00fcvenlik kurallar\u0131<\/strong> yan\u0131nda e-postalar<\/strong> konusunda da e\u011fitmelisiniz. Bir e-posta ald\u0131klar\u0131nda g\u00f6nderici adresine dikkat etmelerini, postan\u0131n i\u00e7indeki ba\u011flant\u0131lar\u0131 kontrol etmeden t\u0131klamamalar\u0131 gerekti\u011fini bilmeliler.<\/p>\n

\u00c7ok fakt\u00f6r do\u011frulama mant\u0131\u011f\u0131nda oldu\u011fu gibi, e-posta ile al\u0131nan transfer talepleri i\u00e7in telefon<\/strong> ile arayarak do\u011frulama yap\u0131lmas\u0131n\u0131<\/strong> zorunlu tutabilirsiniz.<\/p>\n

Temel e-posta g\u00fcvenli\u011fi<\/strong> kurallar\u0131n\u0131 uygulamak \u015firketlerin BEC sald\u0131r\u0131s\u0131<\/strong>na maruz kalma riskini azaltacakt\u0131r ancak bu tehlikeli ve maliyetli sald\u0131r\u0131lardan korunman\u0131n en iyi yolu geli\u015fmi\u015f, \u00e7ok katmanl\u0131 bir e-posta g\u00fcvenli\u011fine<\/strong> yat\u0131r\u0131m yapmaktan ge\u00e7er. Ayr\u0131ca \u015firket hesaplar\u0131n\u0131 d\u00fczenli olarak kontrol etmeyi ihmal etmeyin.<\/p>","protected":false},"excerpt":{"rendered":"

Sorry, this entry is only available in Turkish. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language. Bir su\u00e7lunun kurumsal bir e-posta hesab\u0131na eri\u015fmesini ve para \u00e7almak i\u00e7in hesap sahibinin kimli\u011fini s\u0131zd\u0131rmas\u0131n\u0131 i\u00e7eren Business Email Compromise (BEC) sald\u0131r\u0131lar\u0131n\u0131n i\u015fletmelere […]<\/p>\n","protected":false},"author":1,"featured_media":145299,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[53,157],"tags":[98235,98234,98233,98236,98238,19577,98237,65918],"views":107,"_links":{"self":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/145297"}],"collection":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/comments?post=145297"}],"version-history":[{"count":0,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/145297\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media\/145299"}],"wp:attachment":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media?parent=145297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/categories?post=145297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/tags?post=145297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}