Famous social engineering attacks: 12 crafty cons

Playing nice and doing what you're told makes you easy prey for con artists.

CSO > wolf in sheeps clothing / fraud / identity theft / social engineering
sirup / Getty Images

Human beings are essentially social creatures. We like to help one another. We generally defer to people higher up in the hierarchy than we are. We tend to trust that other people are honest, mean what they say, and are who they say they are, because questioning any of those things without good reason is rude.

Unfortunately, these social niceties can turn us into the weakest link in information security. Too often hacks result not from technical flaws but from what's known as social engineering: human beings allowing themselves to be convinced to let down their guard. Many of the techniques are as old as con artistry itself, but have been updated for the digital age.

Consider the social engineering attack examples below cautionary tales.

Kevin Mitnick's wild run

Kevin Mitnick was one of the most notorious hackers of the '80s and '90s computer age. His exploits were driven by curiosity, not profit, and social engineering was his superpower. Here's a classic Mitnick trick: in 1979, at the ripe old age of 16, he made friends with some hackers who had found the number for a dialup modem for the system that Digital Equipment Corporation (DEC) used for OS development, but they told him that it was useless because they didn't have an account name or password. Mitnick simply called the system manager at DEC, claimed to be Anton Chernoff, one of the company's lead developers, and said he was having trouble logging in; he was immediately given a login that provided high-level access to the system. (Mitnick, now reformed, is in the security consulting business.)

To continue reading this article register now

Microsoft's very bad year for security: A timeline