Depth: An Exploration of social engineering attacks (II)

Depth: An Exploration of social engineering attacks (I) http://www.bkjia.com/Article/201312/262946.html
In other words, we have not only learned the basic information of the target but also obtained the target IP address. This certainly cannot satisfy the curiosity of hackers. attackers will further obtain sensitive information through the keyboard recorder or remote control software. For example, I carefully prepared a Word file and a malicious exe program. We use Winrar to create a self-extracting file:

We decompress the malware to C: \ ProgramData \ Microsoft

Add and decompress the package and run:

The remaining steps are as follows:

Don't forget to find a Word icon

 

The SFX settings are completed. Check the settings.

Everything is okay, and now we can generate our malicious documents: Now attackers can induce targets by email or other means. Defense of social engineering
Yes, only you can defend against social engineering attacks! Never reveal anything that seems insignificant to you and your company by Using Insecure means (by phone, online, or chatting. If sensitive information is involved, verify the identity of the other party. The real IT department and your financial service provider will not ask your password or other confidential information. Use different passwords for different websites and password services to ensure that your passwords are powerful and complex. Experience after the Buba Translation: This article is very limited and the methods provided are not detailed enough. I have cut out a lot of unnecessary words. please be sure to let me know if there is anything wrong. Via: infosecinstitute has a delete section