10.11.2012, von Hamish Barwick
The technique of using deception and manipulation to gain sufficient knowledge to dupe an unwary individual, employee or company into revealing personal information has the potential to be one of the biggest security threats in 2013 according to a security expert.
Gartner Australia research director, Rob McMillan, who is due to speak at the analyst firm's annual Symposium on the Gold Coast next week, told Computerworld Australia that social engineering has emerged over the last four years as a growing threat, especially for non-IT professionals who do not understand the techniques used by scammers.
For example, the long running Windows Event Viewer scam involves telemarketers calling people, telling them they have a virus and requesting the recipient's authority to run a Windows program called Event Viewer in order to fix 'so-called' bugs in the operating system. Other callers claim they can remove the virus for a fee and ask for people's credit card details.
According to research from Sophos, scammers have called people posing as a member of their company's IT department and named the person's boss in order to gain their trust.
"If you want to break into an organisation you would research that organisation and identify a few individuals that you want to target, than research them," McMillan said. "The reason why this is important is the need for stronger education and depth of understanding for non-security professionals who have access to important resources."