[March 07, 2013]

Someone Has A Secret Crush on You! and Other Social Engineering Ploys That Put You at Risk

Veracode, Inc., the leader in cloud-based application security testing, warns that human hacking is a growing concern in today's hyper connected world, and clever social engineers are finding news to manipulate people into giving up personal information, which can lead to theft. In its most recent infographic, "Hacking the Mind," Veracode details the most common types of human hacking, including phishing, hoaxes and shoulder surfing. The infographic can be found on the Veracode blog at: http://www.veracode.com/blog/2013/03/hacking-the-mind-how-why-social-engineering-works/.

Most people have seen these social engineering attempts in their spam folders (emails that claim to be from a secret admirer) and our Twitter (News - Alert) feeds. Emails from fake secret admirers and tweets from fake friends with links to funny pictures have become commonplace, but cyber thieves are getting more creative, digging further into personal lives via social networks, and capitalizing on the emotions of their targets.

One example, cited in Chris Hadnagy's book Social Engineering: The Art Of Human Hacking, describes a CEO that was duped through a charity scam by hackers wh learned of an ill family member via his Facebook (News - Alert) page. The social engineers sent the CEO an email asking him to donate to a cancer research fund, however a PDF attached to the email was actually malware that took over the CEO's computer when he opened it.

"Social engineering will, remain at the forefront of security awareness education for the foreseeable future because it preys on weaknesses in human behavior, making it very difficult to prevent," said Chris Eng, Vice President of Research at Veracode. "These criminals don't bother with developing and planning a sophisticated technical hack because they can just trick someone into giving them access they need."

While hacker strategies and malware are becoming increasingly complex, one of the most popular methods of accessing private accounts like banking, remains one of the most simple in concept. The art of manipulating people into unwittingly surrendering private data is nothing new.

Veracode recommends enterprise organizations implement annual security awareness training to put a spotlight on what risks are out there and to reinforce policies that will help protect businesses and individuals from falling prey to these types of scams.

About Veracode
Veracode is the only independent provider of cloud-based application intelligence and security verification services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Veracode works with customers in more than 80 countries worldwide representing Global 2000 brands. For more information, visit www.veracode.com, follow on Twitter: @Veracode or read the Veracode Blog.

[ InfoTech Spotlight's Homepage ]