{"id":63,"date":"2026-06-28T12:55:58","date_gmt":"2026-06-28T09:55:58","guid":{"rendered":"https:\/\/secradar.net\/blog\/oltalama-phishing-nedir-korunma\/"},"modified":"2026-06-28T12:55:58","modified_gmt":"2026-06-28T09:55:58","slug":"oltalama-phishing-nedir-korunma","status":"publish","type":"post","link":"https:\/\/secradar.net\/blog\/oltalama-phishing-nedir-korunma\/","title":{"rendered":"Oltalama (Phishing) Nedir? Nas\u0131l Anla\u015f\u0131l\u0131r ve Korunulur?"},"content":{"rendered":"<p><strong>Oltalama (phishing)<\/strong>, sald\u0131rganlar\u0131n g\u00fcvenilir bir kurumu (banka, kargo firmas\u0131, e-posta sa\u011flay\u0131c\u0131s\u0131, kamu kurumu) taklit ederek sizi kand\u0131rmaya ve giri\u015f bilgilerinizi, kart numaran\u0131z\u0131 veya ki\u015fisel verilerinizi \u00e7almaya \u00e7al\u0131\u015ft\u0131\u011f\u0131 bir doland\u0131r\u0131c\u0131l\u0131k y\u00f6ntemidir. Ad\u0131 &#8220;bal\u0131k avlamak&#8221; (fishing) s\u00f6zc\u00fc\u011f\u00fcnden gelir: sald\u0131rgan bir yem (sahte e-posta veya mesaj) atar, kurban\u0131n oltaya gelmesini bekler.<\/p>\n<p>Bu yaz\u0131da oltalaman\u0131n ne oldu\u011funu, sahte bir sitenin nas\u0131l anla\u015f\u0131ld\u0131\u011f\u0131n\u0131 ve hem ki\u015fisel hem kurumsal d\u00fczeyde nas\u0131l korunabilece\u011finizi ad\u0131m ad\u0131m ele al\u0131yoruz. \u015e\u00fcpheli bir ba\u011flant\u0131y\u0131 t\u0131klamadan \u00f6nce <a href=\"https:\/\/secradar.net\/tehdit-kontrolu\">SecRadar Tehdit Kontrol\u00fc<\/a> ile saniyeler i\u00e7inde kontrol edebilece\u011finizi de g\u00f6sterece\u011fiz.<\/p>\n<h2>Oltalama Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/h2>\n<p>Tipik bir oltalama sald\u0131r\u0131s\u0131 birka\u00e7 ad\u0131mdan olu\u015fur:<\/p>\n<ol>\n<li><strong>Yem:<\/strong> Size aciliyet hissi veren bir e-posta veya SMS gelir \u2014 &#8220;Hesab\u0131n\u0131z ask\u0131ya al\u0131nd\u0131&#8221;, &#8220;Kargonuz teslim edilemedi&#8221;, &#8220;\u00d6d\u00fcl\u00fcn\u00fcz\u00fc almak i\u00e7in t\u0131klay\u0131n&#8221;.<\/li>\n<li><strong>Sahte ba\u011flant\u0131:<\/strong> Mesajdaki ba\u011flant\u0131, ger\u00e7e\u011fine \u00e7ok benzeyen ama sald\u0131rgana ait bir siteye y\u00f6nlendirir.<\/li>\n<li><strong>Sahte sayfa:<\/strong> Bu site, ger\u00e7ek giri\u015f sayfas\u0131n\u0131n birebir kopyas\u0131d\u0131r. Bilgilerinizi girdi\u011finizde do\u011frudan sald\u0131rgana ula\u015f\u0131r.<\/li>\n<li><strong>\u0130stismar:<\/strong> \u00c7al\u0131nan bilgilerle hesab\u0131n\u0131za girilir, para transfer edilir veya kimli\u011finiz ba\u015fka sald\u0131r\u0131larda kullan\u0131l\u0131r.<\/li>\n<\/ol>\n<p>Oltalama yaln\u0131zca e-posta ile s\u0131n\u0131rl\u0131 de\u011fildir: SMS \u00fczerinden yap\u0131lana <strong>smishing<\/strong>, telefonla yap\u0131lana <strong>vishing<\/strong>, belirli bir ki\u015fiyi hedef alan ki\u015fiselle\u015ftirilmi\u015f sald\u0131r\u0131lara ise <strong>spear phishing<\/strong> denir.<\/p>\n<h2>Sahte Bir Site Nas\u0131l Anla\u015f\u0131l\u0131r?<\/h2>\n<p>Oltalama sitelerinin \u00e7o\u011fu birka\u00e7 ortak ipucu bar\u0131nd\u0131r\u0131r. Bir ba\u011flant\u0131ya t\u0131klamadan veya bilgi girmeden \u00f6nce \u015funlar\u0131 kontrol edin:<\/p>\n<h3>1. Alan Ad\u0131n\u0131 Dikkatle Okuyun<\/h3>\n<p>Sald\u0131rganlar ger\u00e7ek adrese benzeyen alan adlar\u0131 kullan\u0131r. Bunlara <strong>typosquatting<\/strong> denir:<\/p>\n<ul>\n<li>Harf de\u011fi\u015fimi: <code>g00gle.com<\/code> (o yerine s\u0131f\u0131r), <code>paypa1.com<\/code> (l yerine bir).<\/li>\n<li>Ek kelime: <code>banka-guvenlik.com<\/code>, <code>hesap-dogrulama-bankam.com<\/code>.<\/li>\n<li>Farkl\u0131 uzant\u0131: ger\u00e7ek site <code>.com.tr<\/code> iken sahtesi <code>.com<\/code> veya <code>.xyz<\/code>.<\/li>\n<li>Alt alan ad\u0131 oyunu: <code>bankaniz.com.guvenli-giris.net<\/code> \u2014 as\u0131l alan ad\u0131 buradaki <code>guvenli-giris.net<\/code>&#8216;tir, ba\u015f\u0131ndaki &#8220;bankaniz.com&#8221; sadece bir alt alan ad\u0131d\u0131r.<\/li>\n<\/ul>\n<p>Kural: Adresin <strong>en sa\u011fdaki<\/strong> iki par\u00e7as\u0131 (\u00f6rn. <code>example.com<\/code>) as\u0131l alan ad\u0131d\u0131r; geri kalan her \u015fey onun \u00f6n\u00fcne eklenmi\u015f olabilir.<\/p>\n<h3>2. &#8220;Ye\u015fil Kilit&#8221; Sahte Sitenin G\u00fcvenli Oldu\u011fu Anlam\u0131na Gelmez<\/h3>\n<p>Yayg\u0131n bir yan\u0131lg\u0131: &#8220;Adreste kilit simgesi (HTTPS) varsa site g\u00fcvenlidir.&#8221; Bu <strong>do\u011fru de\u011fildir<\/strong>. Bug\u00fcn \u00fccretsiz SSL sertifikas\u0131 almak dakikalar s\u00fcrd\u00fc\u011f\u00fc i\u00e7in oltalama siteleri de HTTPS kullan\u0131r. Kilit yaln\u0131zca ba\u011flant\u0131n\u0131n <em>\u015fifreli<\/em> oldu\u011funu g\u00f6sterir; sitenin <em>d\u00fcr\u00fcst<\/em> oldu\u011funu de\u011fil. Sertifikan\u0131n kime ait oldu\u011funu <a href=\"https:\/\/secradar.net\/ssl-sorgulama\">SSL Sorgulama<\/a> ile inceleyebilir, sertifikadaki alan ad\u0131n\u0131n bekledi\u011finiz kurumla e\u015fle\u015fip e\u015fle\u015fmedi\u011fine bakabilirsiniz. SSL hatalar\u0131 ve &#8220;Ba\u011flant\u0131n\u0131z Gizli De\u011fil&#8221; uyar\u0131s\u0131n\u0131n ne anlama geldi\u011fini <a href=\"https:\/\/secradar.net\/blog\/baglantiniz-gizli-degil-hatasi-cozumu\">ayr\u0131 bir yaz\u0131da<\/a> ele ald\u0131k.<\/p>\n<h3>3. Alan Ad\u0131n\u0131n Ya\u015f\u0131na Bak\u0131n<\/h3>\n<p>Oltalama siteleri genellikle <strong>\u00e7ok yeni kaydedilmi\u015f<\/strong> alan adlar\u0131 kullan\u0131r; kampanya bitince terk edilirler. Ger\u00e7ek bir bankan\u0131n alan ad\u0131 y\u0131llard\u0131r kay\u0131tl\u0131yken, sahtesi birka\u00e7 g\u00fcn \u00f6nce al\u0131nm\u0131\u015f olabilir. Bir alan ad\u0131n\u0131n ne zaman tescil edildi\u011fini <a href=\"https:\/\/secradar.net\/whois-sorgulama\">WHOIS Sorgulama<\/a> arac\u0131yla \u00f6\u011frenebilirsiniz; birka\u00e7 g\u00fcn \u00f6nce kaydedilmi\u015f bir &#8220;banka&#8221; sitesi g\u00fc\u00e7l\u00fc bir uyar\u0131 i\u015faretidir. Alan ad\u0131 tescili ve WHOIS konusunu <a href=\"https:\/\/secradar.net\/blog\/alan-adi-tescili-ve-whois-rehberi\">WHOIS rehberimizde<\/a> detayland\u0131rd\u0131k.<\/p>\n<h3>4. Tehdit Listelerinde Olup Olmad\u0131\u011f\u0131n\u0131 Kontrol Edin<\/h3>\n<p>Bilinen bir\u00e7ok oltalama ve zararl\u0131 yaz\u0131l\u0131m sitesi, Google Safe Browsing gibi tehdit veritabanlar\u0131na i\u015faretlenmi\u015ftir. \u015e\u00fcpheli bir adresi girmeden, <a href=\"https:\/\/secradar.net\/tehdit-kontrolu\">Tehdit Kontrol\u00fc<\/a> arac\u0131yla sitenin bu listelerde olup olmad\u0131\u011f\u0131n\u0131 saniyeler i\u00e7inde sorgulay\u0131n. Sonu\u00e7 temiz \u00e7\u0131ksa bile di\u011fer ipu\u00e7lar\u0131n\u0131 g\u00f6z ard\u0131 etmeyin \u2014 \u00e7ok yeni bir site hen\u00fcz listelenmemi\u015f olabilir.<\/p>\n<h3>5. \u0130\u00e7erik ve Aciliyet Tuzaklar\u0131na Dikkat<\/h3>\n<p>Dil bilgisi hatalar\u0131, garip ifadeler, ki\u015fiselle\u015ftirilmemi\u015f hitaplar (&#8220;Say\u0131n M\u00fc\u015fteri&#8221;) ve \u00f6zellikle <strong>aciliyet bask\u0131s\u0131<\/strong> (&#8220;24 saat i\u00e7inde do\u011frulamazsan\u0131z hesab\u0131n\u0131z silinecek&#8221;) klasik oltalama i\u015faretleridir. Hi\u00e7bir ciddi kurum sizden e-posta ba\u011flant\u0131s\u0131yla parola veya kart bilgisi girmenizi istemez.<\/p>\n<h2>Oltalamadan Nas\u0131l Korunulur? (Bireysel)<\/h2>\n<ul>\n<li><strong>Ba\u011flant\u0131ya t\u0131klamak yerine adresi elle yaz\u0131n.<\/strong> Bankan\u0131z\u0131n sitesine gitmek i\u00e7in e-postadaki ba\u011flant\u0131y\u0131 de\u011fil, adres \u00e7ubu\u011funa kendiniz yazd\u0131\u011f\u0131n\u0131z resmi adresi kullan\u0131n.<\/li>\n<li><strong>\u0130ki ad\u0131ml\u0131 do\u011frulama (2FA) kullan\u0131n.<\/strong> Paroleniz \u00e7al\u0131nsa bile, ikinci fakt\u00f6r (SMS\/uygulama kodu) olmadan hesab\u0131n\u0131za girilemez.<\/li>\n<li><strong>Parola y\u00f6neticisi kullan\u0131n.<\/strong> Parola y\u00f6neticileri yaln\u0131zca do\u011fru alan ad\u0131nda otomatik doldurma yapar; sahte sitede doldurmamas\u0131 ba\u015fl\u0131 ba\u015f\u0131na bir uyar\u0131d\u0131r.<\/li>\n<li><strong>\u015e\u00fcphede t\u0131klamay\u0131n, do\u011frulay\u0131n.<\/strong> Kurumu resmi telefonundan aray\u0131n; mesajdaki numaray\u0131 de\u011fil.<\/li>\n<li><strong>\u015e\u00fcpheli adresi \u00f6nce kontrol edin.<\/strong> <a href=\"https:\/\/secradar.net\/tehdit-kontrolu\">Tehdit Kontrol\u00fc<\/a> ve <a href=\"https:\/\/secradar.net\/whois-sorgulama\">WHOIS<\/a> ile h\u0131zl\u0131 bir kontrol \u00e7o\u011fu tuza\u011f\u0131 erkenden a\u00e7\u0131\u011fa \u00e7\u0131kar\u0131r.<\/li>\n<\/ul>\n<h2>Markan\u0131z Taklit Edilirse: Kurumsal Korunma<\/h2>\n<p>Oltalama yaln\u0131zca bireyleri de\u011fil, <strong>taklit edilen kurumlar\u0131<\/strong> da hedef al\u0131r: m\u00fc\u015fterileriniz sizin ad\u0131n\u0131za doland\u0131r\u0131l\u0131r, marka g\u00fcveniniz zarar g\u00f6r\u00fcr. Kurumsal olarak alabilece\u011finiz \u00f6nlemler:<\/p>\n<ul>\n<li><strong>E-posta kimlik do\u011frulamas\u0131 kurun.<\/strong> SPF, DKIM ve DMARC kay\u0131tlar\u0131, sald\u0131rganlar\u0131n sizin alan ad\u0131n\u0131zdan sahte e-posta g\u00f6ndermesini zorla\u015ft\u0131r\u0131r. Bu konuyu <a href=\"https:\/\/secradar.net\/blog\/spf-dkim-dmarc-eposta-guvenligi\">SPF, DKIM ve DMARC rehberimizde<\/a> anlatt\u0131k.<\/li>\n<li><strong>Sertifika d\u00fczenlemelerini izleyin.<\/strong> Markan\u0131za benzer alan adlar\u0131 i\u00e7in al\u0131nan SSL sertifikalar\u0131, kurulmakta olan bir phishing altyap\u0131s\u0131n\u0131n habercisi olabilir. Certificate Transparency loglar\u0131yla bunu nas\u0131l yakalayaca\u011f\u0131n\u0131z\u0131 <a href=\"https:\/\/secradar.net\/blog\/certificate-transparency-subdomain-kesfi\">CT ve subdomain ke\u015ffi<\/a> yaz\u0131m\u0131zda ele ald\u0131k.<\/li>\n<li><strong>Benzer (typosquat) alan adlar\u0131n\u0131 takip edin.<\/strong> Markan\u0131z\u0131n yayg\u0131n yanl\u0131\u015f yaz\u0131mlar\u0131n\u0131 ve farkl\u0131 uzant\u0131lar\u0131n\u0131 periyodik kontrol edin; gerekiyorsa savunma ama\u00e7l\u0131 tescil edin.<\/li>\n<li><strong>G\u00fcvenlik ba\u015fl\u0131klar\u0131n\u0131z\u0131 s\u0131k\u0131la\u015ft\u0131r\u0131n.<\/strong> Do\u011fru yap\u0131land\u0131r\u0131lm\u0131\u015f <a href=\"https:\/\/secradar.net\/blog\/http-guvenlik-basliklari-rehberi\">HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131<\/a>, sitenizin k\u00f6t\u00fcye kullan\u0131lma ve i\u00e7erik enjeksiyonu riskini azalt\u0131r.<\/li>\n<li><strong>S\u00fcrekli izleyin.<\/strong> SSL, DNS, itibar ve sertifika de\u011fi\u015fikliklerini tek panelden izleyerek bir sorunu m\u00fc\u015fterilerinizden \u00f6nce fark edin.<\/li>\n<\/ul>\n<h2>Oltalamaya Maruz Kald\u0131ysan\u0131z Ne Yapmal\u0131s\u0131n\u0131z?<\/h2>\n<ol>\n<li>Bilgilerinizi girdiyseniz <strong>parolan\u0131z\u0131 hemen de\u011fi\u015ftirin<\/strong>; ayn\u0131 parolay\u0131 kulland\u0131\u011f\u0131n\u0131z di\u011fer hesaplarda da.<\/li>\n<li>Kart bilgisi verdiyseniz <strong>bankan\u0131z\u0131 aray\u0131p kart\u0131 bloke ettirin.<\/strong><\/li>\n<li>M\u00fcmk\u00fcn olan her hesapta <strong>iki ad\u0131ml\u0131 do\u011frulamay\u0131 a\u00e7\u0131n.<\/strong><\/li>\n<li>Olay\u0131 ilgili kuruma ve gerekiyorsa adli makamlara bildirin.<\/li>\n<li>Kendi siteniz taklit veya ele ge\u00e7irildiyse, zararl\u0131 i\u00e7eri\u011fi temizleyip Google Search Console \u00fczerinden yeniden de\u011ferlendirme talep edin.<\/li>\n<\/ol>\n<h2>\u00d6zetle<\/h2>\n<p>Oltalama, teknik bir a\u00e7\u0131ktan \u00e7ok <strong>insan psikolojisini<\/strong> hedef al\u0131r: aciliyet, korku ve g\u00fcven taklidi. En iyi savunma, \u015f\u00fcpheci bir refleks ve birka\u00e7 saniyelik kontrold\u00fcr. Bir ba\u011flant\u0131y\u0131 t\u0131klamadan \u00f6nce alan ad\u0131n\u0131 dikkatle okuyun, ya\u015f\u0131n\u0131 ve itibar\u0131n\u0131 sorgulay\u0131n; kurum olarak ise markan\u0131z\u0131 taklit edenleri s\u00fcrekli izleyin.<\/p>\n<p>\u015e\u00fcpheli adresleri <a href=\"https:\/\/secradar.net\/tehdit-kontrolu\">Tehdit Kontrol\u00fc<\/a>, <a href=\"https:\/\/secradar.net\/whois-sorgulama\">WHOIS Sorgulama<\/a> ve <a href=\"https:\/\/secradar.net\/ssl-sorgulama\">SSL Sorgulama<\/a> ara\u00e7lar\u0131m\u0131zla saniyeler i\u00e7inde de\u011ferlendirebilirsiniz. Kurumsal alan ad\u0131 ve g\u00fcvenlik hizmetleri i\u00e7in <a href=\"https:\/\/www.ihs.com.tr\/\" target=\"_blank\" rel=\"noopener\">\u0130HS Telekom<\/a>&#8216;u inceleyebilirsiniz.<\/p>\n<div style=\"background:#eef2ff;border:1px solid #c7d2fe;border-radius:12px;padding:16px;margin-top:24px\"><b>\u015e\u00fcpheli ba\u011flant\u0131lar\u0131 t\u0131klamadan \u00f6nce kontrol edin.<\/b> <a href=\"https:\/\/secradar.net\/register\">SecRadar&#8217;a \u00fccretsiz \u00fcye olun<\/a>; kendi alan ad\u0131n\u0131z\u0131n itibar\u0131n\u0131, SSL&#8217;ini ve DNS&#8217;ini s\u00fcrekli izleyin, markan\u0131z taklit edildi\u011finde veya bir tehdit listesine girdi\u011finizde Telegram ya da e-posta ile an\u0131nda uyar\u0131 al\u0131n.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Oltalama (phishing), sald\u0131rganlar\u0131n g\u00fcvenilir bir kurumu (banka, kargo firmas\u0131, e-posta sa\u011flay\u0131c\u0131s\u0131, kamu kurumu) taklit ederek sizi kand\u0131rmaya ve giri\u015f bilgilerinizi, kart numaran\u0131z\u0131 veya ki\u015fisel verilerinizi \u00e7almaya \u00e7al\u0131\u015ft\u0131\u011f\u0131 bir doland\u0131r\u0131c\u0131l\u0131k y\u00f6ntemidir. Ad\u0131 &#8220;bal\u0131k avlamak&#8221; (fishing) s\u00f6zc\u00fc\u011f\u00fcnden gelir: sald\u0131rgan bir yem (sahte e-posta veya mesaj) atar, kurban\u0131n oltaya gelmesini bekler. Bu yaz\u0131da oltalaman\u0131n ne oldu\u011funu, sahte bir &#8230; <a title=\"Oltalama (Phishing) Nedir? Nas\u0131l Anla\u015f\u0131l\u0131r ve Korunulur?\" class=\"read-more\" href=\"https:\/\/secradar.net\/blog\/oltalama-phishing-nedir-korunma\/\" aria-label=\"Read more about Oltalama (Phishing) Nedir? Nas\u0131l Anla\u015f\u0131l\u0131r ve Korunulur?\">Devam\u0131n\u0131 oku<\/a><\/p>\n","protected":false},"author":0,"featured_media":62,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-63","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guvenlik"],"_links":{"self":[{"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/posts\/63","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/comments?post=63"}],"version-history":[{"count":0,"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/posts\/63\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/media\/62"}],"wp:attachment":[{"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/media?parent=63"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/categories?post=63"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/tags?post=63"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}