Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need. I expect it to show up in a revision of Maslow’s Hierarchy of Human Needs any day now—behind love, but certainly ahead of safety.
I do have a point to all this. Two actually. As we compiled the Security Trends to Watch in 2010, what occurred to me is that the people who most needed to read this information never will. At least not without some social engineering on my part. And since social engineering plays such a prominent role in future trends, it seemed appropriate. So I’ve decided to use this little trick to get people to...
The Security Response team has compiled the top security trends of 2009. We pulled data from the Global Intelligence Network and the experiences of the thousands of analysts and security experts at Symantec to come up with the top trends for the year. While none of these trends will be a surprise to anyone even casually following the threat landscape, when compiled and summarized, it is clear that the breadth of security problems in the past year was pretty stunning.
For example:
• Toolkits and threat recycling have made malware easier to create than ever
• Polymorphic technology is being applied to make threats harder to catch
• Botnets, large and small, are used as the foundation of attacks making most attacks complex
• All major news events are used for social engineering
• Major brands are being appropriated by cybercriminals...
Have you booked any airline travel recently? One way or the other, you may be surprised to find some email in your inbox telling you that you have. And, that your credit card has been charged for it! Don’t let curiosity or concern get the better of you—do not open the attachment that is likely accompanying the message. If you do, you would probably end up installing malicious code on your machine.
There are spam messages circulating that are purportedly coming from several major airlines. United Airlines is the latest airline that has been mentioned, but Security Response has seen spam email falsely claiming to be from Northwest Airlines, JetBlue, Midwest Airlines, and Sun Country Airlines. Undoubtedly other airlines will be exploited as well. The email will usually name a specific dollar amount that your credit card has supposedly been charged for air travel. It even offers you a login and password for the airline’s website, but what the...
Sometimes in this job you can be a kill joy. Take, for instance, a situation I was involved in a couple of weeks ago. I had the unpleasant task of informing someone that they were not going to be given 12 million dollars.
I had been invited on the morning show at KSON-FM in San Diego. One of the DJs had received an email he wanted to ask me about. I assumed it was a phishing attack, or perhaps the recent IRS scam that Kelly Conley has blogged about. It turned out he had received an email telling him he was going to be given 12 million dollars. I had to ruin his day. He was not going to be rich, and if he wasn’t careful he might become a victim of the old Spanish Prisoner scam.
This con has been around since the 16th century. 500 years ago you would have received a letter from a man held in a Spanish prison. The...
