Social Engineering Attacks

Patrick Gray of MIS | Magazine has penned a great article, "Attack of the Cyber-Toxins", detailing the complex issues presented by today's malware. One of the things he touches on is the increasing role social engineering is playing. I discuss this aspect of the problem in more detail in "Malware Evolution: A Change in Target", featured in the March issue of the Microsoft Security Newsletter.

A socially engineered attack is one in which the user is somehow tricked into doing the attacker's bidding. An example would be responding to a phishing email, following the link and entering your banking credentials on a fraudulent website. The stolen credentials are then used for everything from finance fraud to outright identity theft. An old adage comes to mind here, "it pays to be suspicious". With socially engineered attacks, the opposite is also true - if you aren't suspicious, you likely will end up paying.