The internet has experienced a lot of breaches since its inception, and almost all of them can be attributed to one vulnerability, human error. That’s right; we are a vulnerability waiting to be exploited. Cybercriminals exploit this vulnerability using only one attack; Social engineering. This technique involves manipulations based on trust to trick and fool an individual into giving out confidential and sensitive information. Most of the time, an attacker uses the little-known information to gain your trust.
网络犯罪分子如何实施社交工程
网络犯罪分子如何实施社交工程即使不涉及互联网,也可以通过多种方式实施社交工程。以下是攻击者实施这种技术的主要方式;
- Phishing – This is the most common and most successful form of social engineering. When phishing, cybercriminals tend to acquire confidential information by either using emails and then directing an individual to a spoofed site. Most of the email won’t look suspicious. Phishing can be done in various forms including spear phishing and vishing. Spear phishing targets a specific individual or company. Vishing is phishing but through a phone call. Vishing is also common, and at the end, tricked individuals may end up revealing information such as their social security numbers.
- 伪装 -这是一种主要利用谎言获取信任的技术,然后获取可用于确认身份的信息。在使用这种技术时,攻击者甚至会引发同情。例如,攻击者可能会假装需要帮助支付医院账单。一旦你提供了帮助,他们就会掌握你的信息。
- 交换条件--这种方法涉及付出一些东西以获得一些东西。如果你热衷于上网,你可能会看到一些广告,告诉你赢得了 PS4,但要收到物品,你需要输入一些信息,如电话号码、社会保险号和其他敏感信息。
- Baiting – In this technique, cybercriminals entice an individual by commonly providing a free service. For instance, attackers may host free software, games, movies, music, and other files but with a malware hidden within. When a user downloads any of the files, they will trigger the malware and their system will be infected.
避免社交工程攻击
网络安全意识
This involves understanding security and privacy risks, mitigation, and prevention. Once you are equipped with this knowledge, you will know how to deal with phishing, baiting, and other social engineering attacks.
谨慎信任
在互联网上,尤其是在填写在线企业表格时,少提供个人信息。如今,攻击者已经掌握了冒充公司电子邮件和其他需要敏感信息的机构的技巧。此外,在社交媒体账户上少发布敏感信息。
使用双因素身份验证 (2FA)
Besides using strong passwords, ensure you have implemented 2FA in your sensitive accounts. This minimizes the risk of your data getting into wrong hands even after they somehow manage to get your password. Also, avoid using the same password in all your accounts.
使用生物识别身份验证
This is helpful when 2FA is not available especially when financial transactions are involved. Biometrics such as fingerprints can greatly help in reducing fraud by curbing identity theft. Take advantage of this form of authentication if it’s available.
使用 VPN
By providing security and privacy, a VPN can help reduce and even mitigate social engineering attacks before they occur. When using a VPN, your information won’t be intercepted by prying eyes and also some VPN offer features that enhance your cyber security. Additionally, when using a VPN, you leave a minimal trail of data that even when traced, attackers will end up at the VPN’s doorstep.
