Five things you need to know about social engineering

The more victims who click links and install the bad guy's software, the more money the criminals make

SOCIAL ENGINEERING IS GROWING UP.

Social engineering, the act of tricking people into giving up sensitive information, is nothing new. Convicted hacker Kevin Mitnick made a name for himself by cold-calling staffers at major U.S. companies and talking them into giving him information. But today's criminals are having a heyday using e-mail and social networks.

A well-written phishing message or virus-laden spam campaign is a cheap, effective way for criminals to get the data they need.

TARGETED ATTACKS ARE ON THE RISE.

Northrop Grumman recently reported that China was "likely" stealing data from the United States in a "long- term, sophisticated network exploitation campaign."

Security experts have noticed criminals were "spear phishing"--getting Trojan horse programs to run on a victim's computer by using carefully crafted e-mail messages. Used to steal intellectual property and state secrets, spear phishing is now everywhere.

CASTING A BROAD NET PAYS OFF TOO.

Less discriminating criminals cast a wider net with their attacks. They pick e-mail subjects everybody's interested in: a message from the IRS, or even "a photo of you."

The more victims who click links and install the bad guy's software, the more money the criminals make. Right now, "they're doing it with messaging that is extremely broad," says Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham.

Click here to find out more!

FREE STUFF CAN BE COSTLY.

Attackers love to tempt people with freebies, security experts say. "The bait that works best is a popular device," says Sherri Davidoff, a penetration tester hired to see if she can break into corporate networks. One of Davidoff's most successful techniques: a fake employee survey.

Victims fill it out thinking they'll qualify to win an iPod if they hand over sensitive information. "Thirty to 35 percent will enter their usernames and passwords to get the iPhone," she says.

PEOPLE TRUST THEIR (HACKED) FRIENDS.

That trust allowed the Koobface worm to spread throughout Facebook and led to a rash of direct-message attacks on Twitter too. It's all part of the next round of socially-engineered attacks, says Steve Santorelli, formerly a Scotland Yard detective and now director of global outreach at Team Cymru.

A few years ago hackers were more focused on the quality of their code. Now, he says, "they are putting an equal effort into social engineering."

Tags securitysocial engineering

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?