
  • 博客訪問:

ZF_Social Engineering

(2022-05-17 08:04:08) 下一個




公司人事部年度網課培訓-隱私信息安全。分享一下如何識別Social Engineering:

You are being rushed (when something is urgent, you tend to throw caution to the wind). 被催促了(人一急,易失誤)
You are asked to bypass procedures or ignore policies (this is a sign that what you're being asked to do may be unethical and risky). 被要求跳過程序(這點表示要你做的事情可能不道德和有風險)
Someone is being overly curious or prying (someone asks for information that they shouldn't have access to, or their questions make you uneasy) 異乎尋常的好奇和窺探(問讓人感到不安的問題)
The person uses confusing jargon or technical-sounding language (don't act if you don't understand) 讓人迷惑的行話或者技術性很強的用語(不明白則不行動)
The offer is too good to be true (if a message says you've won something, be skeptical, especially if you don't remember entering a contest). 聽起來好得不得了 (如何說你贏了什麽,持懷疑態度,尤其你不記得參加過什麽比賽的時候。)
The language or grammar used is a little funny or the tone is off (does the message sound like it really came from its supposed source? Does the greeting use your name or is it general?) 遣詞用句不恰當。

你有遇到過這幾個Social Engineering例子嗎?

A voicemail that says you're under investigation for tax fraud and you must call immediately to prevent arrest or criminal investigation.
A text message from an unknown source. It indicates that if you wire only $10 to an investor, he will make it grow to $10,000 with no addtional effort from you. All you need to provide is your bank account information.
An email from your manager requesting you provide the password for the accounting database. The emal stresses that your manager needs it to make sure everyone is paid on time.
An email from customer support at an online shopping website indicating they need to verify your credit card informaiton to protect your account or it will be suspended. The email contains a link to a website that looks like it belongs to the company.


[ 打印 ]