I received an email today, from a well-intentioned friend that I knew instantly was a hoax that they had forwarded.
We’ve all had them at some point in time “Send this to Bill Gates and 20 friends, he’ll send you a million dollars” for example, they may seem harmless and the opinion is often, well I’ll forward it in case… This kind of ‘too good to be true’ scenario is just that.
But why would anyone bother going to the trouble of starting this kind of chain mail?
Think about the bandwidth that gets wasted, let alone the time for people to click delete or the extra split-second to retrieve your email.
But more importantly, you are enabling thousands of personal emails (often including valuable information like a person’s workplace and telephone number) to potentially get into the hands of internet fraudsters.
Graham Cluley, senior technology consultant from Sophos warned last year: ‘I would advise users intent on sharing these chain emails to check the website of the company apparently making the offer to determine its authenticity, before deciding to click the ‘forward’ button.’
Simple logical advice.
But this is just chain emails and for most of you (I hope) preaching to the converted… what this lead me onto was to consider some of the “harmless” apps that are available on sites like facebook.
Remember the school yard “What is your pornstar name?” lets imagine there is a Facebook app that shows you my “pornstar name” and asks you for yours… not sure what yours is? Well, its your mothers maiden name and your first pet…
…hold on a minute…
…what would be two key security questions you might need to retrieve a lost password? How many profiles include an email address on facebook – combine the two by “allowing this application to access data about you” and an innocent app suddenly has very real and valuable information.
Social Engineering is about exploiting your very human desire to share, in clever ways to extract information about you and those around you.
The most successful viruses of recent times, have been the most simple – sending an infected zip file with a title that entices you to open it. No amount of clever protection can save you from yourself!