Scammers Use Social Engineering
Posted on | November 24, 2009 | 2 Comments
Scamming related to World of Warcraft largely depends on the principles of social engineering. For from the scammer’s point of view it is about gaining the victim’s trust. Trust is a key word, as once you gain a persons trust you can make them hand out sensitive information, which would otherwise be much harder to get.
Scamming people online is easier than scamming people in real life, because the scammer typically never comes face-to-face with the victim. While online, the scammer is also able to distance himself from his wrongdoings. By adopting various aliases, as in the case of kwaidan, the scammer is able to unlink his real self from his criminal alter ego.
If you are interested in learning more about social engineering , I suggest buying my book.
According to the Wikipedia definition, social engineering is broken loosely into the following categories:
1. Pretexting
2. Phishing
3. Baiting
4. Quid pro quo
I will try to explain how the different categories are related to the way most scammers go about conning people into giving out sensitive account information. I will mostly concentrate on those methods I have found to be particularly common in relation to online scamming.
Pretexting: Pretexting is defined as the act of creating and using an invented scenario to persuade a targeted victim to release information or perform an action. From a scammers point of view, pretexting is about shaping the way a victim views, understands and interprets the scammer’s actions. If I tell you I am an authority on something, you are more likely to believe what I am saying to be true. If I tell you I have done this many times before without ever encountering any problems, you are more likely to accept my future proposals. Why wouldn’t you? It has obviously worked for a lot of people before.
Pretexting is also used by scammers to shape a certain character. I’ve heard of cases in which the scammer took on the role of a father with kids. The scammer pulled it off so convincingly that most of his victims had no worries handing over their account information. The scammer seemed so trustworthy and honest. The defninition continues: “Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, or insurance investigators — or any other individual who could have perceived authority or right-to-know in the mind of the targeted victim. The pretexter must simply prepare answers to questions that might be asked by the victim. In some cases all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one’s feet.”
Phishing: We’ve been over this one before. Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business—a bank, or credit card company—requesting “verification” of information and warning of some severe consequences if it is not provided.
Quid pro quo: Something for something. This is often a method used by middle men. The scammer will help you solve a problem and in return demand some sort of information. In relation to account trading, the middle men often acts as a secure link between a buyer and a seller. However, as witnessed so many times, the middle man often succumbs to temptation and abuses the trust confided in him. In other reported cases, the middle man will try to black mail one side of the trade – typically once he has secured valuable information.
You can read much more about social engineering here. It will definitely open your eyes to the devious ways of a scammer. Through education we can hopefully bring down the number of victims dramatically.
Try these related posts:
Tags: Avoid Scammers > Safety
Comments
2 Responses to “Scammers Use Social Engineering”
Leave a Reply
Make your voice heard
Loading ...
November 25th, 2009 @ 6:08 pm
Very useful stuff, thanks!
November 28th, 2009 @ 6:06 pm
Great post and awesome idea btw!
/Francis