Home / Blog
Written by: 7/5/2011 12:43 PM
Kids do it. Adults do it. Everyone does it. We find lost items that don’t belong to us, keep them, and use them without much thought as to where they may have come from—or where they might have been. Finders, keepers—right?
Or how about “one man’s trash is another man’s treasure?”
In the recent instance of the Department of Homeland Security, perhaps “curiosity killed the cat” is most appropriate.
The DOHS recently planted several USB drives and CD-ROMs in a facility parking lot to see how many people would pick them up, plug them in, and spread the virus they contained. Not surprisingly, 60% of the people who nabbed a fallen disk plugged it right in and downloaded the malware onto their work computer.
Now, perhaps some of these folks were just being helpful, with every intention of returning the disk to its rightful owner as soon as he or she could be located.
But mostly, everyone is just curious. And everyone likes finding treasure. And everyone loves something for free. It’s human nature—and just the kind of thing that social engineers know, understand, and use to their advantage. If a malicious attacker had used this very same technique in this very same parking lot, a lot of people could be in a lot of trouble right now.
The article goes on to give details about how to best deal with a found USB drive, but I think the general point really goes deeper. Social engineers know human nature and they know how to exploit it—not only with dangling USB carrots but also through appealing or terrifying phishing emails or persuasive language on a pretext phone call.
Don’t fall for it! Trust your instincts, report anything that seems “off,” and remember that if it seems too good to be true, it probably is.
And by all means, put down that fun size candy bar you just found in a drawer in the office supply room. It may not be treasure after all.
Read more here: http://lifehacker.com/5817765/open-found-usb-drivescd+roms-with-a-virtual-machine-to-avoid-malware-attacks