People, corporates easily conned into parting with vital informationJanuary 18th, 2009 - 7:35 pm ICT by IANS
London, Jan 18 (IANS) Both people and corporate organisations, seldom prepared for attacks targeting human gullibility, find themselves easily conned into parting with vital personal information, according to a new study. For example, people in Sweden received calls from someone posing as a representative of their bank’s IT office. He got them to identify themselves using their personal bank encoders, before using those codes to steal money.
Such attacks are called social engineering in the IT context, which refers to the art of using social codes and knowledge of human behaviour to get us to provide information or do things we should not do.
These kind of attacks are the subject of Marcus Nohlberg’s dissertation at Stockholm University in Sweden. “I predicted a couple of years ago that this kind of attack would become common, especially account fraud,” he says.
Despite serious consequences, with many successful fraud attempts, this technique has received little attention among researchers.
Nohlberg’s research has led to enhanced knowledge about what methods attackers use and what it is that makes people and organisations so vulnerable.
Somewhat depressingly, Nohlberg’s research shows that information and training do not work as well as we think, said a Stockholm University release.
“The best thing is practical training, and it’s probable that organisations will need to start running internal checks where they in fact create fictitious attacks in order to identify weaknesses,” said Nohlberg.
Social engineering as a method of fraud is costly for the attacker since it requires commitment and time. However, software and technologies already exist that can interact with other people automatically.
“You can easily imagine how serious it will be when such programmes target victims via digital forums like Facebook in the future. When it becomes just as simple as spreading spam, this will present a major threat to social activities on the Internet,” he said.
Tags: account fraud, attacker, attackers, corporate organisations, corporates, dissertation, encoders, facebook, human behaviour, human gullibility, information london, internal checks, london jan, personal bank, practical training, social engineering, stockholm university, target, university in sweden, vital information