It happens every day, several times a day: An end-user opens an email attachment or clicks on a URL in an email thinking it’s legit — or just out of curiosity — and boom, malware infects his or her machine, and the attackers get a foothold into the victim’s corporate network.
Duping users is just too easy, and that’s what makes social engineering so pervasive and dangerous. Most cyber espionage campaigns and financial-stealing malware attacks start with a clever, and sometimes ridiculously simple, phishing email, which ultimately leads to a major data breach.
Chief human hacker Chris Hadnagy, a social engineering expert and author from Social-Engineer.com, sees these scenarios play out every day while working with corporate clients to help them prevent their users from falling victim to these attacks. Hadnagy also hosts the annual Social Engineering Capture the Flag contest at DEF CON, which this year focused on retailers — particularly employees at some of the nation’s biggest big-box stores (including Home Depot) who gave away troves of potentially sensitive information to cold-callers posing sometimes as the IT department.
via How To Hack A Human.