Every time I think about the Anna Kournikova virus, which today turns 10 years old, I think about David Perry and his famous story about one particular support call we received regarding a system infection. The customer was outraged, but not because of the infection. Instead, he wanted to know where he could find the picture of Ms. Kournikova! Apparently the infection was a secondary concern—the customer was upset because there was no picture at the end.
That’s social engineering at work!
Social engineering tricks have gone a long way these past 10 years. The same users that used to be tricked by the Anna Kournikova email script are now much more wary of email messages coming from unknown sources. Now, the battlefield is the Web where the bad guys are trying to trick users into clicking bad links. Modern social engineering often includes the “You need this” and the “You might find this interesting” techniques, also called “imposition” and “curiosity.”
Imposition works by convincing the users that they are in need of something and they will get it by clicking a given link. This may be a security update, a video codec, or some other similar offering. This is often forced on the user by fear. (If you don’t get the update, you will get attacked by hackers!)
Curiosity, on the other hand, works by telling the users that what follows is interesting and they’ll like it. People love to discover new things and to tell their friends about these. (A prime example is the “watch this Angelina Jolie nude movie” spam run that we saw in 2008.)
Even though the delivery has changed over the years, social engineering attacks the very core of our human behavior, it hasn’t changed in 10 years and will likely never do so.
Did you know that the most visited post ever of this very blog is the one we mentioned above, referring to the nude Angelina Jolie attack from 2008? People just keep clicking the link from Google when searching for pics and videos of the actress.
And that’s why social engineering still works, 10 years after people first looked for Anna K.