A fight against the swindlers of social engineering

The reason why Kecin, the world's hacker boss, can intrude into the world's famous big companies is not only relying on excellent technologies, but also the intelligent intrusion of the human brain in social engineering. If the current scammers make it easier for others to follow their own science, the consequences are amazing.
I. Discovery

Party A (me ):

One day, I strolled around the Internet, and suddenly a message was sent to QQ. Click here to see the Verification Code: "It's me !". It is a QQ number with more than 10 digits. I can look at my personal data and find that the information of one of my eldest brother is exactly the same. I thought it was his QQ account that had been stolen, and he passed the verification without thinking too much. Sure enough, he came up with the first sentence: My QQ was stolen. Then I said a few words to me, and then I found that this hacker did not take the initiative to tell me so much and it was too slow to send back messages. What happened today? Confused ing suddenly noticed that his IP address and geographic location were not very good. It was a city in the south. This is also the case. It's no big deal for a hacker to get a proxy server. Then he asked him if he used a proxy. He replied, "Yes! Yes! I am surfing the internet at the Agency's place ?". What is this? I began to doubt the authenticity of this Eldest Brother. It wasn't long before he said

"Bro, help me! I was stolen in the ** wallet. I don't have the money to go home. Can you borrow me? I will pay you back .".

It's impossible. I was still chatting with my eldest brother in Qingdao yesterday. How can I go there now. I can assert that this person must be a liar and he is still a half-hanger. Okay. I can play with him.

"How can I help you, say !"

"Can you lend me some money? Remittance to this account *********"

I dare to tell my bank account. If I call the police, he will take the initiative to send the evidence to me.

"Okay, but how can I transfer money? How much ?"

"When you go to the bank and say that you want to remit money, you will be taught. 200 yuan is enough ."

"Oh! $200 ?"

"Follow you !" I am really calm.

"Oh, that would be 200 rubles"

"Ah! You ............ Okay !" Money loss!

"How can I pay back my money !"

"Let's talk about it !"

"Let's have a meal in the beer city." at the end of the Qingdao Beer Festival, the beer city was closed early to reveal flaws.

"Okay, please try again. Please remit the money quickly. Otherwise, how can I go back"

"Well, you will definitely send it to you when you wait '."

N days have passed!

Party B (SB "hacker "):

Note: The following is my analysis of his heart:

One day, I entered the Qingdao yihongke site and found that there were several members of QQ. Search for the webmaster's QQ and learn about him based on his QQ information. After several days, I found that the webmaster only accessed the Internet in the middle of the night. Search for the QQ information (that is, me) of another Member and find that the member is online. Hmm ...... Based on my talent, I decided that since they are a consortium, the relationship should be good. Since the relationship is good, I pretend that his boss has cheated on him. My social engineering application is really good! So I changed QQ's personal data to nothing different from the webmaster's QQ number.

Then there is a dialog above.

Lessons learned:

Party A: 1. Do not add others to QQ as it is a good guest.

2. Even if an acquaintance uses another QQ program, you must be careful with 0.12 million points. It is best to test him with the latest chat content.

3. There are many smart hackers who have viewed the chat materials of the person he wants to pretend to be. So it is best to compile something that doesn't test his reflection. For example, when will the QQ you asked me to steal for you! (In fact, this is not the case at all.) If his answer is to let you give it to him at some time, he is a liar.

4. Try not to publish your complete QQ number online. Emails are also not frequently used to prevent unnecessary harm.

Party B: 1. It is very silly not to directly tell the credit card account to others.

2. You should have a better understanding of the person you want to pretend to be, for example, pretend to chat with the opposite sex.

3. When pretending to be a person, you need to clearly analyze every sentence said by the person in charge.

Counterattack:

N days later

"Are you a liar ?" Reveal his old background

"What are you talking about !" Still playing silly! Good psychological quality!

"This ** Friend, don't pretend that you are new to your skills"

"What happened when you discovered it? Are you not a hacker? You blow me up !" At first glance, I knew I was "fried"

"What you said"

"Okay, you have a try! I'm not afraid. I told you I used articles as a hacker"

Send me a URL, which is an article under the banyan tree. The content of this article is probably the account under the banyan tree of the author of this article. The hacker who steals his account seems to be a liar, it also allows him to remit money to his account. I was furious!

Won't he lie to others? I'm better than him!

"You are amazing. You are the teacher of my generation ."

"Tuition fee required !"

"Okay. Instructor"

I had to install a patch on QQ. According to QQ, I showed that he analyzed his IP address and port. He was on a LAN, and he was on an Internet cafe. It is not accurate to determine the geographic location based on the IP address. But this port is missing. QQ's default port is 4000. If his port number exceeds 5 characters, it must be a LAN. Otherwise, he just used the port redirection tool or the software to occupy the port. However, he is not very likely to use this tool. It is not easy to do this in the internet cafe. I will not be able to use DDOS to hook up the entire Internet cafe, use a bomb tool. The LAN has _ blank "> firewall bombing is equivalent to bombing the server of the Internet cafe. By the way, I made a prank web page and kept it for him today. Play.

"This is my webpage. Please check it out"

Hey! I sneaked at it. Last 10 seconds after sending

10 ~ 9 ~ 8 ~ 7 ~ 6 ~............ He went offline! Ha! I added a variety of malicious code to the webpage. I opened numerous windows to hold his machine to death. Then, after he restarted the machine, the hard disk would be formatted ............

Conclusion:

In terms of social engineering, it is a liar. It is one-sided but the truth is like this.

I believe most of you are playing online games, but what is the application of social engineering in this field? One of my classmates stood in the game's gamer gathering place and ran to a person to trade with him and said he had taken him before and there was no money on his new account, asking me to give him all the money. My classmates are also stupid enough to give that person a cent of his money. The man asked again if there were any items? As a result, the students gave him some items, and the results were quite appealing. The eldest brother said, "haha! You are cheated again !" I was cheated by just a few simple words, and my classmate deserves sympathy. The scammers may be mistaken, but they also use others' psychology. I know a master named byohacker who once intruded into the system. He chatted with the network administrator and learned the name of the network administrator's girlfriend. Then he wrote a dictionary and successfully cracked the password and intruded into the system.

Some people have defined social engineering as a science or art that allows others to follow your will. I don't think it is useful to have him, but he can make things you want more out of you. Remember that there is no always effective method, and the old technology is not useless. Social engineering allows you to learn how to think things with more brains-remember this is byoox!