- Malware Social Graph: The Holy Grail of Actionable Intelligence
Attackers harvest email and social networking data to construct organizational social graphs, identifying connectors whose accounts could send social engineering messages, new "clueless" employees...
- Encryption Fun Ways to Change Behavior and Improve Security
Fun can act as positive reinforcement for security behaviors—more powerful than negative reinforcement. Ideas include rewarding badge swipes with jokes, entering complex password users in raffles,...
- Social Engineering Attackers Are Attracted to Email Like Flies to Honey
Email contains business plans, credentials, and sensitive data that attackers harvest after compromising systems—either from local PST files or directly from Exchange servers. Mitigations include...
- Social Engineering How the Scarcity Principle is Used in Online Scams and Attacks
The scarcity principle—people value less available opportunities more—powers online scams: fake expiration countdowns, CAPTCHAs before malware downloads, and login screens blocking desired content....
- Social Networking When Bots Chat With Social Network Participants
Scammers use compromised social network accounts for malicious chats—currently with human operators, but increasingly automated bots. Creating intelligent chat bots for Facebook is straightforward...
- Social Engineering Social Engineering in On-Line Scams: "Home Income Kit"
Online scams use psychological factors to lower victims' guard: greed (easy money), laziness (little work), social compliance (fake Facebook likes and comments), transitive trust (mimicking news...