Social engineering (SE) has been largely misunderstood over the years, leading to a different opinion on that SE is and how it works in our daily life. This has lead people to view social engineering as simply lying to get free items or obtaining sexual gratification, some also believe social engineering is a tool used by criminals that rule the underground world or a theory that can be simply studied and understood like mathematics or perhaps a mystical illusionist who harness the power to perform powerful mind tricks.
In whichever theory you believe in, social engineering is can be used for both good and evil. In layman terms, social engineering means is that ability to be a good actor and lying to people to obtain valuable information.
Wikipedia defines it as “ psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme. “
A lot of social engineering has been painted bad by the plethora of “how to pick a chick”, ” sites out there.
Webster’s Dictionary defines social as “of or pertaining to the life, welfare, and relations of human beings in a community .” It also defines engineering as “the art or science of making practical application of the knowledge of pure sciences, as physics or chemistry, as in the construction of engines, bridges, buildings, mines, ships, and chemical plants or skillful or artful contrivance; maneuvering.”
When you combine these two definitions together you can easily see that social engineering is the art or better yet, science, of skillfully maneuvering human beings to take action in some aspect of their lives. Social engineering is used in our day-to-day life. For example, doctors and nurse make use of social engineering to convince patient to take particular actions that are best for them, meanwhile, con artists use social engineering to convince individuals to take decisions that would turn to a loss to them, the goal might be different but the approach used is very similar.
Social engineering in our society.
The 419 Scam:
The 419 Scam, also known as the Nigerian scam has gained widespread popularity across the world. Basically, the approach starts when an email is sent to the target telling him about a very lucrative deal he could pocket if the target could help him transfer a large sum of money from a foreign bank. After the target accepts to help, he is asked to pay a little fee, after which another problem would be reported and the target would be asked to pay another fee, each fee would be reported as the last and final fee but will continue for months thereby causing the target to lose thousands of dollars.
Over the years it has been reported that official documents, face to face meetings are also used to give the social engineering technique a good fit. The real success of the 419 Nigeria scam is that it plays on the greed of the target, who wouldn’t want to make $1oo,000 with just $1,000?
When the targets are presented with official documents, passports, receipts, and even official offices with “government personnel” then their belief is set and they will go to great lengths to complete the deal. Commitment and consistency play a part in this scam as well as an obligation.
The Scarcity Scheme:
This is another great social engineering technique where targets are told about the scarcity of a product and to get them they must comply with a particular set of actions. A great example of these was when food was used to win an election in South Africa. When a group of people decided not to support a particular leader foodstuff became scares and people started losing their jobs because they were given to more support members. When people noticed the trend they started falling in line.
This technique is very malicious and one we must all learn from. It shows people would do anything if they believe those actions would lead them to acquire those scares commodities and services
This is a very malicious and hurtful form of social engineering, but nonetheless, one to learn from. It is often the case that people want what is scarce and they will do anything if they are lead to believe that certain actions will cause them to lose out on those items. What makes certain cases even worse, as in the earlier example, is that a government took something necessary to life and made it “scarce” and available only to supporters—a malicious, but very effective, manipulation tactic.
DarkMarket and Master Splynter:
In 2009 a story broke about an underground group called DarkMarket—the so-called eBay for criminals, a very tight group that traded stolen credit card numbers and identity theft tools, as well as the items needed to make fake credentials and more. An FBI agent by the name of J. Keith Mularski went under deep cover and infiltrated the DarkMarket site. A fter a while, Agent Mularski was made an administrator of the site. Despite many trying to discredit him he hung in for more than three years as the admin of the site.
During this time, Mularski had to live as a malicious hacker, speak and act as one, and think as one. His pretext was one of a malicious spammer and he was knowledgeable enough to pull it off. His pretext and his social engineering skills paid off because Agent Mularski infiltrated DarkMarket as the infamous Master Splynter, and after three years was essential in shutting down a massive identity theft ring. The three-year social engineering sting operation netted 59 arrests and prevented over $70 million in bank fraud. This is just one example of how social engineering skills can be used for good.