ソーシャルエンジニアリング(Social Engineering)
High-quality technical overview of Social Engineering in the context of blockchain security.
Profiles: 1. Malicious (Revenge/Profit). 2. Negligent (Accident/Ignoarance). 3. Compromised (Identity stolen). 4. Mules (Coerced).
graph LR
Center["ソーシャルエンジニアリング(Social Engineering)"]:::main
Rel_cybersecurity["cybersecurity"]:::related -.-> Center
click Rel_cybersecurity "/terms/cybersecurity"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 5歳でもわかるように説明
コンピュータを壊すのではなく、人をだましてパスワードを聞き出す方法のことです。例えば、「銀行の者ですが、システムエラーでパスワードが必要です」とウソをつくようなことです。
🤓 Expert Deep Dive
Technically, insider attacks are identified through 'Anomalous Behavior Patterns'. Since the attacker uses legitimate credentials, security teams must look for 'Lateral Movement' (trying to access folders they don't usually need) or 'Data Staging' (gathering lots of files in one place before sending them out). The 'Zero Trust' model is the primary defense, which operates on the assumption that even people inside the network should be continuously verified. Advanced defenses use UEBA (User and Entity Behavior Analytics) to flag an employee who suddenly starts logging in at 3 AM or accessing HR records when they work in Engineering.