Social engineering attacks: Highlights from 2010

Several high-profile security incidents took place because of well-played social engineering attacks. We look back at four headline-grabbing moments in 2010.

There were some disturbing results from a capture-the-flag-style contest held at this summer's DefCon security conference. The CTF exercise—called "How Strong Is Your Schmooze?"—was an attempt to raise awareness about social engineering, or human manipulation in order to commit a crime. It challenged contestants to attempt to breach (in an ethical and legal way) information about target companies that could be used for a hypothetical attack.

Also read about basic social engineering tactics and ploys and how to prevent them

Contestants made 140 phone calls to employees at target companies seeking information. Almost all gave the callers the information they were looking for; only five employees did not. And 90 percent of targeted employees opened up a URL sent to them by contestants—even though they really didn't know the person who had sent it. The numbers reveal social engineering is a huge problem for all organizations, said Chris Hadnagy, who organized the contest.


An important chapter of the Wikileaks' saga that got so much attention in 2010 involves social engineering, according to Hadnagy. That's because the leaks to Wikileaks founder Julian Assange started with a sneaky ploy to gather government information.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)