1, my first thought is the awareness of personal information protection: at present, most people who collect social engineering information collect as much personal information as possible through search engines and various social platforms, WeChat, Weibo, Renren and QQ space, and sometimes they also collect information from family and friends to complete the information collection stage. Bad guys need to customize all kinds of words. If I say that the bad guy's script is customized by a professional writer who studies psychology.

2. Password security: It is strongly recommended that individuals establish multiple strong passwords, and the passwords of business systems at work should be subdivided. In many cases, in the face of large state-owned enterprises and banks, attackers first query an internal mailbox through the social work library, and some passwords queried from the social work library can be directly logged in.

If the password expires, they will choose the method of blasting. Many internal mail systems of these large enterprises and institutions do not have verification codes, which can directly blast the OWA of Exchange. If you enter the other party's email system, the bad guys can send you mass emails through good scripts.

3. Mail security: Most anti-spam systems now support SPF filtering, but it does not rule out that the mail header is forged. Many bad guys send emails pretending to be executives of the company, employees of the information center and the operation and maintenance department. Out of trust, many small white employees open each other's Trojan files, so his machine becomes a lamb to be slaughtered.

Must be popularized with employees. If you receive any high-risk operations such as password modification and software download in the email, you must consult a technician!