Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need.

The Security Response team has compiled the top security trends of 2009. We pulled data from the Global Intelligence Network and the experiences of the thousands of analysts and security experts at Symantec to come up with the top trends for the year.

One thing I see again and again in this job is that people usually don’t think about security until after they are hit with an incident. Companies create disaster recovery plans after the disaster. They come up with incident response teams after the incident. And consumers get antivirus software after they’ve had a virus infect their system.

In the 80’s I lived in NYC. At the time, enterprising hustlers had re-introduced the old Three Card Monte con game to NYC streets. Like wide ties and frozen yogurt shops, Three Card Monte always seemed to come back into fashion. Before you knew it, the streets were full of grifters running games.

Every day when I walk into work I’m greeted by an avalanche of data on new malware and Internet scams. The numbers in the last few years have been staggering. And when you think about the people behind the numbers it can get quite sad—people who’ve had their computers taken over, been scammed, stolen from, and just plain abused by cyberthiefs. It can get to you.

Many years ago I worked in the network router business. Back then, as a product manager, I wrote datasheets. Yeah, exciting stuff, but you have to start somewhere.