Social Engineering - Christopher Hadnagy [12]
Realizing how malicious social engineers think, how scammers react to information, and how con men will try anything, can help people to be more aware of what is going on around them.
A team of security enthusiasts and I have scoured the Internet collecting stories that show many different aspects of social engineering. These stories can help answer a vital question—“how is social engineering used in society over time?”—and see where social engineering’s place is and how it is used maliciously.
Social Engineering and Its Place in Society
As already discussed social engineering can be used in many areas of life, but not all of these uses are malicious or bad. Many times social engineering can be used to motivate a person to take an action that is good for them. How?
Think about this: John needs to lose weight. He knows he is unhealthy and needs to do something about it. All of John’s friends are overweight, too. They even make jokes about the joys of being overweight and say things like, “I love not worrying about my figure.” On one hand, this is an aspect of social engineering. It is social proof or consensus, where what you find or deem acceptable is determined by those around you. Because John’s close associations view being overweight as acceptable, it is easier for John to accept it. However, if one of those friends lost weight and did not become judgmental but was motivated to help, the possibility exists that John’s mental frame about his weight might change and he might start to feel that losing weight is possible and good.
This is, in essence, social engineering. So you can clearly see how social engineering fits into society and everyday life, the following sections present a few examples of social engineering, scams, and manipulation and a review of how they worked.
The 419 Scam
The 419 scam, better known as the Nigerian Scam, has grown into an epidemic. You can find an archived story and article about this scam at www.social-engineer.org/wiki/archives/ConMen/ConMen-Scam-NigerianFee.html.
Basically an email (or as of late, a letter) comes to the target telling him he has been singled out for a very lucrative deal and all he needs to do is offer a little bit of help. If the victim will help the letter sender extract a large sum of money from foreign banks he can have a percentage. After the target is confident and “signs on,” a problem arises that causes the target to pay a fee. After the fee is paid another problem comes up, along with another fee. Each problem is “the last” with “one final fee” and this can be stretched out over many months. The victim never sees any money and loses from $10,000–$50,000 USD in the process. What makes this scam so amazing is that in the past, official documents, papers, letterhead, and even face-to-face meetings have been reported.
Recently a variation of this scam has popped up where victims are literally sent a real check. The scammers promise a huge sum of money and want in return only a small portion for their efforts. If the target will wire transfer a small sum (in comparison) of $10,000, when they receive the promised check they can deposit the check and keep the difference. The problem is that the check that comes is a fraud and when the victim goes to cash it she is slapped with check fraud charges and fines, in some cases after the victim has already wired money to the scammer.
This scam is successful because it plays on the victim’s greed. Who wouldn’t give $10,000 to make $1,000,000 or even $100,000? Most smart people would. When these people are presented with official documents, passports, receipts, and even official offices with “government personnel” then their belief is set and they will go to great lengths to complete the deal. Commitment and consistency play a part in this scam as well as obligation. I discuss these attributes in greater detail in later chapters, and when I do, you will see why this scam is so powerful.
The Power of Scarcity
The article