Security Through Education

A free learning resource from Social-Engineer, Inc

Home

The Social Engineering Framework

The Social Engineering Framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspects of social engineering. Please use the index below to find a topic that interests you.

Framework Sections

Section Articles

General Discussion

Select a topic from the index below

Crime Victim

Nobody wants to become a crime victim. However,  by nature people are trusting and want to believe in each other. This simple fact makes it easy for criminals to find victims. Manipulating human trust allows criminal enterprise to use social engineering tactics to steal from their victims.

Auction Fraud

eBay auction fraud appears to be commonplace. Common tactics include the seller canceling the auction but sending any bidders an email offering the item for “Second Chance” sale. They will then spoof an email appearing to be from eBay offering protections on the sale. Or as the example below shows, inject fake pages into legitimate websites. This gives the appearance the transaction is taking place with eBay’s blessing. The victim will send payment and never receive the item.

Bayrob Gang

In December 2016, the United States Department of Justice indicted the Romanian Bayrob Gang on 21 counts of cyber fraud conspiracy. According the the United States Department of Justice, the defendants injected fake pages into legitimate websites, such as eBay, to make victims believe they were receiving and following instructions from legitimate websites, when they were actually following the instructions of the defendants. They placed more than 1,000 fraudulent listings for automobiles, motorcycles and other high-priced goods on eBay and similar auction sites.

Photos of the items were infected with malware. The malware, in turn, redirected computers that clicked on the image to fictitious webpages designed by the defendants to resemble legitimate eBay pages. These fictitious webpages prompted users to pay for their goods through a nonexistent “eBay Escrow Agent.” The “Escrow Agent, in reality, was simply a person hired by the defendants. Users paid for the goods to the fraudulent escrow agents, who in turn wired the money to others in Eastern Europe, who in turn gave it to the defendants. The payor/crime victim never received the items and never got their money back. This resulted in a loss of at least $4 million.

crime victims

Image: Symantec, slideshow app infected with Bayrob

 

Check Scams

The premise of check scams is the same but represented in different ways. First, a cashier’s check is sent to the victim. The victim then deposits the cashiers check into their bank account. Next, the victim sends a portion of the funds from the cashiers check to another person. However, in reality, the cashier’s check is fraudulent, and the victim has to cover the funds they thought they deposited.

One crime victim in this type of scam was recruited after he posted his resume on a well known job placement website. He received a job offer to become a “money handler”. His job was to receive mailed checks, deposit them into his account, keep 10% and send the rest to another person. When asked why the first person couldn’t send the check directly to the third person, the victim replied that the business was legitimate since it came from a reputable website. However, the victim refused to believe he was scammed, insisting it was just the first check that was bad.

Real World Example

Quincy Man Arrested For Using Counterfeit Cashier’s Checks to Defraud Victims, Including Law Firms

Fake Lottery and the Crime Victim

Everyone is looking for easy money. Lottery scams are prevalent and still able to find victims. This scam is accomplished by sending emails or letters notifying potential victims that they have won the lottery in a foreign country. All that is required is a processing fee in order to obtain the huge sum of money that they have won. The crime victim will often send money to cover the processing fee even though they had never even heard of the lottery before the letter.

Real World Examples

Jamaican-based Lottery Fraud Scheme
Lottery Scheme that Targeted Elderly Victims

Common Traits

These example scams all have an element of social engineering to them. They make the victims believe something when the reality is completely different. They are all preying on a specific victim motivation. These cases are all about money, so the victim wants to get a good deal or earn the easy money.

In general, people want to believe they are smart, careful, and able to identify lies. As a result, many crime victims do not report the crime to law enforcement because they are embarrassed. Another point to consider is that criminals will target the elderly, and foreigners because it’s often easier to confuse them with false promises.FraudAid