Last week we discussed ways to avoid non-Internet related hardware and software problems. This week we’ll start a discussion around how international criminals use “Social Engineering” techniques on the Internet to line their pockets, torch your PC and ruin your life.
“Social Engineering” is a term that has been co-opted to describe a genre of Internet exploits aimed at defrauding innocent users. Up until the Internet revolution” Social Engineering” was used to describe how Governments use policy and legislation to create change in society. Probably the best examples of Government “Social Engineering” are the series of post war welfare programs exemplified by Lyndon Johnson’s “The Great Society.” These well intentioned policies were meant to morph undereducated, marginally productive poor folks into happy, well adjusted, educated and productive middle class families. Instead these welfare programs created generations of un-productive, ill educated, broken families captive to the crime infested inner city ghettos that provide the government handouts to which they became addicted. Government “Social Engineering” efforts often result in unfortunate albeit unintended consequences. Internet “Social Engineering” lacks the innocence of good intentions. Its unhappy consequences are deliberate.
Modern Internet “Social Engineering” exploits are varied, sophisticated and effective. There is something for everyone. The techniques are designed to use our own human frailties and biases to make us take action that benefits the perpetrator at our own expense. Whether by nature you are greedy or generous, suspicious or trusting, thoughtful or reckless it doesn’t matter. The bad guys have an exploit designed to fit your particular biases. All they need to do is find a way to get their story in front of you.
One way they do it is to broadcast their scam to everyone on the WWW. The Nigerian Bank Manager scam has been around the Internet for twenty years. We see a variations a couple of times a month. They ask for your bank account number so they can smuggle millions of dollars out of Africa. As a reward you get to keep a few million for your trouble. How could anyone fall for it? Most folks don’t. But if they send out a million requests each week and only one person out of a thousand responds, they get a thousand new victims.
It’s much easier if they can narrow their target and fine tune their “pitch” to potential victims. That’s why Internet privacy is such a big deal. Internet companies sell their customer contact information. Browsers track your surfing patterns and sell your information. Everywhere you go everything you buy, every donation you make and all the personal data you post on social media can be consolidated to create an accurate profile of your preferences, biases and fears. Psychologists use this information to create a demographic group made up of you and people like you. Their criminal clients are then able to “phish” for you with exactly the right bait.
Each week we see several examples of “phishing” exploits. Some are sad, some are hilarious but one thing they all have in common, they all rob users of time and money. Next week we’ll continue the “Social Engineering” discussion with some highly entertaining examples from our experiences here at The Computer factory.