The National Credit Union Administration is warning all Credit Unions about malicious hackers and a low tech attack by mailing branches CDs with malware on them.

Using a somewhat dated but still effective Social Engineering attack, a package designed to look as though it was mailed by the NCUA is sent to the branch. The package contains CDs with the attacker’s malware on it, and an accompanying letter (PDF) which informs the branches, ironically, about phishing scams. The letter directs the personnel to review the “training material” on the enclosed CD. Once branch employees proceed as directed, the malware is executed and gives the attackers access to the branch computer systems. Credit Unions seem to be targeted because they tend to be smaller local associations rather then larger banks with higher budgets for computer security.

When people think computer security, they usually envision high tech systems comprising of long passwords, expensive hardware, and updating software with the latest security patches. However, as famed social engineer and hacker Kevin Mitnick once said, “There is no patch for stupidity”.

[via threat post]

Hacks come in all forms, and psychological hacks are no different. [Noah Goldstein], a behavioral scientist at the University of Chicago, has written a book in which he details scientifically proven methods of persuading others. One of these methods stands out as being particularly useful at alleviating one of the most aggravating aspects of modern life: dealing with customer service representatives over the telephone.

The trick? Be nice, compliment the rep on doing a good job, and offer to write a letter of recommendation. Since it stands to reason that the customer service rep is probably having a crappier day than you (imagine having to talk to a hundred annoyed people five days a week and you’ll get the idea), making the rep feel appreciated is likely to make them want to do more for you in return.

[photo: brycej]

[via BoingBoing]