Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
F-Secure has warned that hackers are using instant messaging applications in an attempt to snare personal user log-ins, whilst Sophos has demonstrated the ease with which personal information can be obtained.
F-Secure said that hackers are exploiting messaging apps to ask users about some photos. Messages appear to come from a friend and say: "Are you sure you didn't post these photos?"
A link in the message leads to an official looking website where the photos can be seen. Access to the bogus site requires the user's MSN log-in details, which are then harvested by the fraudsters.
"Let's not forget to be careful on IM, that other favourite medium for spreading social engineering links," said Choon Hong, a web security expert at F-Secure, in a blog post.
Meanwhile, Graham Cluley, senior technology consultant at Sophos, has just published the results of an experiment designed to illustrate the ease with which social engineering attacks can be launched.
Cluley and Carole Theriault, another senior security consultant at Sophos, took to the streets of Bristol armed with a video camera and a flimsy excuse to harvest some personal information.
The pair found that in most cases people were happy to give up their names, date of birth and email address, all of which could be used by criminals to steal an identity.
"Only one person refused to give us any personal information at all. Everyone else at least gave us their name, and most gave us their date of birth and email address. Our feeling was that, if we had engineered our questions and spent more time with each 'victim', we could have probably ascertained their address," said Cluley in a blog post.The security expert advised individuals and businesses to be more careful with personal information."It's not just a personal problem, of course. Businesses and organisations also have a responsibility to look after sensitive information and ensure that it isn't exposed and doesn't fall into the wrong hands," he said.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.