November 27, 2006 5:08 PM PST
Security from A to Z: You
A system is only as secure as its users are security savvy. And when it comes to computers, something as rudimentary as a poor choice of password can create a flimsy door into a corporate network that even the most amateur of hackers can kick down.
But it's not just hackers who are breaking and entering. Online fraudsters rely on duping end users to perpetrate their scams.
Phishing is a technique that relies exclusively on tricking humans. Phishers send e-mails spoofed to appear as if they come from reputable outlets, such as banks or e-commerce companies. The unwary reader is hoodwinked into handing over confidential info such as bank account details and passwords. This allows the fraudster to skip past security systems without the hassle of having to crack them.
Another online con relying on the credulity of human nature is the so-called "Nigerian 419" scam. Typically these scams originate as spam e-mail that tells a long and convoluted story about a vast amount of money stuck in some far-off African state, a share of which could find its way into your bank account if only you follow their instructions (which usually involve requests for personal details and some kind of "transaction fee").
Once someone takes the bait and replies to the original e-mail, the scam develops as the scammers attempt to cream off as much cash as they can by requesting advance fees. One 419er was so effective it took down a bank in Brazil.
And armed with your bank account details and a photocopy of your passport and driving license, it doesn't require a huge leap for someone to commit identity theft.
Other common security slips made by users include opening infected e-mail attachments and clicking on malicious links in spam e-mail. Human gullibility is not the only problem, however. The end user is even more of a security risk if they are acting with malicious intent. A Silicon.com analysis earlier this year warned businesses to consider threats "from within," such as employees with a grudge or those seeking to defraud the business.
The term for the criminal intent to "hack the human" part of the security chain is "social engineering." The techniques used vary widely, but the premise is to apparently offer something desirable to a large number of users (such as pictures of naked celebrities) in order to trick them into clicking.
Natasha Lomas reported for Silicon.com in London.
4 commentsJoin the conversation! Add your comment