Joan Goodchild

In our first Rogues Gallery, we looked at ten infamous social engineers -- con men who exploited human weaknesses rather than technical vulnerabilities.

But there have been computer and network hacks for, well, pretty much as long as we've had computers and networks. The motives behind these intrusions have ranged from curiosity to paranoia (see McKinnon, Gary), through today --when most high-profile hacks are driven by either greed or some form of ideology.

If you fall for a social engineer's trickery, it's embarrassing.

As long as it's happening to someone else, though, it can make for great cinema.

On June 2, 2011, the antisec hacker group known as LulzSec launched a web site. Although they had been an active hacking group for several weeks, the creation of Lulzsecurity.com was their first official web presence other than the Twitter account they had been using.

Shortly after launching LulzSecurity.com, the group experienced a denial-of-service attack and the site was taken down. But within 45 minutes, they were back up and running again -- and they had created an account with CloudFlare, a cloud-based security and performance service for web sites. CloudFlare offers both free and commercial services, and LulzSec had signed up for a free account.

For the past several days, many Facebook users have been seeing adult images in their news feeds that feature pornography, violence and animal abuse -- the result of what security analysts say is a mystery attack.

Some of the images include a Photoshopped picture of Justin Bieber in a pornographic situation and a bloodied, dead dog.

Which tactic works best for a scamming social engineer? Acting like an authority figure and requiring a victim to answer questions and give up sensitive information? Or acting like a nice, trustworthy person who strikes up a friendly conversation and just needs the victim to tell them a few things to help them out?

That was the question asked by the team behind the web site social-engineer.org. They have just released results of a several-months long poll that laid out two different scenarios of how a social engineer might try and elicit information from a victim.

According to figures released recently by Kaspersky Lab, 1300 IT pros were asked about IT risks and security spending. Among large companies, the average security budget is $3.35 million, according to Kaspersky's data.

To Michael Dent, CISO of Fairfax County Government in Virginia, this sounds like an incredibly huge amount of money. After all, he wanted to start his security program with just over $1 million. What he got was about one-quarter of that request.

You may now be savvy enough to know that when a friend reaches out on Facebook and says they've been mugged in London and are in desperate need of cash, that it's a scam. But social engineers, the criminals that pull off these kinds of ploys by trying to trick you, are one step ahead.

Social engineering attacks are getting more specific, according to Chris Hadnagy author of Social Engineering: The Art of Human Hacking.

While 69 percent of organizations have employees using personal devices to connect to their corporate network, more than one-fifth, or 21 percent, currently have no policy in place to govern the use of personal mobile devices on their network. These new figures, released recently from security-products firm Courion, suggest many security leaders are still ignoring the need to address mobile-device management among their employees.

But according to Chris Silva, Senior Vice President, Research and Service Delivery at security firm IANS, having a mobile device policy in place is the most important step to handling the risk inherent to personal mobile-device use.

A survey of more than 3,400 employees in the United States, Great Britain and Australia finds corporate loyalty be damned, your company's data may be on its way out the door when certain employees resign or get laid off.

The research, conducted by Harris Interactive for security firm SailPoint, found a significant number of employees polled admitted to misusing using company data, several in one part of the world even said they would be comfortable selling proprietary and sensitive information for profit.

Social engineers have been using various dirty tricks to fool people for centuries. Social engineering, the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques, is as old as crime itself and has been used in many ways for decades.

For the past several years online, social engineers have been trying to fool unsuspecting users into clicking on malicious links and giving up sensitive information by pretending to be old friends or trusted authorities on email and social networks.

IT and security managers are slowly embracing the growing number of consumer devices, such as iPhones and iPads, that are being used by workers within their organizations, but many enterprises are still overwhelmed by the need to mitigate risk and support the devices. That is the finding of new research released Tuesday by Unisys Corporation. The study was conducted for Unisys by International Data Corp.

While similar research last year found enterprise IT departments were unprepared for the rapidly growing usage of consumer technologies in the workplace, according to the updated survey findings the "consumerization gap" appears to be widening as more organizations realize the trend is unstoppable and inevitable.

A scam that has been making its way around Twitter for some time has resurfaced recently and promises to increase a user's followers, but really gives control of one's account to a questionable third party.

The ruse begins by employing some social engineering with a tweet that says "I will follow back if you follow me" and includes a shortened link. The link then takes you to a web site that offers a service which claims it can round up hundreds, even thousands, of new followers on a Twitter account.