MX Logic
Resources Support Contact MX Logic Login
Search
MX Logic Advantage Services Technology Partners News & Events About MX Logic

MX Logic » MX Logic IT Security Blog
29 June 2007

Social En-June-Eering

As we look back at the month of June, one could call it the month of Social Engineering in the spam world.

Although the original outbreaks started in May with the government agency scams purporting to be from the Better Business Bureau and the IRS, they extended into June with spoofs against the FTC and most recently the Department of Justice. Throw a fake Microsoft patch and a fake Proforma invoice into the mix too, and you have what made for a pretty busy month!

So, why did these scams work? Putting aside the targetting tactics used, the real culprit here is social engineering. According to Wikipedia, social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. How does one do that? How does a scammer manipulate you into doing exactly what THEY want you to do? Simply put, social engineering is about establishing trust or credibility with the person that you are attempting to scam. On other levels it can also plead to the human sense of want or desire.

The government agency scams mastered the art of social engineering in a number of ways that we spoke about in previous blog entries such as the method of targetting and the inclusion of specific information within the message body.

Let's use the BBB scam as an initial study. The BBB scam targetted itself towards high level executives at organizations. Why? For starters, if the CEO of a company receives an email purporting to be from the Better Business Bureau it is likely to get more attention than if it were sent to the guy who works in the mailroom. Secondly, C-level executives are generally more affluent, and as a result if they do get victimized they have a lot more to lose to the scammer ranging from higher bank and brokerage account balances to corporate trade secrets.

Social engineering is a key driver to the success of any cybercrime campaign. Without effective social engineering, you'll fool only the most gullible (like the people who still go out and buy V1@gr@...I never did understand that!). Even though anything north of a 0% success rate is profitable to the scammer, most aren't in it for nickels and dimes. They are in it for the nice house on the beach and expensive foreign cars.

We see new examples of cybercrime and its uses of social engineering every day, whether it is an email claiming to contain video clips on breaking news stories (such as was with the Storm Worm), fake Microsoft Windows Operating System patches, or phishing scams posing as IRS refunds (November, 2005), the social engineering aspect of cybercrime is only going to get more advanced and more difficult for even the trained eye to detect. As such, education, education, and more education will continue to be paramount in minimizing the effects of cybercrime.

Posted by smasiello at 11:42 AM | Link | 0 comments
Comments

No comments found.

Post a Comment
Name:   Required
Email:   Required your email address will not be publicly displayed.

Anti-spam key

Type in the text that you see in the above image:

Your comment:

Sorry, no HTML allowed!

MSP Mentor

Privacy Policy
© MX Logic, Inc.
All Rights Reserved.

MX Logic
9781 S. Meridian Blvd. Suite 400 Englewood, CO 80112
Toll-Free: +1.877.MXLOGIC

  MX Logic provides Email Filter, Web Filter and Email Archiving services for use in network security.