Seven reminders of why technology alone isn't enough to keep you secure.

Sara Peters, Senior Editor

March 17, 2015

9 Slides

Social engineering is nothing new.

In 1849, Samuel Williams, the original "confidence man," as the newspapers named him, engineered gullible strangers out of their valuables simply by asking "Have you confidence in me to trust me with your watch until tomorrow?" Through the late 19th and early 20th century Joseph "Yellow Kid" Weil ran a variety of scams, including conning Benito Mussollini out of $2 million by selling him phony rights to mining lands in Colorado. And of course in the 1960s, Frank Abagnale, subject of the movie Catch Me If You Can, made a living faking identities and passing bad checks.

While technology has made some kinds of fraud more difficult to commit, it's created all sorts of new opportunities for adaptable fraudsters. And even the very strongest security technology can be overcome by a clever social engineer. That's part of the reason security awareness training for end users is so essential.

"Executives 'get it' right away," says Wombat Security president and CEO Joe Ferrara, about awareness training. "The people who are harder to convince are...the die-hard technologists who don't want to leave [anything] in the hands of the user." 

So for you die-hard technologists out there who need convincing, here are a few examples of social engineering prevailing over security technology. A few are my own personal favorites, and a few are Ferrara's, who will be presenting a session on the topic at the Interop Las Vegas conference.

About the Author(s)

Sara Peters

Senior Editor

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights