UC Berkeley carried out a social engineering attack (actually more of a prank) against the rival USC basketball team. The attack included: a star basketball player, a (ficticious) young lady named Victoria, and some Instant Messaging. Pretty easy and pretty funny.
This story may not seem to have anything to do with securing your PC, but social engineering attacks are (what I believe to be) one of the most common ways a computer user can infect/compromise/divulge/risk their computer/credit card numbers/identity.
- What is a phishing attack? It’s social engineering someone to divulge personal information through confusion, misrepresentation.
- How does spyware often get installed? A user (or even a child wanting
smileys is tricked or enticed to visit a website providing the
spyware and is either hit with a drive-by download or downloads something that seemily safe that *also* contains spyware.
- How does email bourne malware spread? A user gets an attachment from their friend (a name they recognize, just like a phishing site they recognize) and they end up clicking it — bam, they’re infected.
There are many kinds of social engineering, the attack on a USC basketball player shows just how extensive the variations are.
Go read the UC Berkeley attack on USC.
Wikipedia definition: Social Engineering