PC World — When a eBay suffered a massive data breach a few weeks ago, most of the attention revolved around the compromise of passwords and the vulnerabilities in the sites security. While those are legitimate concerns, they obscure the most glaringly weak link in the security chain: people.
Indeed, it was not a sophisticated exploit that facilitated the eBay breach, but an old-fashioned con. Its been determined that as many as 100 eBay employees were likely victims of a social engineering scheme: an attack where the perpetrators arm themselves with enough information to pass themselves off as a known and trusted individual or organization and convince the victim to reveal valuable personal informationin the case of the eBay employees, their logins.
Thats actually not surprising. When I recently asked a number of security experts to weigh in on innovative new attacks we should look out for, I was told the most concerning trend couldnt be remedied by patching and updating applications or thwarted by your security software.