Propel provides innovative insurance solutions to thousands of companies across the country. We make it our business to know your world inside and out.
In my role as a Cyber Insurance broker, I often come across interesting and recurrent Social Engineering tricks used to separate victims from their money or information. Below is my list of “top six” tricks in the form of step-by-step instructions for would-be scam artists. I should probably note: please do NOT actually follow these instructions! That would be fraudulent. Instead, be aware that other people – dishonest people (unlike yourself) – might one day try them on you.
Step-by-Step Instructions for Social Engineers:
#1 Steal the Wallet but Not the Cell Phone
Step 1: Get into a purse or locker, look at phone to get the victim’s phone number
Step 2: Steal wallet with credit cards but not the phone
Step 3: Wait an hour or so for the victim to discover that the wallet is lost
Sept 4: Call victim and say “This is the bank. We have detected unusual activity! Tell us your banking passwords and ATM PIN numbers and we’ll cancel your cards.”
Step 5: Use the information to steal even more money.
This trick puts the victim into a “crises” mindset and is susceptible to giving information to the friendly scammer trying to “help.”
#2 Turn People into Mules
Step 1: Steal the banking passwords from a big company
Step 2: Find people looking for jobs (they must live in the same state as the bank)
Step 3: “Hire” those people to do a special research project for a small fee, maybe $100.
Step 4: When the project is done, “pay” them by transferring a large amount (close to but not over $10,000) to them and telling them to go immediately to Western Union and send the transferred money, minus their “pay”, to an account out of the country
The key to this trick is that many banks won’t flag smaller, in-state transactions as requiring a phone-call verification from the account holder. This trick should be repeated over and over, and in as short of a period of time as possible, ideally over a weekend. Of course, that would require recruiting a large number of “mules,” so in addition to assigning fake work projects, you can also fool sellers of goods on Craig’s List by offering to pay above-asking prices for their goods in exchange for their receiving payment as described in Step 4.
#3 Carry a Walkie Talkie
Step 1: Put on an official looking uniform and a get a walkie talkie
Step 2: Get a friend to broadcast realistic sounds into the walkie talkie
Step 3: Pretend to be an inspector and ask to be let into victim’s house or business
Nobody ever questions a person carrying a walkie talkie.
#4 Pretend to be the IRS
Step 1: Spoof your phone so that it looks like it comes from Washington DC (or says “IRS” on Caller ID) (note: I don’t have any Idea how to do this).
Step 2: Find out as much as you can about your potential victim (address, names of family members, etc.)
Step 3: Call up and claim to be from the IRS. Give a fake “badge number”
Step 4: Use a forceful angry voice to tell the victim that they owe a late fee or additional taxes. Threaten to get the police involved.
Step 5: Offer to resolve the issue with a credit card over the phone
#5 Your Grandson is in Trouble!
Step 1: Look through random Facebook or Instagram accounts and find someone traveling far from home, ideally overseas
Step 2: Figure out the names of that person’s relatives especially grandparents
Step 3: Call the grandparents and claim that their grandson is in trouble (jail, hospital) and needs money immediately by Western Union
Sometimes when this trick is used, the victim actually suspects that this might be a scam, but still sends the money anyway just in case it’s real and their grandson really is in jail.
#6 Feign Interest in a Hobby
Step 1: Go online to learn about people’s hobbies (cars, horses, movies, cooking)
Step 2: Reach out to them and discuss “shared” interests, build a “friendship”
Step 3: Never meet in person!
Step 4: Trick this now trusting person into sending money for an “emergency”
This is a particularly good technique for extracting information from people who have access to sensitive information such as HR professionals or corporate officers.
Again, this list is designed for the honest people out there as a warning to keep a lookout for these tricks. As for actual scam artists, please kindly disregard this entire article.
To learn more, contact any of us at Propel Insurance.