The reason why most people are'nt secure over the internet is that most of the attacks against individuals are non-technical and based on the human condition. The so-called social networks are an effective tool for the social predators as well, this was proved again by a quintessential social predator recently.

By posing as a female on Facebook, an 18-year-old male student was able to trick at least 31 male classmates into sending their nude pictures to him. Armed with these images, Anthony Stancl of New Berlin went on to blackmail them into meeting him to perform sexual acts. The extortion scheme happened from spring of 2007 through November, and involved victims as young as 15. If convicted, Stancl faces a maximum sentence of 293 years in prison.

Beyond the shocking nature of the crimes--compounded certainly, by the relatively young ages involved, such a case highlights the increasing ease by which criminals are able to perpetuate social engineering crimes from a purely digital medium. 

Certainly, it reminded me of an experiment conducted a couple of years back in which a fake user--masquerading as a frog--nevertheless succeeded in getting 87 out of 200 Facebook users he contacted to add him. The result is that information such as employer details, hobbies, as well as contact numbers and email addresses were made available to a complete stranger. Indeed, some firms have taken to blocking Facebook.

Whatever the outcome, the implications of this case for computer security in the enterprise are many, and there is no doubt that they bear closer examination. Ultimately, I believe that the enterprise needs to wake up to the very real threat of social engineering and start to make staff training against such attack vectors a matter of priority.

links:

http://www.theregister.co.uk

http://www.fiercecio.com