Social engineering attacks: Highlights from 2010

Several high-profile security incidents took place because of well-played social engineering attacks. We look back at four headline-grabbing moments in 2010.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

There were some disturbing results from a capture-the-flag-style contest held at this summer's DefCon security conference. The CTF exercise—called "How Strong Is Your Schmooze?"—was an attempt to raise awareness about social engineering, or human manipulation in order to commit a crime. It challenged contestants to attempt to breach (in an ethical and legal way) information about target companies that could be used for a hypothetical attack.

Also read about basic social engineering tactics and ploys and how to prevent them

Contestants made 140 phone calls to employees at target companies seeking information. Almost all gave the callers the information they were looking for; only five employees did not. And 90 percent of targeted employees opened up a URL sent to them by contestants—even though they really didn't know the person who had sent it. The numbers reveal social engineering is a huge problem for all organizations, said Chris Hadnagy, who organized the contest.

To continue reading this article register now