November 27, 2006 5:08 PM PST

Security from A to Z: You

You are the weakest link in the security chain, for the simple reason that it's easier to trick a human than a machine.

A system is only as secure as its users are security savvy. And when it comes to computers, something as rudimentary as a poor choice of password can create a flimsy door into a corporate network that even the most amateur of hackers can kick down.

But it's not just hackers who are breaking and entering. Online fraudsters rely on duping end users to perpetrate their scams.

roundup
The A to Z of security
Read the first part in our rundown of hot security topics, from antivirus to zero-day threats.

Phishing is a technique that relies exclusively on tricking humans. Phishers send e-mails spoofed to appear as if they come from reputable outlets, such as banks or e-commerce companies. The unwary reader is hoodwinked into handing over confidential info such as bank account details and passwords. This allows the fraudster to skip past security systems without the hassle of having to crack them.

Another online con relying on the credulity of human nature is the so-called "Nigerian 419" scam. Typically these scams originate as spam e-mail that tells a long and convoluted story about a vast amount of money stuck in some far-off African state, a share of which could find its way into your bank account if only you follow their instructions (which usually involve requests for personal details and some kind of "transaction fee").

Once someone takes the bait and replies to the original e-mail, the scam develops as the scammers attempt to cream off as much cash as they can by requesting advance fees. One 419er was so effective it took down a bank in Brazil.

And armed with your bank account details and a photocopy of your passport and driving license, it doesn't require a huge leap for someone to commit identity theft.

Other common security slips made by users include opening infected e-mail attachments and clicking on malicious links in spam e-mail. Human gullibility is not the only problem, however. The end user is even more of a security risk if they are acting with malicious intent. A Silicon.com analysis earlier this year warned businesses to consider threats "from within," such as employees with a grudge or those seeking to defraud the business.

The term for the criminal intent to "hack the human" part of the security chain is "social engineering." The techniques used vary widely, but the premise is to apparently offer something desirable to a large number of users (such as pictures of naked celebrities) in order to trick them into clicking.

Natasha Lomas reported for Silicon.com in London.

See more CNET content tagged:
bank, scam, hacker, security, phishing

4 comments

Join the conversation!
Add your comment
BE FARE TO NIGERIA!
WHY THIS ALL COMPLAININGS? EVERY PEOPLES THINK THEY CAN COMPLAIN ABOUT NIGERIA AND BLAMEING NIGERIA FOR ALL OF THESE MAILS! WHY IS THAT?

DON'T YOU KNOW THESE ARE ALL PART OF A PLOT AGAINST NIGERIA TO MAKE FOR NIGERIA A BAD NAMING. NIGERIA IS A BEAUTIFUL COUNTRY WITH RICH TRADITIONS LIKE THE NEW YAM FESTIVAL WHICH IS TO CELEBRATE THE DISCOVERY OF THE YAM IN AFRICA.

IF YOU WANT TO TALK ABOUT NIGERIA YOU SHOULD COME TO NIGERIA FIRST AND THEN TALK ABOUT IT OR AT LEAST TO BE ABLE TO COM TO SEE IT FOR A VISIT BUT SEPTEMBER IS A VERY GOOD TIME BUT NOT TO TALK WITHOUT SEEING. IS THAT CORRECT? NOW YOU DO.

BE FARE TO NIGERIA AND QUIT THESE COMPLAININGS. PLEASE! THEY HURT MY EARS.
Posted by AbediObi (1 comment )
Reply Link Flag
Stop shouting please
Read something about netiquette (This is actually a very old word). Besides everyone with brains can see that Nigeria has nothing to do with it. And since most people without brains don't read security posts, your point is pretty much useless.
Posted by Gino Deblauwe (25 comments )
Link Flag
Oy Vey!!!!
Your email sounds like the 15 emails a day I get from Nigerian scammers-- why do they all come from Nigeria? (Not sarcastic - truly interested in an answer) And why are people actually taken in by them? They are so obviously scams, mispelled, poor English, asking blatantly for money. Isn't this one of the most well known phishing scams on the web? I too wonder why they all seem to come from Nigera-- is it because Nigeria has a better i-net infrastructure? I am truly mystified, as I know all people in Nigera are not "scammers"
Posted by mcann1 (2 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.