Social engineering is nothing new.
In 1849, Samuel Williams, the original "confidence man," as the newspapers named him, engineered gullible strangers out of their valuables simply by asking "Have you confidence in me to trust me with your watch until tomorrow?" Through the late 19th and early 20th century Joseph "Yellow Kid" Weil ran a variety of scams, including conning Benito Mussollini out of $2 million by selling him phony rights to mining lands in Colorado. And of course in the 1960s, Frank Abagnale, subject of the movie Catch Me If You Can, made a living faking identities and passing bad checks.
While technology has made some kinds of fraud more difficult to commit, it's created all sorts of new opportunities for adaptable fraudsters. And even the very strongest security technology can be overcome by a clever social engineer. That's part of the reason security awareness training for end users is so essential.
"Executives 'get it' right away," says Wombat Security president and CEO Joe Ferrara, about awareness training. "The people who are harder to convince are...the die-hard technologists who don't want to leave [anything] in the hands of the user."
So for you die-hard technologists out there who need convincing, here are a few examples of social engineering prevailing over security technology. A few are my own personal favorites, and a few are Ferrara's, who will be presenting a session on the topic at the Interop Las Vegas conference.