What is social work ？

social engineering , A psychological weakness against the victim , Set a trap to cheat , And then gain their own interests .

Chinese translation means ： Deception , Take advantage of human weakness , To fool you 、 Cheat you 、 Get your private information and personal property . A lot of times , Put a user name 、 A picture 、 A string of words , Through social engineering means to be screened, sorted out and investigated , You can master all your personal information , Including family status 、 Hobby 、 Traces left on the Internet, etc .

Social engineering can be regarded as a knowledge in the field of network security , It reminds everyone to pay attention to personal information security protection in the network .

Common social engineering attacks are ：

• The attacker sends an email to the victim , And pretend to be the victim's contact . The email contains suspicious links , If the victim clicks on the link , Will execute the malicious script injected by the attacker , Or redirect the victim to a malicious site .

• The attacker posed as a friend of the victim , Send malicious links to victims , These phishing links may steal the victim's account password or contain malicious attack instructions .

• The attacker claimed to be a wealthy Celebrity , Need a bank account to transfer their wealth , Therefore, they are willing to offer generous remuneration in exchange for the victim's account information . actually , The attacker was trying to steal money from the victim's account .

Will you get caught ？

Look at the following two cases , Will you get caught ？

Case study 1： A little Zhang who covets gifts

Xiao Zhang goes out to a party with his friends , I heard an old man shouting ：“ Scan the yard to get the gift ！” Xiao Zhang's heart wandered for a moment , Take out a cellular phone , I scanned the... Provided by the old man with wechat QR code . After scanning , There is such a Risk warning .

Xiao Zhang has some doubts , But under the old man's persuasion , Or use the browser to scan the code Download a software , Ignoring the possibility that the mobile phone pops up Virus warning . After installing the software , The old man asked Xiao Zhang to register an account , When you see that you need to enter ID number 、 Bank card number And other sensitive information , My friend decisively pulled Xiao Zhang away , And let him uninstall the software . My friend thought to himself ：“ Fortunately, I am witty , Xiao Zhang was almost cheated out of his privacy information .” But behind them , The old man smiled mysteriously .

original , Even if Xiao Zhang doesn't input personal privacy information into the software , Prevent the direct disclosure of information , But the downloaded malware has used hidden Trojans , Put... In Xiao Zhang's mobile phone Mail list 、 Photo album 、 Memorandum Such information is uploaded to the master's server .

I can ：

• Through the contact information in the address book , Send social worker text messages to Xiao Zhang's relatives and friends , Such as borrowing money in the name of Xiao Zhang 、 Said Xiao Zhang had a car accident and needed to transfer money, etc , To defraud money .
• Browse Xiao Zhang's photo album , Threatening the privacy of the photos , Blackmail Xiao Zhang .
• Xiao Zhang even put the passwords of various accounts 、 The bank card number, etc. are recorded in the memo , The old man easily stole his social account and bank account .

Case study 2： Careless former agent Xiao Gan

Xiao Gan is a former agent , I retired because of my careless character , They are arranged to provide for the aged in the ancient capital Xi'an . He once offended an organization in his mission , The leader specially told Xiao Gan ：“ You have to hide your name 、 Low key personhood , Never expose your whereabouts .” But the careless little Gan didn't take it to heart , One day he was in QQ The space released such a statement

According to this article, an organization says , Immediately analyzed the position of Xiao Gan .

The big wild goose pagoda is located in 3 Line and 4 The intersection of line No , From the big wild goose pagoda 7 There are two departure stations of the station , Namely 2 Weiqunan and... Of line 3 Yuhua village of line . Xiao Gan made a transfer while taking the subway , So he started from weiqunan station . Take Weiqu South Railway Station as the center 、 Draw a circle for the radius of 800 meters , The only residential area in Yuanli is Langqiao international city .

That's it , Xiao Gan revealed his address .

To prevent social workers 19 Secret script

How to prevent social engineering attacks ？ The following 19 This secret script may help you .

1、 Important websites /APP Your password should be independent , It's not easy to guess .

2、 Personal computers should be patched frequently , Xiaobian recommends Tencent housekeeper or Baidu guard .

3、 Use IE Browsers should be cautious , Small make up recommend Firefox or Chrome browser .

4、 Support genuine , Include Windows、Office etc. , Because of piracy 、 The cracked version is more likely to have a back door .

5、 Less trusted software , Can be installed in a virtual machine .

6、 Do not escape from prison or root, It is recommended to purchase and install genuine APP .

7、 Don't in public （ Such as airport 、 Cafes, etc ） Use free wireless , Of course, you can use public wireless to do something without privacy , Such as reading novels .

8、 Own wireless AP, Use secure encryption （ Such as WPA2）, The password should be as complicated as possible .

9、 When entering a password anywhere , Pay attention to the surrounding environment , Especially the camera in the corner .

10、 Don't enter passwords on unfamiliar computers , If you enter , Remember to clear the records .

11、 When leaving the computer , Press Win+L Keylock screen .

12、 If you are important , Remember to give BIOS encryption 、 Encrypt hard disk 、 Put key documents in TrueCrypt in 、 Email with PGP encryption .

13、 When staying in a hotel and leaving a room , Remember to turn it off , Lock the computer in the safe .

14、 Meet relatives and friends in QQ、 I borrowed money from you on wechat , It's better to confirm by phone , The person on the other end of the network is not necessarily the person you think .

15、 Even if it's “ official ” SMS is not necessarily 100% trusted , Because the base station can be forged .

16、 Don't believe “ pennies from heaven ” What happened .

17、 It is more recommended to use password or fingerprint on the lock screen of the mobile phone , Graphic passwords are easy to spot .

18、 Don't easily put your name 、 Telephone 、 Email and other information to strangers , False names can be used on many occasions .

19、 The ultimate defense move ： Don't be greedy for cheap 、 Don't mess around .

this 19 This script is easy to say , It's hard to do it completely . that , You just need to remember one ： Only oneself can be trusted , Just 99% Will not be cheated ！

Reference link ：

http://ncc.hust.edu.cn/info/1121/1883.htm

http://daily.zhihu.com/story/3033743