I just saw a great piece on CNBC about a security company called Trace Security and how they used a targeted phishing/social engineering scam to take complete control over a computer. Basically Jim Stickley of Trace Security sent webcams via snail mail to five of his friends and family members. The package included a letter explaining that they had been randomly selected to conduct a survey. The installation software had been modified so that Jim could take complete control of the user’s computer and the webcam itself. Jim could download keystrokes, cookies, files, data, take screen shots and control webcam images and video. Jim even modified the webcam to disable the light that would normally be turned on when the webcam was in operation.
In the video he calls up his brother-in-law, one of his ‘victims’, his brother-in-law said that he did not think anything of installing the webcam and running the software. He also said that he had no idea that any of it was going on until Jim actually called him on the phone.Trace Security
John "Mike" Wright