There is a risk of using social engineering methods to reset passwords and gain control of cloud service management, but this is illegal and ethical behavior. Social engineering is a means of obtaining information or carrying out attacks by manipulating or deceiving human psychology. Criminals may control cloud service accounts by pretending to be legitimate customer service or using the negligence, trust, etc. of the target personnel to induce them to disclose relevant identity information or agree to the password reset process. Cloud service providers usually take a variety of security measures to prevent such attacks, such as strict authentication processes and multi-factor authentication. In order to protect the security of cloud services, users themselves should also raise their security awareness, not disclose sensitive information at will, treat all kinds of abnormal communications and requirements with caution, and avoid becoming victims of social engineering attacks. At the same time, any unauthorized attempt to obtain control of cloud services through illegal means may face legal responsibility.