Social Engineering: Because There Is No Patch To Human Stupidity
We must never forget that the human being is always the weakest link in a security system, not the technology itself. SecurityFocus just published this great article explaining how social engineering has evolved over the past few years. If don't know what social engineering really is, then I could tell you that it is the art of obtaining confidential information by manipulating legitimate users over the phone, online, and even in person. No medium is really safe from these guys, so watch out!
"Historically, the motivation has been intellectual challenge, bragging rights, access to sensitive information, simple curiosity, or our biggest fear - malicious intent. By knowing why we are at risk, we can better protect ourselves from the foolish things we do, thereby allowing social engineers to exploit us."
If you want to read further on this subject, Kevin Mitnick, a renowned and reformed hacker, has published an excellent book presenting different scenarios where social engineers have manipulated users to gain access to confidential information. The Art of Deception: Controlling the Human Element of Security has been written like a novel, so reading it is both entertaining and informative. If you are in charge of security for your company, you should definitely buy this book. After having read it, you will then be able to teach your users about how to recognize a social engineering attack. It is your job after all, so do it!