电子邮件的泛滥, 社交网络ing 和 other forms of electronic communication have made social hacking attacks on businesses more common 和 more 危险ous.
Firewalls or other technical solutions do not help against this type of attack. 但社交黑客到底意味着什么呢? We would like to take this opportunity to explain in more detail what social hacking is 和 what 危险s this type of attack poses to businesses.
Difference between 社会黑客 和 Social Engineering
In the context of social hacking, you will often encounter the term social engineering attack. 社会工程 (“social manipulation”) generally refers to the manipulation of humans. 通过利用人类的某些特征, one attempts to persuade a person to behave as desired by the attacker.
Of 社会黑客 is called when this method is used to penetrate a foreign 计算机系统 or network. After all, cybercriminals have realized 这一 best 安全技术 are of no help if the 人类的弱点 不安全. For systems that are almost impossible to attack because of their technical security, cyber-criminals are using the world of social hacking to gain access.
How do cybercriminals attack the human operating system?
那么，社交黑客到底是什么呢? We like to talk about social hacking about the “human operating system”. 因为之间的 计算机系统 和 人类的大脑 有一些365买球网站或相似之处. This also applies to their vulnerability by cybercriminals. The human operating system can be hacked just like a computer or network. 通常更容易更快!
而对机器的攻击, 例如, 利用安全漏洞, 社交黑客通常利用 人类的特性. 这些包括，例如， 信任, 权威 or 好奇心. For experienced hackers, these features can provide access to your systems!
A cybercriminal calls one of your employees 和 pretends to be an 管理员 在公司的IT部门. 在此之前，他已经获得了情报 社交网络, which should help him to gain the 信任 of the employee. He opens the conversation by talking about the current project in the company. The employee, of course, assumes 这一 call is real. 网络罪犯现在要求 凭证的 他声称需要的员工. 几 技术术语 和 缩写 能帮助迷惑员工吗. And he has already gained access to a system without much effort !
如你所见，在某种程度上，是最好的 安全技术 不帮助 ! Especially social hacking is characterized by the fact 这一 risk of such an attack with technical support can hardly be counteracted. 毕竟,你的 员工是 首先被攻击，而不是任何防火墙.
Therefore, the only solution is to prepare your employees for such attack scenarios using 培训 和 安全意识培训. Only then can they detect a social hacking attack 和n react correctly.
In advance, it can make sense in many cases to use a 模拟社交黑客攻击 find out how your employees react in such cases 和 where the security vulnerabilities are.
社会黑客 has become a popular method of attack by cybercriminals. Exploiting the vulnerability of humans can generate high sums of unfair money. And the catch is: no firewall can help against this type of attack. Alone, alert employees who recognize the tricks 和 let them go into the void can reduce the risk. Therefore, lets discuss what types of social hacking you should know.
Probably the best-known type of social hacking is 网络钓鱼电子邮件. 你们每个人可能都听说过. But a surprising number of people are not aware of the full 危险 最新的钓鱼邮件. We can not say it clearly enough: 网络钓鱼邮件s are getting better 和 harder to recognize.
网络钓鱼邮件是 假电子邮件使用 by attackers to gain access to the user’s personal 信息 和 commit identity theft. 在这一过程中, 人类的品质 such as 信任, 权威 or simple 好奇心 are exploited. With a suitably prepared email, 例如, a victim can be lured to a 网站 他在哪里可以钓到鱼 类型的恶意软件 甚至 危及 整个公司.
A cybercriminal plans to attack one of your employees by sending them a well-designed 网络钓鱼邮件. 这个网络罪犯发现了一个 社交网络 这一 管理员 is enjoying his last vacation on the beach in the Caribbean 和 returning to work on Mondays. He uses this 信息 skillfully to inspire confidence in the employee concerned.
He sends this e-mail on behalf of the 管理员, which says that he has just returned from vacation 和 found 这一re are problems with the account of the employee. In addition, he uses some 技术术语 to make the 欺骗 尽可能的好和混乱.
With a little luck, the employee falls for it 和 gives the cybercriminals 重要的访问数据，然后可以无情地利用! In many cases, this method is combined with deceptively genuine 和 thus 假的网站. 成千上万的 账户 和 密码是 每天都被扔在这些网站上.
这是一个众所周知的例子 欺诈 也是 首席执行官欺诈 ，其中公司被操纵使用 假身份 并要求 转账.
The above-mentioned principle of 欺骗 can basically be transferred. 即使有 电话在美国，网络罪犯可以欺骗你的员工. As mentioned earlier, a cyber criminal often tries to get 信息 in preparation for an attack. 有了正确的 信息, he may be able to exploit the confidence, 好奇心, or even 权威 of an employee. Especially with larger organizations is no longer self-evident that you know each other personally. A cybercriminal might well pretend to be a supervisor in the company 和 get 敏感数据 or 信息, which he can then use for his own benefit.
你也不应该低估这种危险, as more 和 more 信息 is available to cybercriminals today. If you do not exercise caution, you can quickly confuse a cybercriminal with an in-house person!
Believe 这一 cyber criminals of this world are not sleeping. 每一天, 创建新的攻击方法 可能会危及你的生意. There are different types of social hacking, but the principle remains the same. Maybe right now, a cybercriminal even has a new idea on how to exploit the human vulnerability!