Sophos warns hackers are still playing at social engineering

2 Jun 2009

Hackers are still using social-engineering techniques to trick email users into opening their corporate networks up to Trojan Horse attacks, if a fake UPS email is anything to go by.

But why do hackers still believe social-engineering works, and should people not have wised up to this by now?

Sophos expert Graham Cluley said that business email users have been bombarded over the weekend by spam, most often purporting to be from UPS saying it was unable to deliver a package on 14 May because the recipient’s address was wrong.

But attached to the email is a file containing a dangerous Trojan Horse virus called Troj/Agent-KBE.

“We’ve seen similar attacks on many occasions taking advantage of the names of shipping companies such as UPS, Fedex and DHL.

“What is perhaps alarming is that the hackers still seem to think it’s worthwhile using this trick to bust their way into innocent users’ computers. Shouldn’t we all be wise to this kind of social engineering by now?” Cluley asks.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years