social engineering - News, Features, and Slideshows

Features

  • Social engineering stories from the front lines

    It's always amazing how little attention social engineering attacks get when discussing enterprise information security risks. After all, it's usually easier to get an unsuspecting employee to click on a link than it is to find an exploitable vulnerability on a reasonably hardened webserver. Social engineering attacks come from many different angles: from targeted e-mails, phone call pretexting, or acting like a service technician or other innocuous person to obtain access to the IT resources and data they seek.

    George V. Hulme | 30 Jan | Read more

  • Social Engineering: The dangers of positive thinking

    CSO Online recently spoke to a person working in the security field with a rather unique job. He's paid to break into places, such as banks and research facilities (both private and government), in order to test their resistance to social engineering and physical attacks.

    Steve Ragan | 06 Jan | Read more

  • The top infosec issues of 2014

    There is still time for any list of the "top information security issues of 2014" to be rendered obsolete. The holiday shopping season is just getting into high gear, after all, and everybody knows it was from late November to mid-December last year when the catastrophic Target breach occurred.

    Taylor Armerding | 18 Nov | Read more

  • Five things you need to know about social engineering

    Social engineering, the act of tricking people into giving up sensitive information, is nothing new. Convicted hacker Kevin Mitnick made a name for himself by cold-calling staffers at major U.S. companies and talking them into giving him information. But today's criminals are having a heyday using e-mail and social networks. A well-written phishing message or virus-laden spam campaign is a cheap, effective way for criminals to get the data they need.

    Robert McMillan | 17 Dec | Read more

  • 4 ways to catch a liar

    Most people lie, whether they're covering up something sinister or just embarrassed over a mistake. Research conducted a few years ago at the University of Massachusetts found that 60 percent of participants lied at least once during an observed 10-minute conversation.

    Joan Goodchild | 28 Jul | Read more

  • Mind games: how social engineers win your confidence

    Social engineering and mind games expert Brian Brushwood has not come by his knowledge in the traditional manner of school or business training. Brushwood is the host of the Internet video series Scam School, a show he describes as dedicated to social engineering in the bar and on the street.

    Joan Goodchild | 23 Jul | Read more

  • Social Engineering: The Fine Art of BS, Face to Face

    Chris Nickerson is willing to push it about as far as a person can go when it comes to security assessments. The founder of Lares, a security consultancy in Colorado, Nickerson conducts what he calls "Red Team Assessments" for clients. He is paid to try and dupe a client, and the client's employees, to give them a clear picture of the weak spots in their security plan. He then advises them on how to shore up defenses more effectively in the event a real criminal comes knocking.

    Joan Goodchild | 08 Jun | Read more