Page 704 - Windows 10 May 2019 Update The Missing Manual: The Book That Should Have Been in the Box
P. 704
UP TO SPEED PHISHING 101
What’s phishing? That’s when you’re sent what appears to be
legitimate email from a bank, eBay, PayPal, or some other
financial website. The message tells you the site needs to
confirm your account information, or warns that your account
has been hacked and needs you to help keep it safe.
If you, responsible citizen that you are, click the provided link
to clear up the supposed problem, you wind up on what looks
like the bank/eBay/PayPal site. But it’s a fake, carefully
designed to look like the real thing; it’s run by a scammer. If
you type in your password and sign-in information, as
requested, then the next thing you know, you’re getting credit
card bills for $10,000 charges at high-rolling Las Vegas hotels
—the scammer has collected your sign-in information. The
fake sites look so much like the real ones that it can be
extremely difficult to tell them apart.
Exploit protection. Microsoft once developed a sophisticated tool
for corporate tech geeks called the Enhanced Mitigation
Experience Toolkit (EMET). It was intended to block many
common avenues of hacker attack.
EMET (or a variation thereof) is now built into Windows. It’s still
intended for corporate network administrators, though, as you can
probably tell by the controls’ names here (“Validate exception
chains [SEHOP]” and “High-entropy ASLR,” anyone?). For best
results, leave these options at their factory settings.
If you know exactly what you’re doing, and you suspect that one of
these blockades is causing glitches in one of your programs, you
can select “Exploit protection settings” and make adjustments on
an app-by-app basis.
