Social engineering series: the psychological norms exploited by fraudsters

Posted by:

Be nice.
Be helpful.

These life lessons are ingrained into most of us early on, and, sadly, it’s one of the reasons why many social engineering tactics are successful.

Social engineers manipulate targets into saying or doing things that will provide the desired information, which could be login information or sensitive data like customer lists, development plans or company strategies.

In order to control these ingrained friendly and helpful behaviours – by which I mean being able to identify situations that do not ...

Read More →
0

The PEBCAK scenario: securing systems against non-malicious employees

Posted by:

Ever use the expression PEBCAK? What about ID-Ten-T error?*

While many variations exist, they all mean the same thing: user error. Ignoring the negative sentiment implied, it’s effectively a shorthand to say, “not our fault.”

In the world of, say, technical support, perhaps this expression might be acceptable. Many tech support teams exist simply to ensure their widgets are functioning correctly. But when an IT representative uses such terms to refer to a user within the organization, shouldn’t it raise a red ...

Read More →
1

Cyber criminals capitalize on news of Boston bombing

Posted by:

Cyber criminals remain indifferent and insensitive to events showcased on the national stage, such as the bombings at the Boston marathon on April 15, 2013. Since the event, the Dell SecureWorks CTU(TM) research team has been monitoring the Waledac/Kelihos botnet, which has begun distributing spam claiming to provide information about the bombing (see Figure 1). The email messages contain a single malicious link and entice victims to click the link for more information.

 

Read More →
0
})
SEC Cybersecurity Exams