The internet has experienced a lot of breaches since its inception, and almost all of them can be attributed to one vulnerability, human error. That’s right; we are a vulnerability waiting to be exploited. Cybercriminals exploit this vulnerability using only one attack; Social engineering. This technique involves manipulations based on trust to trick and fool an individual into giving out confidential and sensitive information. Most of the time, an attacker uses the little-known information to gain your trust.
網路犯罪分子如何進行社會工程
即使不涉及互聯網,也可以通過多種方式進行社會工程。以下是攻擊者執行此技術的主要方式;
- Phishing – This is the most common and most successful form of social engineering. When phishing, cybercriminals tend to acquire confidential information by either using emails and then directing an individual to a spoofed site. Most of the email won’t look suspicious. Phishing can be done in various forms including spear phishing and vishing. Spear phishing targets a specific individual or company. Vishing is phishing but through a phone call. Vishing is also common, and at the end, tricked individuals may end up revealing information such as their social security numbers.
- 藉口—— 這是一種主要使用謊言來獲得信任的技術,然後獲取可用於確認身份的資訊。攻擊者在使用這種技術時甚至可能會喚起同理心。例如,攻擊者可能會假裝他們需要説明支付醫院帳單。一旦您做出貢獻,他們就會獲得您的資訊。
- 交換條件 – 這種方法涉及給予一些東西以獲得一些東西。如果您熱衷於互聯網,您可能會遇到一些廣告,告訴您贏得了 PS4,但要接收您的物品,您需要輸入一些資訊,例如您的電話號碼、社會安全號碼和其他敏感資訊。
- Baiting – In this technique, cybercriminals entice an individual by commonly providing a free service. For instance, attackers may host free software, games, movies, music, and other files but with a malware hidden within. When a user downloads any of the files, they will trigger the malware and their system will be infected.
避免社會工程攻擊
網路安全意識
This involves understanding security and privacy risks, mitigation, and prevention. Once you are equipped with this knowledge, you will know how to deal with phishing, baiting, and other social engineering attacks.
小心你信任的人
在互聯網上提供較少的個人詳細資訊,尤其是在填寫在線公司表格時。如今,攻擊者已經完善了冒充公司電子郵件和其他需要敏感資訊的機構的藝術。此外,在社交媒體帳戶上發佈不太敏感的資訊。
使用雙因素身份驗證 (2FA)
Besides using strong passwords, ensure you have implemented 2FA in your sensitive accounts. This minimizes the risk of your data getting into wrong hands even after they somehow manage to get your password. Also, avoid using the same password in all your accounts.
使用生物識別身份驗證
This is helpful when 2FA is not available especially when financial transactions are involved. Biometrics such as fingerprints can greatly help in reducing fraud by curbing identity theft. Take advantage of this form of authentication if it’s available.
Use a VPN
By providing security and privacy, a VPN can help reduce and even mitigate social engineering attacks before they occur. When using a VPN, your information won’t be intercepted by prying eyes and also some VPN offer features that enhance your cyber security. Additionally, when using a VPN, you leave a minimal trail of data that even when traced, attackers will end up at the VPN’s doorstep.