Five Things You Need to Know About Social Engineering

Five Things You Need to Know About Social Engineering
Five Things You Need to Know About Social Engineering 

By Robert McMillan
IDG News Service
December 16, 2009 

SOCIAL ENGINEERING IS GROWING UP. Social engineering, the act of 
tricking people into giving up sensitive information, is nothing new. 
Convicted hacker Kevin Mitnick made a name for himself by cold-calling 
staffers at major U.S. companies and talking them into giving him 
information. But today's criminals are having a heyday using e-mail and 
social networks. A well-written phishing message or virus-laden spam 
campaign is a cheap, effective way for criminals to get the data they 

TARGETED ATTACKS ARE ON THE RISE. Northrop Grumman recently reported 
that China was "likely" stealing data from the United States in a "long- 
term, sophisticated network exploitation campaign." Security experts 
have noticed criminals were "spear phishing"--getting Trojan horse 
programs to run on a victim's computer by using carefully crafted e-mail 
messages. Used to steal intellectual property and state secrets, spear 
phishing is now everywhere.

CASTING A BROAD NET PAYS OFF TOO. Less discriminating criminals cast a 
wider net with their attacks. They pick e-mail subjects everybody's 
interested in: a message from the IRS, or even "a photo of you." The 
more victims who click links and install the bad guy's software, the 
more money the criminals make. Right now, "they're doing it with 
messaging that is extremely broad," says Gary Warner, director of 
research in computer forensics at the University of Alabama at 


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods