- Get link
- X
- Other Apps
Do you have such questions about social engineering?
- What kind of technique do you have?
- What kind of damage is occurring?
- What happens if I suffer damage?
The word social engineering may not feel like you are, but what about the damage cases of social engineerings, such as "wire fraud" and "phishing scam"? You may feel that social engineering is a criminal act aimed at people.
There are two types of social engineering, one aimed at individuals and the other aimed at companies. In this article, we will explain effective measures for individuals and companies from the basic knowledge of what social engineering is. Be sure to take proper measures to prevent criminals from defrauding your valuable property.
What is Social Engineering That Threatens Your Sensitive Information?
What is social engineering?
Social engineering is the act of stealing important confidential information such as login information using analog methods, such as snooping or spoofing, instead of stealing it via a network.
Typical examples are snooping on the login screen (shoulder hacking) and searching for a memo with a password etc. in the garbage (trashing).
It is important for many people to be aware that there is a risk of social engineering, as it requires measures that are completely different from technical defense measures, such as the introduction of security software and network monitoring.
Main methods of social engineering
1. Phishing scam
A phishing scam is to create a page that looks exactly like the login screen of a bank, credit card company or famous internet service and steals the login information entered there.
Creating a fake login page and having it enter information is a human-targeted attack and is classified as social engineering.
Phishing scams are malicious because they are noticed after being damaged (such as withdrawal of deposits without permission), so please also read " What is phishing scams? | Damage, examples, and countermeasures " and take appropriate measures. Let's do it.
2. Wire fraud
There is still a lot of scams trying to trick people close to the target person, such as relatives and people at work, to transfer cash. In the case of wire fraud, the phone is used exclusively as a deception tool, so even people who do not use the Internet are not at risk.
In particular, there is a strong tendency for the elderly to be targeted, and even in social engineering aimed at "people," it is becoming more sophisticated and malicious, so caution is required.
3. Trick the police, managers, etc. to ask by phone
Suppose you get a call from the police saying "Your login information has been hacked." What would you do if you were told "Please tell me your ID and password because I want to get confirmation"? It goes without saying that this is spoofing by an attacker and what happens if you give out your ID and password.
In addition to the police, there are also ways to track network and service managers and operators into making phone calls.
4. Have students fill out the form by mail or questionnaire
There is also a social engineering method of mailing a document in the form of confirmation of personal information or questionnaire and having it filled out. The characteristic of social engineering is not technical but human psychology and the purpose of dispelling the alertness of the recipient is hidden by the mailed document.
5. Snoop on another person's monitor screen, etc.
It's very primitive, but it's still rampant. It is also called "shoulder hacking" because it steals information over the shoulder. In addition to snooping on information entered on other people's PCs at work, there are also many cases of snooping on the hands of people operating smartphones and snooping on unlock passcodes and patterns. I will.
6. Steal information from discarded garbage
If you throw a notepad with confidential information such as a password in the trash can, an attacker may try to find the notepad by catching the discarded trash. This technique is called "trashing" and is often used when targeting a specific tissue.
Not only notepaper, but also storage media such as CDs, DVDs, and USB memory are targeted, so security awareness is required when disposing of garbage. Installing advanced antivirus software will keep you safe from being attacked
Comments
Post a Comment