Judging only from my personal experiences, I think one of the top contributors to social engineering attempts is online gaming. Countless times I’d be minding my own business playing a game, when all of a sudden a person will ask all sorts of information about me. Well, I know it’s common in online gaming to ask “where from?”, but when a person starts asking you for your name, age, Facebook info, e-mail, etc., then I become suspicious. Add to that the fact that there are many hacks / programs out there allow you to retrieve IP and ISP information from others on a server, and you’ve got a problem to think about. Then add to the fact all the ports you have open either for the game or other reasons.
I’m also well aware that a lot of these people who spend all day on an online game can be creepy. Many of them awe there just to make friends, some have mental problems, and some just want to release anger… Now, I’m not one to judge a person, but it’s a catch 22 when you ignore someones perceived friendship attempts because you have no way of knowing their intentions.
What do you guys think? Just out of curiosity, have any of you gamers out there experienced first hand phishing/ social engineering attempts on the servers you play?