On online communication platforms, the act of pretending to be a friend to defraud others of sensitive information is often referred to as a ”social engineering attack." The following are some common strategies that an attacker may use to pretend to be a friend in order to obtain sensitive information about others.： ### 1. **Fake identity** -**Imitating acquaintances**: An attacker may create an account similar to the victim's friends or family members, and impersonate the other party by copying their avatars, nicknames, and personal information. -**False identity**: An attacker may claim to be a friend, colleague, or family member of the victim, and use the victim's trust in acquaintances to obtain information. ### 2. **Use emotions** -**Emergency help**: An attacker may fabricate an emergency situation, claim that he needs help, and ask the victim to provide sensitive information or transfer money. -**Emotional manipulation**: An attacker may use the victim's compassion or curiosity to obtain information through emotional manipulation. ### 3. **Phishing link** -**Send malicious links**: An attacker may send seemingly harmless links, but in fact these links will lead the victim to a phishing website and ask for sensitive information. -**Pretending to be a legitimate website**: An attacker may create a page that is very similar to a legitimate website to trick the victim into entering a user name, password, or other sensitive information. ### 4. **Information collection** -**Collecting information through social media**: An attacker may collect personal information through the victim's social media account, and then use this information to pretend to be a mature person. -**Tentative questions**: An attacker may tentatively ask the victim's personal information, such as birthday, address, phone number, etc., through seemingly harmless conversations. ### 5. **Use trust** -**Build a relationship of trust**: An attacker may gradually build a relationship of trust by communicating with the victim for a long time, and then use this trust to obtain sensitive information. -**Use common interests**: An attacker may pretend to have common interests and hobbies with the victim, and gain trust by discussing these topics, and then obtain information. ### 6. **Pretending to be an authority** -**Impersonating customer service or technical support**: An attacker may impersonate customer service or technical support personnel, claiming to need to verify the victim's identity or account information. -**Impersonating an official organization**: An attacker may impersonate a bank, government agency, or other official organization and ask the victim to provide sensitive information. ### 7. **Use fear or threats** -**Create panic**: An attacker may claim that the victim's account or personal information has been compromised by creating panic or threats, and request immediate information to ”solve the problem." -**Threat of retaliation**: The attacker may threaten the victim and if he does not provide information, some kind of retaliation will be taken against him. ### How to prevent these strategies： 1. **Verify identity**: Before sharing sensitive information with others, be sure to verify the identity of the other party through other channels. 2. **Be wary of unfamiliar links**: Don't easily click on links sent by strangers, especially those that look suspicious. 3. **Protect personal information**: Carefully share personal information on social media and avoid disclosing sensitive data. 4. **Use a strong password**: Use different strong passwords for different accounts and change the passwords regularly. 5. **Enable two-factor authentication**: Where possible, enable two-factor authentication to increase account security. 6. **Be vigilant**: Be vigilant for any request for sensitive information or urgent help to avoid being emotionally manipulated. By understanding these strategies and taking appropriate preventive measures, the risk of being defrauded of sensitive information on online communication platforms can be effectively reduced.