The Social Engineering Framework

The Social Engineering Framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspects of social engineering. Please use the index below to find a topic that interests you.

Framework Sections

Section Articles

Crime Victims

By nature, people are trusting and want to believe in each other. This simple fact makes it easy for criminals to find victims. Exploiting human trust allows criminal enterprise to use social engineering tactics to steal from their victims.

Auction Fraud

eBay auction fraud appears to be commonplace. Common tactics include the seller canceling the auction but sending any bidders an email offering the item for “Second Chance” sale. They will then spoof an email appearing to be from eBay offering protections on the sale. This gives the appearance the transaction is taking place with eBay’s blessing. The victim will send payment and never receive the item.

Often times the victims have no idea that eBay had nothing to do with the sale. One victim was so trusting of eBay,  that the could not be convinced the email that appeared to be from eBay was not real.

Check Scams

The premise of check scams is the same but represented in different ways. A cashier’s check is sent to the victim who deposits it into their bank account and then sends a portion of those funds on to another person while keeping a portion for themselves. The cashier’s check is fraudulent and the victim has to cover the funds they thought they deposited.

One victim in this type of scam was recruited after he posted his resume on a well known job placement website. He received a job offer to become a “money handler”. His job was to receive mailed checks, deposit them into his account, keep 10% and send the rest to another person. When asked why the first person couldn’t send the check directly to the third person, the victim replied that the business was legitimate since it came from a reputable website. The victim refused to believe he was scammed and that it was just the first check that was bad.

Fake Lottery

Everyone is looking for easy money. Lottery scams are prevalent and still able to find victims. This scam is accomplished by sending emails or letters notifying potential victims that they have won the lottery in a foreign country. All that is required is a processing fee in order to obtain the huge sum of money that they have won. Victims will often send money to cover the processing fee even though they had never even heard of the lottery before the letter.

One victim of this type of scam was from Mexico, spoke very little English, and fell headfirst into a “Canadian Lottery” scam.

Common Traits

These example scams all have an element of social engineering to them. They make the victims believe something when the reality is completely different. They are all preying on a specific victim motivation. These cases are all about money, so the victim wants to get a good deal or earn the easy money.

Many of the victims want to believe that they are smart, careful, and able to identify when they are being lied to. They don’t want to admit to themselves that they were “stupid” and many victims don’t report the crime to law enforcement because they are embarrassed. The elderly and people who might speak another language are often targeted because it could be easier for the suspect to trick them and confuse them with false promises.

Education and Reporting

There are many things you can do avoid becoming a victim. First, remember the old advice, “If it seems too good to be true, it probably is”. Second, ask as many questions as you can. Don’t take whatever you hear as the truth. Find a second source to confirm if possible.

When you receive a phone call, don’t automatically assume the person is telling you the truth. Banks, the government, and many other corporations will never call you and ask you to verify account details. If you receive a call like this, hang up and call the institution back. Remember that caller ID spoofing is very easy and you cannot trust your Caller ID.

Additional Resources

Visit the following links to learn more: