Social engineering using human weaknesses include what
Social engineering is the use of human weaknesses in the body, the acquisition of valuable information on the practice of methods, it is a kind of deception art.
Social engineering (SocialEngineering) is a method of obtaining one’s own interests through such harmful means as deception and harm through psychological traps such as the victim’s psychological weaknesses, instinctive responses, curiosity, trust, and greed.
Next to tell you a case
A social engineer entered a company to work, relying on his camouflaged cheerful and lively character, quickly and staff mingled, and the boss is also familiar with the familiar
Soon, he soon got the recognition of the company and the company’s employees, and won the trust of the employees and the boss
Chen Ming is the company’s supervisory personnel, then he is the engineer’s target.
Chen Ming is the supervisor of the company, then he is the target of the engineer, through a short period of interpersonal communication, the engineer succeeded in obtaining the trust of Chen Ming
The company’s business secrets in the boss’s computer, to open the password is needed, and the password is only known to Chen Ming and the boss
This day, Chen Ming just turned on the computer, he received a message from the engineer, “Chen Ming, the boss sent me a
Because Chen Ming and the engineer are very familiar, Chen Ming sent the password to the engineer.
The engineer succeeded in getting the password and entered the company’s computer to obtain business secrets
This is an extremely simple case of social engineering, but also the engineers use the most widely used methods, the principle is roughly like this
Social engineers are first disguised as a good image of the identity that he plays through various means, and is recognized by your company and colleagues. recognized
In this way, the social engineer has a greater interpersonal advantage and earns the trust of anyone. The social engineer can then be given
many permissions in the company to carry out some of their programs. For example, access to office areas or confidential areas that should not be allowed
The first attack
Pretexting
is a method of creating false scenarios in order to force the target victim to reveal information that they would not normally want to divulge. The method usually pre-contains a study of the terminology of the particular scenario in order to establish a sensible and reasonable illusion
Tell us a case to better understand
Target of the attack:Obtaining the cell phone number, name, address, and ID card of a person of the opposite sex
First of all, a social engineer masquerading as a mobile business hall attendant, first, locks up a target, a person who is being deducted Charge error of the opposite sex
She asked the engineer “My phone bill is obviously more than a hundred, obviously not how to call how to deduct me so much money”
Engineer “May I ask your phone number is?”
Ms. “**********”
Ms. “That’s impossible, how could I have lost so much money for no reason”
Engineer “Don’t be nervous, I’m going to show you again. I’ll give you a look again.”
Madam, you’ve been invaded by a Trojan horse.”
Madam, “What should we do then?”
Engineer “Don’t panic, it’s our responsibility to help our customers get back to normal” “We may need some information from you” “Do you have your ID card with you”
Lady “I’m sorry, I’m not sure if I’m going to be able to help you.
Ms. “No”
Engineer “Is your home far away from here”
Ms. “Not far, it’s probably in **** that place”
Engineer “then may need to trouble you to pick up your ID card at home, because there is some information here that needs to be filled in”
Ms. “OK, is it done filling in”
Engineer “Yes”
When you come back after taking the ID card, all the information has been known by the engineer
This is a simple case of fake trust, probably the idea is like this
First, go along with her request, get the phone number, and then through the Trojan Horse to make the other party produce nervousness, at which time she Get your help
It’s just as easy to lasso out the hard-to-get information, and when you get your ID card, all the information is right in front of the engineer’s eyes.
Next to talk to you about the usual need to pay attention to the place
1. Opportunity is always left to the prepared person, in doing everything, we must know in advance to prepare for the event to be psychologically prepared
2. More use of the subconscious mind of the person, emotions, as well as observing the micro-expressions of the person to promote the implementation of the plan
3. Communication, is something that we can not be avoided in the something that cannot be avoided in social work. Learning some of the art of communication can make us better social workers
4. Don’t expose your true self, it’s easy for others to see your weaknesses, which can lead to leakage of information
5. Let your surface with the heart show, even if the inner panic, but also can not show
8. Good accumulation of life in all, learn to use any around you may become your tool things
What are the typical attacks of social engineering
The typical attacks of social engineering are as follows:
1. Phishing attacks: phishing, as a kind of network fraud, mainly utilizes people’s psychological activities to realize fraud. For example, attackers use deceptive emails or fake Web sites to implement fraudulent activities, and the defrauded will often disclose their personal privacy information, such as disclosing their credit card numbers, accounts and passwords under the other party’s inducement.
In recent years, frauds disguised as major banks’ homepages and conducted through malicious Web sites have occurred frequently. Phishing is an attack based on human greed and the psychological factors that make it easy to trust people.
Common phishing attacks include attacks using fake emails, attacks using fake websites, attacks using instant messaging tools such as QQ and WeChat, attacks using hacker Trojans, attacks using system vulnerabilities, and attacks using mobile communication devices.
2, password psychology attack: password psychology is to start from people’s psychology, analyze each other’s psychological status and changes, so as to get the required password faster. Password psychology uses psychological tactics rather than technical cracking methods. Common password psychology attacks are: password cracking for the attacked person’s birthday or birth date.
Password cracking for the user’s mobile phone number or local area code; password cracking for the user’s ID number; password cracking for the user’s name or the name of his friends and relatives; password cracking for the default passwords used by some web servers; password cracking for something like “1234567” “abc123” and other commonly used passwords.
3, the collection of sensitive information attacks: the attacker can be in QQ, WeChat, blogs and other communication platforms to collect the attacker’s relevant information, organized and analyzed as the implementation of the attack on the reference and basis.
Common means of collecting sensitive information are: collecting target information and data according to search engines; collecting target information and data according to stamping and surveys; collecting target information and data according to phishing; collecting target information and data according to flaws in the management of enterprise personnel.
4, intimidation of the attacked attack: attackers in the implementation of social engineering attack process, often use the attack target management personnel on security, vulnerabilities, viruses and other content sensitivity to the identity of the authority to appear, spreading security warnings .
System risk and other news, the use of alarmist tactics to intimidate, deceive the attacker, and claim that not in accordance with their way to deal with the problem will cause very serious harm and loss, and then use this way to realize the attacker’s access to sensitive information.