Cybercriminals exploiting 'the human' to steal data

Criminals are increasingly using social engineering to collect personal data from social networking websites, data breaches and other sources according to McAfee.

Its recently released McAfee Security Journal threat report revealed that international experts and McAfee's Avert Labs saw the growing use of social engineering techniques, exploiting human mistakes and weakness rather than having to beat technology.

The Security Journal outlined four major global trends: that the depth of personalised attacks from social networking data would increase, socially-engineered spam would explode in numbers, stock scams would rise and there would be more malicious software which posed as security applications from trusted vendors.

"Cybercriminals are crafting attacks that are virtually impossible for computer users to identify," said Jeff Green, vice president at McAfee Avert Labs. "Phishing scams, e-mail attacks, Trojan horses, and other attacks are so personalised that even someone with the most watchful eye could fall for a carefully socially engineered trap."

As well as updating security technology, McAfee advised that users practiced safe computing and surfing, and to be wary about "too good to be true" offers that came through emails, IMs or social networking messages.

Green added: "It's an easy way for cybercrooks to make money and for spies to steal sensitive data."

McAfee said that in the last six months, scammers have increasingly targeted emotion and curiosity in attempts to steal information, such as with the Olympics, natural disasters and the US presidential election.