Social engineering using human weaknesses include what
Social engineering is the use of human weaknesses in the body, the acquisition of valuable information on the practice of methods, it is a kind of deception art.
Social engineering (SocialEngineering) is a technique of obtaining one’s own interests through such harmful means as deception and harm through psychological traps such as the victim’s psychological weaknesses, instinctive responses, curiosity, trust, and greed.
Next to tell you a case
A social engineer entered a company to work, relying on his camouflaged cheerful and lively character, quickly and staff mingled, and the boss is also familiar with the familiar
Soon, he soon got the recognition of the company and the company’s employees, and won the trust of the employees and the boss
Chen Ming is the company’s Supervisors
Chen Ming is the supervisor of the company, then he is the target of the engineer, through a short period of interpersonal communication, the engineer succeeded in obtaining the trust of Chen Ming
The company’s business secrets in the boss’s computer, to open the password is needed, and the password is only known to Chen Ming and the boss
This day, Chen Ming just turned on the computer, he received a message from the engineer, “Chen Ming, the boss sent me a
Because Chen Ming and the engineer are very familiar, Chen Ming sent the password to the engineer.
The engineer succeeded in getting the password and entered the company’s computer to obtain business secrets
This is an extremely simple case of social engineering, but also the engineers use the most widely used methods, the principle is roughly like this
Social engineers are first disguised as a good image of the identity that he plays through various means, and is recognized by your company and colleagues. recognized
In this way, the Social Engineer has a greater interpersonal advantage and earns the trust of anyone. The social engineer can then be given
many permissions in the company to carry out certain programs of theirs. For example, access to office areas or confidential areas that should not be allowed
The first attack
Pretexting
is a method of creating false scenarios in order to force the target victim to reveal information that they would not normally want to divulge. The method usually pre-contains a study of the terminology of the particular scenario in order to establish a sensible and reasonable illusion
Tell us a case to better understand
Target of the attack:Obtaining the cell phone number, name, address, and ID card of a person of the opposite sex
First of all, a social engineer masquerading as a mobile business hall attendant, first, locks up a target, a person who is being deducted Charge error of the opposite sex
She asked the engineer “My phone bill is obviously more than a hundred, obviously not how to call how to deduct me so much money”
Engineer “May I ask your phone number is?”
Ms. “**********”
Ms. “That’s impossible, how could I have lost so much money for no reason”
Engineer “Don’t be nervous, I’m going to show you again. I’ll give you a look again.”
Madam, you’ve been invaded by a Trojan horse.”
Madam, “What should I do?”
Engineer “Don’t panic, it’s our responsibility to help our customers get back to normal” “We may need some information from you” “Do you have your ID card with you”
Lady “I don’t know what to do, but I’m not sure if I can do it.
Ms. “No”
Engineer “Is your home far away from here”
Ms. “Not far, it’s probably in **** that place”
Engineer “then may need to trouble you to pick up your ID card at home, because there is some information here that needs to be filled in”
Ms. “OK, is it done filling in”
Engineer “Yes”
When you come back after taking the ID card, all the information has been known by the engineer
This is a simple case of fake trust, probably the idea is like this
First, go along with her request, get the phone number, and then through the Trojan Horse to make the other party produce nervousness, at which time she Get your help
It’s just as easy to lasso out the hard-to-get information, and when you get your ID card, all the information is right in front of the engineer’s eyes.
Next to talk to you about the usual need to pay attention to the place
1. Opportunity is always left to the prepared person, in doing everything, we must know in advance to prepare for the event to be psychologically prepared
2. More use of the subconscious mind of the person, emotions, as well as observing the micro-expressions of the person to promote the implementation of the plan
3. Communication, is something that we can not avoid in the something that cannot be avoided in social work. Learning some of the art of communication can make us better social workers
4. Don’t expose your true self, it’s easy for others to see your weaknesses, which can lead to leakage of information
5. Let your surface with the heart show out, even if the heart is very panic, but also can not show out
8. Good accumulation of everything in life, learn to use anything around you may become your tool things
Social engineering typical attack methods are
Social engineering refers to the use of psychology, sociology, linguistics and other knowledge, through the study of human thinking, behavior, emotions and other factors, so as to achieve the purpose of deception, misdirection, attack and other means. And social engineering attacks are diverse, the following are some typical attacks:
1, phishing attacks: phishing attacks: phishing attacks refers to the attacker through the forgery of legitimate communications or Web sites, to lure the victim to provide sensitive information of a kind of attack. Attackers will send forged messages via email, SMS, etc. to lure victims to click on links or download attachments, and then implant Trojans or viruses in the links or attachments to obtain the victims’ sensitive information.
2. Impersonation attack: Impersonation attack is a type of attack in which the attacker impersonates a legitimate individual or organization in order to gain the victim’s trust and obtain sensitive information. Attackers will impersonate legitimate organizations such as banks and e-commerce platforms, and contact victims by phone or email to trick them into providing personal information such as bank card passwords and account passwords.
3. Threat Attack: A threat attack is an attack in which the attacker achieves the goal of the attack by means of intimidation, inducement, coercion, etc. The attacker will threaten the victim to disclose his or her personal information. The attacker will threaten the victim to disclose his/her personal information or use his/her sensitive information for extortion to achieve the purpose of the attack.
4, snooping attacks: A snooping attack is an attack in which the attacker obtains the victim’s sensitive information by eavesdropping, stealing, and other means. Attackers will be in public places, offices and other places to install eavesdropping, cameras and other equipment, or through network attacks to obtain the control of the victim’s computer camera, microphone and other devices, so as to snoop on the victim’s private information.
In short, the diversity of social engineering attacks makes defense measures more difficult as well. In our daily lives, we need to be more vigilant in protecting our privacy by not divulging personal information so easily.