How Social Engineering Baiting Plays on Curiosity and Greed.
Social Engineering Baiting is very similar to Phishing but distinct in it’s method. Whilst phishing are emails from seemingly respectable companies trying to get your passwords and other sensitive data from you, ‘baiting‘, is the ‘art‘ of curiosity arousal and enticement!! ‘Smishing‘, additionally, is the evolution of email fraud.
We will now cover the following in detail to help you recognize this clever and really dangerous online scam:-
- First and most importantly – what is Social Engineering anyways?
- Social Engineering Baiting, will be referred to as ‘baiting’ forthwith for the sake of expediency, defined.
- Phishing will be defined in a little more detail to exaggerate the difference to avoid confusion between the two.
- Scenarios of baiting that you may or may not recognize.
- Protecting yourself and your family from baiting.
Social Engineering Defined.
When a Black Hat Hacker Operative™ (I totally just coined that! And, I Trade Marked it for a laugh!!), meaning a ‘low-life-scumbag’, savagely manipulates people into parting with highly sensitive personal data with premeditated intent to defraud his prey. Well, that’s my definition anyways – but it is accurate to it’s essence.
Definition of Social Engineering ‘Baiting’.
Definition:- Baiting is the scammers attempt to psychologically manipulate another through curiosity (offer) and greed (something for free) to obtain sensitive data for fraudulent intentions. A broad term with many variations of it’s application. Preferred mode of contact is via email. Extends to real world scenarios as well. Ultimately, it is the ‘promise’ of free services, item or goods to lure you into a trap.
Phishing:- When a scammer sets up a website to look like another, e.g. your own bank’s website, in an audacious attempt to ‘log’ your account details for the purposes of draining your account to pay for their life style.
The difference between baiting and phishing should be quite clear. Phishing comes as something ‘familiar‘ and ‘trustworthy‘. Baiting arouses your curiosity to entice you to investigate further and slaps you with something that is ‘FREE‘ = don’t get ‘greedy’. There is a price to pay far exceeding any free offer they could give you. I shall explain in the following examples.
Scenarios of Baiting through Social Engineering Online and Real World.
Email Baiting Trap.
You have just received an email from your local shopping (Tescos, for instance) store and, since you are a Club Card Holder, they are informing you of an Exclusive Special Offer! They continue to say that since you have accrued such a huge amount of points on your card they would love to show their appreciation by adding you to their ‘Tier 1 Customer Loyalty Class Program‘. The offer is simple:- Use your card right now to buy a few items so they can credit you with One Weeks Free Shopping not exceeding €100.00! The use of the card is for the ‘system’ to register you now.
OK! It certainly does ‘look’ like a Tesco Email – it could be any store – just using Tescos as an example. The link looks good at first glance. How could you not be curious and Let’s face it, its pretty exciteing to get something worth that amount for FREE!? A weeks free shopping would really help you out this week as well due to that pesky phone bill just landing on you door mat. WELCOME TO THE ART OF ENTICEMENT MY FRIEND!
Straight up exploitation of ‘greed’ through curiosity – we humans just can’t help ourselves lol.
You ‘click‘ the link. Looks like a Tescos website at first glance and, satisfied that the offer is real, you very happily submit your Credit Card details as you pay for you ‘fake-shopping’ – which, quite surprisingly (lol) – fails to arrive.
What Happened? You just submitted your card details to a site that just ‘logs’ all your sensitive data waiting for the scammer to view and exploit, SORRY – YOU JUST BEEN ‘BAITED’ AND SCAMMED! So easy happen as it does all the time.
So where does the ‘Social Engineering’ part come into play? Its just the psychological manipulation side of things. Let’s say I need your bank details because my new born baby (this is how low they can go) just got taken ill, whilst on holidays, to hospital and they won’t treat her, as, I just got mugged last night, hence, no card or money. You come across this story online or email and you are taken in. You send money – DONE! Scammer played on your sympathy for his daughter – emotional manipulation – through a ‘social’ medium. Let me give a real life example I experienced below.
Qoura.com – Side-Line Story.
I came across a story, really quite heart breaking, some time ago. A gentle man in Nigeria had put up a post with a picture holding his beautiful daughter. He said he just ran out of the very last tub of baby formula and didn’t know where he was going to get the money to buy more. This really impacted me at the time, and, still does at the thought of it.
I responded by saying how broke I was this week but told him to stay in touch and would happily send what I could next week to help him out. NOW – this could be real or it could be a SCAM! Do you see what I mean now – Social Engineering Baby!!
I slowed down and thought.hold on, I know a guy from Nigeria. He told me it is built up and not like the ‘starving-baby-adverts‘ we are exposed to all the time in the Western World, which in his own words, ‘pisses him off’. Genuine or not, this could have been a harsh lesson for me.
Incidentally, the man got back to me and said he was fine now and didn’t expect the overwhelming support he received. I guess, he was telling the truth after all – but you get my point I am sure, you just never know….
If you were in my shoes, would you have sent this guy some money if he had accepted you offer of help? Let me know in the comments what you think about this.
Real World Baiting.
Let’s say:- your in the center of some built up area, as always, there is a ‘hoard’ of OTT happy sales people trying to ‘sniff-out-the-weaklings‘ and sell you some shh. – ‘stuff‘. You misjudged the timing of your look or trajectory of your walk and before you know it you are getting worked on by ‘Sandra‘ – from ‘Techno Sales Inc’ – who’s so annoyingly happy you just wanna stamp on her toes!!! ARRGGG!
Once Sandro fails to get your bank details for an ‘online’ service she very pleasantly offers you a FREE USB STICK for your time. Well, she was doing your head in a bit, so, you feel you deserve something for the torture. You take it and say thanks, or, you just take it.
Once home, at some point, you find a need for this stick. You whoop into you device and start using it (whoop). Unknown to you though it has just downloaded a Key Stroke Logging Software! Whoops…
Hard Luck Son/Madam!
If you are a ‘Madam‘, then, here is probably what you did over the course of a week – with the extra software monitoring your every graceful keystroke:-
- Checked ‘your’ online Bank Balance.
- Paid for your weekly shop online.
- Paid house bills online.
- School fee’s paid online and other additional paraphernalia for the kids.
- Canceled your partners over priced subscription to something he lives for. – relax, it’s a joke.
- Logged into every social media platform ever invented or yet to be invented – that’s not a joke. (LOL!). Chatterboxes!
- Worked very hard on building your website and earning the highest commissions at Wealthy Affiliate to provide a better quality of life for your family. Otherwise, – you can sign up here at Wealthy Affiliate – Home of Affiliate Marketing Online.
If you are a ‘Dude‘ – What’s up? Here is what you probably did over the course of a week:-
- ….’crickets are singing…
- ! I give up!
OK, on a serious note here is probably what you did:-
Ultimately, the software is/has recorded passwords to what ever it is you logged into. Now they have enough data to create their own online bank account, in your name of course, and deplete whatever good credit you have on sending their kids to Harvard. Least you help the children though….silver lining anyone? Lol. Just be careful.
Key Points and Conclusion.
- If something online is free then, as a Golden Rule of Thumb, it ain’t ‘free’! You WILL pay for it far exceeding the actual value of the ‘free’ goods, item or service baiting you into a nightmare of fraud and deception.
- Watch out for spelling errors in the email that is trying to get sensitive data out of you – Bank Details – by placing your cursor over the link and looking to the bottom left of your screen. Here you will find the truth i.e. if it’s legit then it’ll give proper website name. If it is not legit then it will show a dodgy looking monstrosity of a link, in which case, click it! (just kidding – DON’T CLICK IT!!).
- Don’t respond to unknown senders – DELETE SUCH MAILS AUTOMATICALLY!
- Take up Yoga so your chances of being scammed online are reduced due to being online less. Look, it does make sense, somewhat.
If you were paying attention, I more than subtly alluded to an online offer work from home opportunity. Click any one of the fancy links below to find out more. There is a special offer for your first month’s Test Drive as well. But only through my post this offer comes to by.
Lastly, go ahead, and leave me a comment. I would dearly love to hear from you regarding stories, or experiences, you have had online, or maybe you want to make a suggestion for something for me to investigate? Just let me know and I will always get back to you.