Social Engineering

Money for Nothing…

…no promise of chicks for free, but I did get spam this morning offering me a “Free-Trial kit” for some scheme for “making money through the Internet by doing almost nothing” (probably some sort of pyramid scheme, I guess, updated with a reference to using Google). While I’m not about to take up the offer, I

…no promise of chicks for free, but I did get spam this morning offering me a “Free-Trial kit” for some scheme for “making money through the Internet by doing almost nothing” (probably some sort of pyramid scheme, I guess, updated with a reference to using Google).

While I’m not about to take up the offer, I always appreciate a sharp piece of social engineering. On this occasion, the main hook was that the “sender” (who knows who really sent this thing out?) had tried out the kit “herself” when worrying about impending redundancies in her day job. As it happens, this ties in rather nicely with something someone asked me about earlier in the week. Earlier in the week, Richard Adhikari published an article about a reported increase in financial scams where the current recession (well, where I am it’s now officially a recession…) is used as a hook to scare potential victims into falling for a scam.

Much of that article focused on 419 scams. Advance fee fraud (especially 419s, i.e. lottery scams, job scams, and please-let-me-give-you-some-of-Saddam-Hussein’s-fortune type scams) is certainly prevalent, and some of it does seem to be a little more professional than it was. In fact, some 419 gangs have always been quick to seize on topics of current interest and twist them into a scam, and while the language and presentation has tended  to be stereotyped and instantly recognizable to the experienced eye, they’re clearly still enjoying a lot of success.

But my impression is that phishers, stock-fraud gangs and mule-recruiters have been at least as adept at exploiting the current economic uncertainty, and have also polished their presentation skills. They also make more far more use of technology (drive-by exploits, malware…) where 419-ers are still largely reliant on social engineering (or old-fashioned conning…) rather than technology.

What is for sure, though, is that what is being reported (and I’m certainly seeing) is a logical development: a  scammer with a brain and no heart is likely to seize upon an issue like global recession that affects (and frightens) everybody, and use it to bait his hook. What’s more, I think we can assume that this particular hook will remain in use as long as there’s a recession to exploit. However, scammers of all persuasions will climb just readily onto any other high-profile bandwagon that comes along.

While I don’t know whether scammers in general target their intended victims very specifically at the moment (419-ers certainly don’t seem to, usually), my guess is that their best “markets” at the moment will be (1) people scared of future crashes, redundancies etc. trying to future-proof their finances by various forms of investment (2) people who’ve been badly burned but have enough capital left to try something new.

There has been very specific targeting of potential victims in terms of intelligence hacking for some years now, and it seems logical that as the general level of public awareness of phishing scams and the like slowly rises, scammers will consider ways of improving their targeting and ROI. This is in accordance with the general “professionalization” of cybercrime in recent years, which makes increasing use of the same business models that legitimate businesses do.

David Harley
Director of Malware Intelligence

To Top

Pin It on Pinterest

Share This