These attacks are on the rise. They are also getting more effective by using ever more specific information about their victims. The social-engineering attack someone tried on me last week was pretty crude – to me. It was probably effective on someone else. That’s what has me worried. This one was a phone call but it could have just as easily been an email or a website. The recorded voice said, “We’re calling from XXXX Bank with security concerns about your XXXX card. Please push 1 for more information.” I hung up and found out later from an article in the local newspaper that the next step would have been asking me to enter account information and all that other stuff I don’t want anyone to have. This was the first brush, that I’m aware of, with a social engineering attack but I’m clearly one of the lucky ones. According to a new study, 48 percent of businesses surveyed had been victims of social engineering and had experienced 25 or more attacks in the past two years. The report, by security firm Check Point Software Technologies, said successful attacks cost victims an average of $25,000 – $100,000 per incident. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe [Also see Social engineering: The basics] The thing that got me to hang up immediately was that I’m not a customer of that bank nor do I happen to have the card they were asking about. Only later did I remember my father-in-law telling me he had gotten a similar call the week before. If I’d had been a customer of that bank, would I have remembered that or would I have fallen for it? The fact that it was a phone call was also working against the crooks in this case. It is hard to make a phone call look or sound official. That’s almost certainly why the most common attack vectors for these attacks are phishing emails (47 percent of incidents, according to the study) and social networking sites (39 percent). We know the criminals were using a fairly generic set of phone numbers because it hit me, someone outside of their target audience. But that was a matter of dumb luck or dumb crooks. Pinpointing the right group is no harder for them than it is for an online marketer. Just as with the marketers, the more specific information these people use the more likely they are to “make their sale.” [Also see 9 dirty tricks: Social engineer’s favorite pick-up lines] Now I know that I pay more attention to security stuff than your average bear. So it’s pretty hard to get me to cough up info doing something like this – I hope. This has me wondering how much information would someone have to have for me to believe them? Whatever that amount is (and I do check all requests any which way I can) it is far more than it would take to gull most people. For a long time I’ve worried about my elderly parents falling for something like this (though clearly my father-in-law is doing OK). I’ve talked to them about assuming any email or call is a con and only giving information if they can verify the request through another channel. And how to find that other channel? Now I think I need to have that talk with a lot of other people, including a reminder talk with myself. But how do you do it with an entire organization? It’s hard enough getting them to even use a strong password. Related content opinion Why Bitcoins are Just as Viable as Any Other Currency The true value of any currency is a reflection of how much people believe it's worth, according to CIO blogger Constantine von Hoffman. But it's wise to remember just how fast beliefs can change. By Constantine von Hoffman Apr 15, 2013 4 mins Government Technology Industry opinion No Surprise: Docs Show Obama Administration Lying About Drones President Obama has repeatedly said drones would only be used against members of al Qaida and allied groups. However, leaked intelligence documents show the administration has been using them to settle political and tribal feuds for at least four yea By Constantine von Hoffman Apr 10, 2013 3 mins Regulation Government opinion How Big Data Can Quickly Become Big Garbage The bigger the data the bigger the chance of mistakes or inaccuracies. In that vein, a large database used by retailers to screen people accused of stealing from employers is identifying innocent people and could result in major lawsuits, according t By Constantine von Hoffman Apr 04, 2013 2 mins Big Data opinion Why Crazy Trumps Logic on the Internet The earth is flat. Vaccines cause autism. 9/11 was a government conspiracy. These are just a few of the many ideas that continue to find adherents online despite overwhelming proof that they're not based on fact. CIO.com blogger Constantine von By Constantine von Hoffman Apr 02, 2013 3 mins Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe