In-depth introduction to social engineering

Skilled social engineering users are good at collecting information, and many seem

First, skilled social engineering users are good at collecting information, and many seemingly useless information will be exploited by these people for penetration. For example, a phone number is a person's name. The latter's work ID number may be used. For example, if a social engineering user wants to obtain some information from a credit card company, there is no proof that he can legally obtain the information from the company. At this time, he could use social engineering to collect relevant information from the bank Related to the credit card company for his purpose. For example, if a bank needs to obtain information from a credit card company, the document or ID of the Bank, or the name of the employee who often contacts the credit card company. Many companies now use telephone services for convenience and convenience, which makes it easier for these attackers to take advantage of the services. They only need to provide relevant information from the bank, credit card companies will give some sensitive information to attackers.

Many social engineering attacks are complex, including well-planned and well-integrated techniques. However, you can also find that some skilled social engineering attackers can often achieve his goal in simple ways and directly ask for the information he needs. For example, if someone calls a telephone company and says that, due to a fire, nearby telephone lines and terminals are damaged, so that the calls of dozens of people nearby cannot be used, he is a telephone line Repair Engineer. Maybe he can help with the repair first. However, the repair requires some phone companies not to let non-company staff know the Ming information. But who can deny the selfless assistance of a well-intentioned telephone line maintainer, so that the social engineering attacker can obtain the phone line information he needs.

Building trust is also a means of social engineering, and a very important means. Imagine if you establish a strong trust relationship with people in a company, is it easier to obtain some important sensitive information. It is not easy to gain trust in a short period of time, but it is not impossible. If it proves that you can be trusted, it is not easy to gain trust. Don't understand ?? For example, a telephone company is engaged in promotions. If you want to use the phone for a certain period of time, you can get the latest mobile phone at a penny, the premise is that you must sign a certain period of use of the mobile phone network. One of my friends thought about how he could get the phone at a penny instead of spending money to sign the phone line. So he made A call to A branch of the telephone company, which we call A store. He talked to the employee as follows:
Clerk: This is branch A of telephone company. What can I do for you?
Hello, my name is Ren Xiong. I 've been to your store before. I want to apply for a mobile phone service. You think the clerk surnamed Li (of course you guessed it) I introduced a good service to me. I didn't pay attention to it at the time. Now I have decided to apply for that service ~~~, The clerk is Li ~~~, I don't remember, you know ???
Clerk :~~~, We have two stores named Li. Do you mean male or female ???
Brother Ren: Yes, it's a male. He said his name is Li ~~, Sorry, I forgot my name. Can you tell me ??
Clerk: Li XX
Dear friend, this is Li XX. I will go to your store to complete the relevant service activation procedures. Goodbye
Clerk: Goodbye.

Later, the renxiong called another branch, branch B.
Dear friend, is it branch B?
Clerk: Yes. What can I do for you?
Dear friend, I am Li XX from Branch A. I have A customer who just signed the One-cent mobile phone purchase contract with us, but then I found that the phone model in the store is no longer in stock. Do you still have it in the store ???
Employee: Yes
Dear friend, I have already signed a line agreement with him. Now I want him to go to you. You can sell him a cell phone with a penny.
Clerk: Okay. You can ask him to come.

Half a child, this guy appeared in branch B and exchanged a penny for his cell phone.

Do you understand now ??? As long as you prove that you can be trusted, it is easy to cheat.