If malware were biological, the world would be in the grip of the worst pandemic in history. In 2009, more than 25 million unique malware programs were identified, more than all the malware programs ever created in all previous years. No one need wonder what all that malware is trying to do: It's trying to steal money -- through data theft, bank transfers, stolen passwords, or swiped identities.

If the Internet is the new Wild West, then hackers are the wanted outlaws of our time. And like the gun-slinging bad boys before them, all it takes is one wrong move to land them in jail.

When it comes to social engineering attacks, larger companies attract more of them, and when they are victimized it costs more per incident, according to a survey sponsored by Check Point.

The latest social engineering trick to get victims to open malicious email attachments accuses them of being spammers and threatens to sue them if they don't stop.

Despite increases in the number and capability of botnets for distributed denial of service (DDoS) attacks, social engineering remains one of the largest cyber security threats to IT infrastructure according to the Australian Federal Police (AFP).

Social engineering, the act of tricking people into giving up sensitive information, is nothing new. Convicted hacker Kevin Mitnick made a name for himself by cold-calling staffers at major U.S. companies and talking them into giving him information. But today's criminals are having a heyday using e-mail and social networks. A well-written phishing message or virus-laden spam campaign is a cheap, effective way for criminals to get the data they need.

Most people lie, whether they're covering up something sinister or just embarrassed over a mistake. Research conducted a few years ago at the University of Massachusetts found that 60 percent of participants lied at least once during an observed 10-minute conversation.

Social engineering and mind games expert Brian Brushwood has not come by his knowledge in the traditional manner of school or business training. Brushwood is the host of the Internet video series Scam School, a show he describes as dedicated to social engineering in the bar and on the street.

Chris Nickerson is willing to push it about as far as a person can go when it comes to security assessments. The founder of Lares, a security consultancy in Colorado, Nickerson conducts what he calls "Red Team Assessments" for clients. He is paid to try and dupe a client, and the client's employees, to give them a clear picture of the weak spots in their security plan. He then advises them on how to shore up defenses more effectively in the event a real criminal comes knocking.