Brad Pitt was put in by ourselves - social engineering

I was bitten by a snake once, and I was afraid of grass ropes for ten years.

Now it is a series of stolen accounts, a lifelong primitive.

After my Evernote was stolen, it was checked by multiple parties, plus actions such as changing my password. The short-term evaluation should not be caused by the browser being invaded and the computer being opened with a back door, but I have no trust in him in a short time, because if there is a way to search for keywords at the bottom, then the account password. . . Logically, it can also be found.

Social engineering, social engineering, in a broad sense, is any use of human nature to obtain confidential information, and there are many things that can be done in the future. So there was a well-known social engineering case in ancient times, that is, the handsome Brad Pitt was accidentally put into the city of Troy and swayed around . It is also because of such an allusion that a famous social engineering virus, commonly known as the Trojan horse, appeared at the beginning of Internet dial-up and broadband. Many people accidentally click on the link of a letter sent by a friend, or download a puzzle with P2P software and win the bid. The minor situation is that the computer slows down, the program is opened abnormally, and the serious situation is that the track of your keyboard input is recorded, or the files in the computer are missing.

How did early social engineering work?

Most of the early social engineering methods are more physical, such as throwing a flash drive on the floor, and then sticking "final exam questions", "candid video out", "company financial report" and so on, and then let the people who find it work very hard He refrained from connecting him to the computer , only to find that there was nothing at that moment, but he did not notice that his computer had already won the lottery. In fact, many companies have implemented anti-blocking measures against such social engineering methods. The most direct way is to lock the USB PORT of employees. Only USB devices authorized by the company can be used. This is to prevent employees from mistakenly putting the poisoned USB into the computer. , resulting in the company's security situation.

The other one is still in use. . . It's called Vishing, or phone (voice) fraud, and it's probably the most well-known. . Mom, I was kidnapped! | I am that little beauty! Don't you remember me? ｜I need money urgently after a car accident, can you transfer 5,000 to me? |Wait blah blah. As for friends who have experienced the era of 0204, that should not be regarded as social engineering, but only a voluntary act that does not match the picture and text 🤣🤣🤣

Why is social engineering so hard to prevent today?

Technology has been upgraded! ! !

Now that the USB flash drive is no longer available, any USB-powered electrical appliance can invade your computer, as long as the chip loaded with the program is installed in the electrical appliance, and when we connect the computer to charge, we can directly Capture our lens (the point is that the lens light can be off when it starts up 😱😱😱, so my habit of using any computer is to stick the lens with paper tape. So there may be terrible social engineering behind the kindness of sending you a USB fan ,for reference only.

 For friends who are using Outlook, in recent years, there are three requirements for information security audits to turn off the email preview function, read in plain text, and turn off automatic download of pictures.

Of course, the preview letter is for when you receive a letter from an annoying colleague, look at the content and the other party won't know ! With the advancement of Outlook technology, the way of intrusion has also improved. Now any malicious attack does not need to click on the link or attract you to click on the attachment, because the intrusion code can be directly embedded in the preview EDM. In the picture, when you preview the picture, you have already won the prize! ! ! So friends who are using Outlook, be sure to change these three items to the default settings. As for the network and the mobile mailbox, due to the different mechanisms, it will be fine if you don't open the attachment.

URLs can be faked! ! !

I definitely did not imply that every day you would pass free stickers links to your relatives and friends. There is no free lunch in the world. If you want free stickers, go to the free section of the sticker store and find them.

1. The URL is fundamentally wrong. This is included in any website you are familiar with. must. want. Exactly. Check if the URL is correct. And now the google ranking is very good, the first place is not necessarily the genuine website, sometimes the ranking of the pirated website is on the genuine website. The cost is double. . . At present, there are also many fake platforms for currency exchange and websites with fake currency values on the blockchain.

Second, the current short URL website can modify the preview image and title! ! ! That is to say, whether it is LINE, DISCORD, FB and other communication software, the preview image and title of the link, as long as it does not feel like the behavior of ordinary friends, don't click! ! ! The most famous cases in the near future should be Tongshenduan Hotpot and Sister Bingbing. . .

With the advancement of technology, people's trading habits and company data are hidden behind the data exchange. Therefore, the prevention of social engineering has also led to the rise of a wave of information security equipment, including cold wallets for virtual currency, physical wallets to prevent credit card theft, HP has also launched a printer with a firewall, and even photographed a series of HP Wolf Security to remind the seriousness of social engineering, I hope you don't encounter it, and you should be more careful when using it on the Internet.

 The key to successful social engineering is to use some of the characteristics of human nature to be kind, curious, cheap, and greedy. No matter how you use it, even if you are familiar with the user interface, you still have to stop, watch, and listen every time you use it.