公司人事部年度网课培训-隐私信息安全。分享一下如何识别Social Engineering:
- You are being rushed (when something is urgent, you tend to throw caution to the wind). 被催促了(人一急,易失误)
- You are asked to bypass procedures or ignore policies (this is a sign that what you're being asked to do may be unethical and risky). 被要求跳过程序(这点表示要你做的事情可能不道德和有风险)
- Someone is being overly curious or prying (someone asks for information that they shouldn't have access to, or their questions make you uneasy) 异乎寻常的好奇和窥探(问让人感到不安的问题)
- The person uses confusing jargon or technical-sounding language (don't act if you don't understand) 让人迷惑的行话或者技术性很强的用语(不明白则不行动)
- The offer is too good to be true (if a message says you've won something, be skeptical, especially if you don't remember entering a contest). 听起来好得不得了 (如何说你赢了什么,持怀疑态度,尤其你不记得参加过什么比赛的时候。)
- The language or grammar used is a little funny or the tone is off (does the message sound like it really came from its supposed source? Does the greeting use your name or is it general?) 遣词用句不恰当。
你有遇到过这几个Social Engineering例子吗?
- A voicemail that says you're under investigation for tax fraud and you must call immediately to prevent arrest or criminal investigation.
- A text message from an unknown source. It indicates that if you wire only $10 to an investor, he will make it grow to $10,000 with no addtional effort from you. All you need to provide is your bank account information.
- An email from your manager requesting you provide the password for the accounting database. The emal stresses that your manager needs it to make sure everyone is paid on time.
- An email from customer support at an online shopping website indicating they need to verify your credit card informaiton to protect your account or it will be suspended. The email contains a link to a website that looks like it belongs to the company.
现在的骗子花样百出,我的原则是:少说,不点击任何link。不贪便宜不上当。天下没有免费午餐,别人凭什么给你好处?