social engineering

  • PayPal users: Beware of holiday phishing scam

    Posted November 16, 2010 - 7:00 pm

    With Black Friday quickly approaching, and retailers racing to outdo each other with earlier and earlier deals, it is safe to say that the holiday shopping season has begun. If you're shopping online, though, and paying with PayPal--be warned. There is a phishing attack targeted just for you.
  • Get up to speed on social engineering

    Posted August 6, 2010 - 8:09 am

    Social Engineering is a bustling enterprise. Fortunately, there are plenty of books and websites that can help you formulate a strategy. The more you learn, the stronger your defense.
  • Social engineer toolkit coming at BSidesLasVegas

    Posted July 26, 2010 - 12:26 pm

    New social engineering techniques will be on full display at this week's Black Hat and DefCon events in Las Vegas. Some have already gained media attention, including a planned social engineering contest at DefCon.
  • why executives are the easiest social engineering targets

    Posted July 14, 2010 - 12:26 pm

    Security managers are often concerned about employees who use Facebook at work and fall for the 419 "I'm trapped in London and need money" scam. Others might still have some in their organization who are convinced it is the Prince of Nigeria who wants to share his fortune. And with spear phishing, a targeted email attack in which messages are created to look like they come from an employer, bank or other trusted source, now a common criminal technique, the need for effective awareness programs for employees has become paramount. But those concerns, according to Jayson Street, a security consultant and CIO of Stratagem 1 Solutions, shouldn't be the chief worry. That's because the biggest social engineering threat is the top executives in a company -- and they're the ones who need to be educated the most.
  • Communication breakdown: Security's language problem

    Posted July 13, 2010 - 11:16 am

    Information security pros are picky about the words they use. CSO's Bill Brenner says the annoying terms aren't going away without some creativity.
  • 15 must-listen podcasts for security pros

    Posted July 1, 2010 - 7:52 am

    Want to keep up-to-date on the latest security trends -- without straining your eyes? Tune in to one (or several) of the 15 podcasts listed here.
  • Social engineering stories

    Posted May 24, 2010 - 4:50 pm

    Like good movies, a successful social engineering scam usually leaves both the perpetrator, and the victim, with an impression they'll never forget. We spoke to security experts about memorable social engineering stories.
  • Five Things You Need to Know About Social Engineering

    Posted December 16, 2009 - 1:55 pm

    Today's criminals are having a heyday using e-mail and social networks to trick people into giving up sensitive information.
  • How hackers find your weak spots

    Posted October 19, 2009 - 9:33 pm

    While there are an infinite number of social engineering exploits, here are some typical ones.
  • Review

    Book Review: The Art of Deception: Controlling the Human Element of Security

    Posted September 2, 2009 - 9:56 am

    If I had only one thing to say about The Art of Deception, it would be that it convinced me that even technologically savvy people fall prey to the guile of practiced social engineers (formerly known as a "con artists" to most of us).
  • MafiaBoy Says People Are The Weakest Security Link

    Posted April 15, 2009 - 10:56 am

    It's weirdly painful yet helpful when successful hackers step out from the shadows and tell us how stupid we are and how they so easily shred our security. The latest episode of this long-running show occurred last week when MafiaBoy, or Michael Calce in meatspace, reminded us once again that social engineering remains the hacker's sharpest tool. ComputerWorld called it “MafiaBoy Spills the Beans.”

  • Security tip: Remove specifics from your WHOIS record

    Posted October 29, 2008 - 7:07 pm

    Sometimes a company shares a little too much information about their organization through public domain records. Play "hard to get" by removing specifics from the WHOIS record that might tempt a social engineering attack. For example, make sure the name of your server does not reflect your current operating system or application version.
  • Can you tell a good URL from a bad one?

    Posted July 29, 2008 - 1:58 pm

    Look at these three URLs:,, Can you tell which (if any) correspond to legitimate service providers? Do you think the average Internet user can tell, too?

Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

Join today!

See more content
Ask a Question