Rising alert to prevent"hackers" social engineering attacks

social engineering, is using people's weaknesses, to conform with your wishes, desires to meet your way, you fooled some of the ways.Now, this method or a technique, also the"Times" hackers to implement greater use of attacks .Use of social engineering methods to break through the defenses of information security incidents, has shown a rising trend even spread, while the use of traditional methods is difficult to prevent such security for the user's subconscious and psychological inertia of the attack, making the users more than ever faced security risks.

According to Rising the recent release of Rising 2011 annual security report , the current security threat of the Internet consists of three main factors: the viruses and Trojan horses and other malicious programs, phishing, hackers" drag library"attack.Hackers began to use"social engineering" principles of a comprehensive fraud user, password guess, identity forgery, such as viruses and Trojan attacks, this new type of social engineering attacks have fully penetrated into all aspects of black industry, great reality show harm.

principles of social engineering hackers applied to the various links of phishing.According to the analysis, starting from the hackers set up websites, there are four main areas, promote the establishment of site → → View (confidence-building) → pay.Among these four areas, especially after the three aspects of hackers continue to innovate, to enhance the effects and reduce the expression difficult.

the way in promoting fishing website, the main advantage of the search engine hacker attacks, SMS, IM software, email blasts, etc.in four ways.One search engine hacker attack has been the focus of use.Common attack methods include search engine: improving web site click on the right to use the value of the virus, large-scale attack into the phishing site which links to hot word optimization, search engine advertising through the purchase of even a way to promote phishing sites.Guise of various attacks, making very hard to detect phishing sites for Internet users.

In addition to phishing sites, the hackers to steal user database based on frequent attempt "recharge card fraud","false Express fraud" and so on.Rising report shows that the second half of 2011, through QQ, MSN and other chat software to promote phishing sites, or direct fraud cases has increased significantly.Specific form of a hacker to steal the QQ login, MSN account, etc., to their friends to send phishing sites, or direct request to help their friends to buy prepaid calling cards, dirty online games point card so easy to sell digital card products.Caught are not statistics, may be orders of magnitude between tens to hundreds of thousands.These are social engineering attacks harm the real power of example.

In the hacker in all of the mainstream methods of attack, moving from technology-based "hard-hacking" development in psychology, social engineering, business and other fields of data analysis and integrated"soft hacking"based.In fact, these attacks did not have much technical content, but companies spend a lot of money to build a traditional security system is often very difficult to play a role.

susceptible to social engineering attacks is a major factor in lack of safety awareness, traditional information security concept advocated"one-third of technology, seven management", but whether it is technical or management, are focused on those technologies and the growing foreign substances in behavior, ignoring the people at the core of the inner psychology.Faced with these endless "hackers" new means, we would add -"very alert."