It happens every day, several times a day: An end-user opens an email attachment or clicks on a URL in an email thinking it's legit -- or just out of curiosity -- and boom, malware infects his or her machine, and the attackers get a foothold into the victim's corporate network.
Duping users is just too easy, and that's what makes social engineering so pervasive and dangerous. Most cyber espionage campaigns and financial-stealing malware attacks start with a clever, and sometimes ridiculously simple, phishing email, which ultimately leads to a major data breach.
Chief human hacker Chris Hadnagy, a social engineering expert and author from Social-Engineer.com, sees these scenarios play out every day while working with corporate clients to help them prevent their users from falling victim to these attacks. Hadnagy also hosts the annual Social Engineering Capture the Flag contest at DEF CON, which this year focused on retailers -- particularly employees at some of the nation's biggest big-box stores (including Home Depot) who gave away troves of potentially sensitive information to cold-callers posing sometimes as the IT department.
[Famed annual contest reveals how many retailers lack sufficient defenses against social engineering. Read Home Depot, Other Retailers Get Social Engineered.]
Hadnagy joins Dark Reading Radio on Wednesday, October 1, at 1:00 p.m. New York time (10:00 a.m. in San Francisco), to talk about the latest social engineering ploys, including those used in the Social Engineering Capture the Flag contest at DEF CON. Hadnagy will explain how his firm works with clients to protect themselves against social engineering and will also provide a postmortem of the DEF CON contest, where Home Depot was among the most socially engineered targets.
Join us tomorrow for the show, which includes a live online chat, where you can ask Hadnagy your social engineering questions. Just register here.