Social Engineering – part 3 Social Engineering in Action


Having introduced the concept of social engineering and why is it important , it is not time to see some real examples of social engineering to realize how I can affect our lives and the way we perceive the world.

1-Con Men

A con man is described as one who swindles or misleads his victims through the use of a confidence game. Human nature leads us to naturally want to trust other individuals. Social Engineering is based on this principal and as an extension a Con Man is able manipulate this trust for personal gain. Most of the historically famous Con Men are (in)famous for their exploits involving money. Money seems to be a common thread with the vast majority of Con Men.
Examples of Famous Scams

Pyramid Scheme

Wikipedia defines a pyramid scheme as: a non-sustainable business model that involves the exchange of money primarily for enrolling other people into the scheme, often without any product or service being delivered. Another way it may be presented to people , it is can be called network marketing , although the idea seems convincing , most of the time they are just taking advantage of our Greed and hunger for easy money.
An example of this type of scheme and how devastating it can be is found in the story of Charles Ponzi and . Ponzi's con fame was so great that the pyramid scheme is now commonly referred to as a "Ponzi Scheme". Ponzi promised his early investors an almost unbelievable 50% return on their investments. He did this by taking money from new clients to pay back the originals. Ponzi was actually able to pay back the returns for his early tier customers but was not able to pay his new clients back.

Nigerian Scams

Wikipedia defines a Nigerian scam as: a confidence trick in which the target is persuaded to advance sums of money in the hope of realizing a significantly larger gain. The Nigerian scam is the most famous type of Advance Fee Scam today. These types of scams usually are perpetrated via the Internet because it is very hard to track the actual sources of the communication. These scams work by promising the victim a large return if only the spend a small amount of money up front to support a larger financial transaction.

Fake Lottery

Everyone is looking for easy money. Lottery scams are prevalent and still able to find victims. This scam is accomplished by sending emails or letters notifying potential victims that they have won the lottery in a foreign country. All that is required is a processing fee in order to obtain the huge sum of money that they have won. Victims will often send money to cover the processing fee even though they had never even heard of the lottery before the letter.


"In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication"

URL and Email Manipulation

One reason why phishing schemes work so well is that people tend to trust messages that appear to come from an important entity or look important. The attacker can easily manipulate a URL to look very close, fooling the victim to click on it. For example a URL like ( looks almost identical to ( if the font is right and the reader scans over it. By purchasing a domain that closely resembles the legitimate URL, the attacker sets up an email account and spoofs the website, requiring very little time and effort. This seemingly simple process fools many people into clicking the link and then being hacked.
Spear Phishing
Due to the success of phishing attacks, malicious phishers have developed spear phishing. Instead of sending out thousands of e-mails randomly hoping a few victims will bite, spear phishers target select groups of people with something in common and usually higher profile. The e-mails usually are sent from organizations or individuals the potential victims would normally get e-mails from, making them even more deceptive.

3- Politicians

Politicians are an interesting class of people when discussed in the context of Social Engineering. The public nature of their career not only requires them to use social engineering on a daily basis but it also opens them up to becoming victims of SE as well.
Many of the tasks that a Politician is required to perform lend themselves nicely to SE. It would seem that, in any country of the world , a person that is an expert in SE techniques would have a better opportunity at becoming a successful Politician than someone who is not. Many times during a Politicians career he/she is forced to implement many of the basic Social Engineering principles.
In the Next Article isa We will begin our Study of Social Engineering Methods , Starting with Part I : The Information Gathering

No comments:

Post a Comment