Characteristics of social engineering aggression

Social engineering in the network society is directly used in the performance of the attack

Social engineering in the network society is directly used in the performance of the attack are human nature-style attacks, man-in-the-middle attacks and so on.

1, human nature type attack

such as phishing attacks, social engineering attacks, these attacks, the technical content is often very low, targeting is human nature. A bit of liar attack flavor. Famous hacker Fitnick, with this attack as a specialty.

2, man-in-the-middle attacks

All kinds of network attacks, together almost all man-in-the-middle attacks, for the simple reason that any communication between the two sides of the threat of third-party attacks. For example, sniffer attacks, this attack can be said to be the most commonly used network attacks, derived from this, ARP spoofing, DNS spoofing, small to Trojan horse to DLL hijacking and other techniques for dissemination, almost all in the use of man-in-the-middle attacks.

Origin of social engineering:

Social engineering is hacker Mitnick in the “Art of Deception” proposed, its initial purpose is to allow Internet users around the world can understand network security, vigilance, to prevent unnecessary personal losses. However, hackers in our country are still using their means to deceive ignorant netizens to create illegal behaviors, which has a bad social impact and has been severely cracked down by the public security organs. All through various channels to disseminate, spread, teach hacking technology behavior constitute the crime of teaching criminal methods.

After years of application development, social engineering has gradually produced sub-disciplines, such as public security social engineering (referred to as public security social engineering) and network social engineering. According to Yu Xingchen published to the Ministry of Public Security core journal “Police Technology” in 2014, Issue 2, “public security social engineering in network tracking” literature content, put forward the concept of public security social engineering.

Reference: Baidu Encyclopedia – The Art of Deception

What basic natural human tendencies does social engineering take advantage of in order to attack?

Social engineering is the act of exploiting basic natural human tendencies so as to deceive, confuse, or violate the security of others’ information. Social engineers generally utilize the following basic natural tendencies in their attacks:

1. Greed: Using phishing emails or false information about prizes and offers to lure users into clicking on malicious links or providing personal information.

2. Social Responsibility: Using fake charities or reputations of concern for good causes to trick people into donating or giving personal information.

3. Curiosity: Utilizing seductive content such as emotional pornography and hunting to attract people to click on links or download files, thus breeding malware or carrying out cyber attacks.

4. Trustworthiness: Gaining users’ trust through false certificates, disguising identities, and posing as organizations or businesses to commit cyber attacks or data theft.

In short, social engineers attack with the help of basic human natural tendencies, and need to improve users’ information security awareness and preventive capabilities, and be wary of cyber behavior from unknown sources, unknown identities, and untrustworthy messages.

Social engineering in the network society is directly used to attack the performance of

1, acquaintances are good to talk

Social engineers first through a variety of means (including camouflage) to become frequently contacted classmates, colleagues, close friends, etc., and then, gradually, this identity he disguised, recognized by other colleagues in the company, so that the social engineer will often visit the company, and ultimately won the the trust of anyone.

2. Fake similar information background

When one starts to come into contact with people who seem to be familiar with the inner workings of the organization in which they work, and who have some undisclosed information, it is easy to take them as one of your own.

3, disguised as a newcomer to penetrate the internal

If you want to be very sure of access to certain confidential information, social engineers can also disguise themselves as a stranger who comes to apply for a job, so that they can become the company’s “own people”.

4, the use of interview opportunities

Likewise, a lot of important information, often in the interview in the exchange of leaks out, proficient in social engineering hackers will seize this and take advantage of the need to get this information and dedicated to a day of work, you can participate in interviews, access to some of the company’s important information.

5, no taboo on evil people

The average person generally shows anger and viciousness to people, often choose to avoid them, when they see someone in front of them holding a cell phone and arguing loudly, or swearing angrily and constantly, many people will choose to avoid them, and away from them.

6, he understands me like a roundworm in my belly

An experienced social engineer is adept at reading others’ body language and utilizing it.

7, the beauty plan

The old masters have long mentioned the power of the beauty plan, but, more often than not, most people are unable to resist this trick.

8, foreign monks will read the scriptures

A social engineering attacker often plays as some kind of technical consultant, and while accomplishing some consulting work, they also obtain personal information.

9. Kindness is the epitaph of the good

Social engineers will wait for the opportunity to enter the company right behind the employee they see as their target when they open the door and enter with their own password.

10. Have a technical exchange

When unguarded employees, meet well-prepared and well-disguised hackers, people will mostly be inexperienced in responding to social engineering attacks, and thus divulge to the social engineers any and all confidential information they want.

What are the manifestations of social engineering in cybersociety that are directly used in attacks

Social engineering in cybersociety that are directly used in attacks include:

Phishing: Attackers steal personal information from users or take control of users’ accounts by faking real websites and inducing users to enter sensitive information.

Social engineering: Attackers utilize social media and other channels to obtain personal information about targeted users so that they can conduct targeted attacks.

Malware: Attackers use email, social media, and other channels to send malware to targeted users in order to take control of their computers or steal their data.

Internet fraud: Attackers scam targeted users through phone calls, emails, and other channels to obtain money.

These attacks can be carried out by social engineering means. By obtaining information about the target user, the attacker can obtain higher privileges and more in-depth information, which can lead to more in-depth attacks.