tricky…

A comment at Bruce Schneier’s blog regarding phishing and Harry Potter fans has a fairly plausible point, and I can easily see avid Harry Potter fans (the majority of which I’m assuming are fairly young) clicking on links that promise spoilers, downloads, notification of new content, etc, but instead deliver malware. The “beauty” of social engineering attacks online is that you just have to have an inkling about what people want, and somewhere, someone in the world will want it… and those who aren’t so keen or educated about security, like say… the young fans of Harry Potter, are bound to try and click.