Friday, February 09, 2007

recognizing social engineering - part 1

randy has a timely post over on eset's threatblog about the likely event that anna nicole smith's death will be used by the black hats in a social engineering ploy... it's really a very classic example of how significant media events can be used to fool people into installing malware... as such i thought i'd take the opportunity to generalize a way of detecting some kinds of social engineering - not all kinds, mind you, this won't include HP's pretexting or anything like that, just a classic broad category that randy's hypothetical example falls into...

the sorts of emails that randy describes are those that would appeal to our idle curiosity - we don't care enough to go and look for the info or pictures but if those things come to us then our curiosity can be satisfied... at a fundamental level this boils down to the principle that if something seems to good to be true then it probably is... this is not to say that the death was a good thing, but having answers to questions you never asked (such as what are the details of a now dead celebrity) magically appear in your inbox without any effort on your part is just too good to be true...

emails promising racy pictures of anna kournikova are similarly too good to be true... then there are emails promising information about the recent storms in europe, also too good to be true... emails from microsoft with a critical security patch attached? too good to be true.... emails with the subject line i love you? well the romantic in me doesn't want to admit it but with no evidence to the contrary it's probably too good to be true too... all of these are examples that have been used to spread malware...

good things don't just turn up in your inbox without you asking for them or searching for them or otherwise putting in some kind of effort to get them... the world doesn't hand us our every whim on a silver platter - that's basically what would be going on if things we were even mildly curious about just (supposedly) showed up in our inboxes for no good reason... so next time you're looking through your unread messages (or anything else, for that matter) and you get that "hmmm - that looks interesting" feeling come over you, think about the too good to be true principle and ask yourself if the object of your interest qualifies... ("if the bait looks obvious, don't take it")

0 comments: