Tag Archives: Social Engineering

SaveToby.com? Unbelievable!

I don’t know what’s funnier, that some guy made a website threatening to eat a “cute bunny rabbit” if he didn’t get $50,000 US before the 30th of this month, or that he’s made half of his goal so far in donations! As the folks at .NET Rocks mentioned, this has to be some psych major’s thesis project or something. I know this isn’t tech related, but lets turn this into a security related issue.

The biggest security threat still open today is social engineering. I first heard this term ages ago reading The Cookoo’s Egg (or some other related ‘hacker’ book). The concept is that you can use your whits, not just computer savy, to gain elevated priviledges. We have to do a better job at not falling for every little trick in the book. We have to be more alert. For instance, I received a bounced message in my inbox this morning. I do get a lot of these for several reasons and every now and again, I check them out if I get a lot of them. Looking at the message though, I could tell it wasn’t a real bounced message. It was a phishing scam. The reason why is that it pointed me to my domain with the opportunity to view the bounced message online. The link it pointed me to was using PHP and was in a subdirectory that didn’t exist on my hosting server (I run my own hosting business). This was rather clever, and I’m sure that a lot of these actually yield results.

So while SaveToby.com isn’t a security hole in itself, the concept of engineering a psychological scam on people is not. Be alert. Be vigilant. Be ready to watch a rabbit die now and again.