The most widely used and effective means to infiltrate a data processing system is spearphishing. Trend Micro recently reported that over 90% of targeted attacks use spearphishing to infiltrate the systems. The core of spearphishing is social engineering – the attacker using his own human experiences and dishonesty to trick other people. In spearphishing, the victim is tricked using email. In a non-cyber example of how easy it is to fool people, Frank Abagnale, Jr., the conman portrayed in “Catch Me If You Can“, related this story in a recent interview with the Minneapolis/St. Paul Business Journal:
I was sitting at the airport and saw all these people putting money in a bank night box. … The next night I rented this bank guard’s uniform from a costume store, stood in front of the box and put a sign on it: ‘Out of Order.’ Everybody handed me the money! Not one person said, ‘Now how can this be out of order? It’s just a box.’ “
A startling example of how little attention people pay to the routine activities of their daily lives. That inattention is the vulnerability exploited by spearphishers. You can learn more about the way the human mind is easily fooled in email by reading, “Why Do People Get Phished?” by Dr. Arun Vishwanath of the State University of New York, Buffalo.