Security Software Doesn’t Fix Human Nature
If you’re interested in PC Security, you’ll want to check a look at research recently compiled by the folks at PC Pitstop. Even I was surprised at how much people mistakenly rely on their security software. The research shows that even with some of the most popular and/or highest quality protection computers are still at risk.
It’s not uncommon for a system to be infected and users won’t even know it. Even more common is folks have no clue how an infiltration could have possibility happened. Nine times out ten it will result from a social engineered attack on our human nature. No matter how often people claim they don’t download strange software, they will. They just won’t immediately know it’s a bad file to download or bad link to click on.
Historic Social Engineered Infiltrations
In the early days, the bad guys used simple methods which aren’t much different than the creative attacks used today. Imagine you're a secretary at a company and you get a phone call like…
“This is Mr. Hunt from IBM. It seems someone did something wrong on your computer which have been damaged your accounts payable system. Could you please give me your user name and password so I can correct this error.? We don’t have to report any mistakes to your boss”.
You can bet this kind of breach wasn’t rare and still happens today with a different script. One well known hacker tells the story how he’d just leave a copy of infected floppy disks labeled “Salary Figures” laying around inside a company.
More Recent Infiltrations
Some of you may remember a spyware attack that was spread via an Email claiming to have naked photos of Tennis star Anna Kournikova. Some of you may feel users deserved to get infected falling for this one but it makes for a good example of taking advantage of human nature to spread badware. I’m sure most of you are careful when receiving a greeting card from friends or family. If you’re like me, you’ll contact the person and thank them but let them know you don’t read anything suspicious especially if it’s a online greeting card. Even if a message comes directly from a friend there’s no way to know if that friend hasn’t had their Email or Facebook account compromised. Social engineered attacks have fooled plenty of intelligent people.
Social engineered attacks are getting really good. Ironically, some of the trickiest scheme are given away by poor grammar and bad spelling. Today I received noticed that UPS was trying to deliver an important package but it was signed by DHL Customer Support. Many of the schemes use scare tactics to throw someone off track. Would your family and friends fall for any of the following?
“You have won a new laptop via Amazon’s best customer contest". Click here to download acceptance form.”
“Thank you for the purchase of your new Dell computer. Your PayPal account will be billed $929.95. Click here to cancel this order”.
“There is an Amber Alert for your local area Click here for more information. You can verify this is true on Snopes.com by clicking here”.
Yes, people are falling for these tricks and others. There may be one coming that will fool you so always be skeptical. If you think your family and friends need help maybe you should encourage them to read BitsFromBill.com.
Please feel free to leave a comment with a tricky scheme that didn’t fool you, or even one that did. Our best defense is for all of us to share this information.