Identity Theft: Social Engineering

How easy is it to steal someone’s identity? How exactly do the thieves get your private information? It’s much different than most people believe. One of the biggest problems is that law enforcement is doing literally nothing to contain this worldwide problem. The answer is not in governmental Internet control, regardless of what they think.

I know many bloggers and site owners who are afraid to use their real names and pictures on the Internet, fearful their information may help out the criminals. I totally disagree with that. If you wish to protect your anonymity, do it for other reasons, not because you’re afraid of being violated. To understand how they steal your information, we must understand the criminal mindset.

LAN networks and phishing

Signing in to your e-mail account or buying something on line with a credit card is actually an unlikely place for crooks to get your information, unless it’s on a LAN network. If you use cable Internet or broadband, make sure you use a router. I personally wouldn’t plug an Ethernet cable into my computer without a router for protection. Never send private information over a LAN (local area network). For those of you who don’t understand, it’s a public network access point, like a coffee shop, hotel, college campus or at work. Never buy something on line while connected through a LAN. Your information can be stolen by any hacker using an easy to use Linux program like an Ettercap filter or many others. Using this method, the hacker’s digital footprints are virtually impossible to trace and you will never know who stole your information. Any non-technical person can learn how to steal information on a LAN in around thirty minutes - yes, it’s that easy.

Never sign into any financial account from an e-mail

If Pay Pal, or the IRS sends you an e-mail, DO NOT sign in using that link! It’s known a phishing - you may have heard of it (it’s shocking how many people don’t know really understand this). Neither one of these ever send those types of e-mails. If you get an email from pay pal saying you need to update your account information, do not answer it. If you’re concerned, Just go to Pay Pal directly and sign in. The most likely way for the criminals to get you on line is through a phishing attack.

Social Engineering

The methods listed above are not the most effective way for criminals to steal your information. The real way is through social engineering. For people like me and others interested in hacking, this is completely redundant information; however, I realize most of you have probably never even heard of it.

What exactly is social engineering? a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim.

Examples of Social Engineering:

If you have a private, unlisted phone number, it is child’s play to get it. I could call the electricity company where you pay your bill, for example, and tell them I’m doing a reference check for homeland security. I would say, “Thank you for your help. The current phone number for Mr. Doe is 555-7125-5479, is that correct?”
They answer, “No, the correct number is…”
Boom…I have your private, unlisted number. This is a simplified method, but you get the idea.

Kevin Rose, co-founder of DIGG, had a fantastic example of social engineering on his web based video show “The Broken” about how to get free pizza for life. He walked into a pizza delivery behind a customer and stood in line so he could overhear their order. After getting their name and what they ordered, he walked out. Thirty minutes later, he called the pizza place, told them he had come in earlier and received a bad pizza but couldn’t eat it. He talked to the manager, got a free pizza comp and reordered. He went down and picked up his free pizza. He chose a place that did mostly deliveries, but used the identity of a walk in customer - very smart indeed. Just don’t be dumb enough to actually try it, you may go to jail.

The Art of Deception

Hacking is not a bad thing and hackers are not bad people. There are hackers and there are crackers (script kiddies, punks or chumps), it is the crackers who do evil things. A hacker builds things and makes them better, a cracker breaks and steals things. Hackers built the Internet, so they are beneficial people. My favorite hacker of all time is Kevin Mitnick. I highly recommend reading his book, The Art of Deception, the bible of social engineering.

I read this book a few years ago and just reread it again. The best way to protect yourself is to understand how your information is actually stolen. This book is of monumental importance - a must read for everyone. You do not even have to use the Internet to have your information stolen. This book shows you in a series of real world examples, how information thieves operate. This book will open your eyes to the true reality of how it’s done. I have the utmost respect for Kevin Mitnick for turning his life around and doing something great for society.

Check out part 2: Identity Theft: Corruption is Everywhere

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.

Tags: credit cards, hacking, identity theft, Internet Security, privacy

May 7, 2008 · Filed Under Internet Security, hacking

Comments

13 Responses to “Identity Theft: Social Engineering”

Haney on May 7th, 2008 11:48 pm

I didn’t know there’s such thing as social engineering. Thanks for the info on PayPal thingie. Must take note of that.

Haney’s last blog post..Getting Bullied Online
Revellian on May 8th, 2008 12:11 am

Hi Haney! I knew a guy who bought a pair of Levis bluejeans. People never actually call the Levis company when they get a pair of faulty pants - he did just that! He called them several times until he finally talked to someone with power. He got 10 free pairs of bluejeans, a designer Levis jacket and a letter of apology. There was nothing wrong with the original pants he bought. Of course this is a bad thing to do and I wouldn’t recommend it…haha
teeni on May 8th, 2008 7:47 am

Ooooh. Interesting stuff. I’m keeping my eyes peeled for part 2!

teeni’s last blog post..Youre Not Going to Believe This!
Genie Princess on May 8th, 2008 8:09 am

Hi Bobby! I get the Paypal email all the time, thanks for the tips! So what did u do when you were staying away from your blog the past week?
Genie Princess’s last blog post..My Lil’ Blunder
Michelle Gartner on May 8th, 2008 8:56 am

My husband had his financial information stolen a while back, fortunately he had been recently divorced (isn’t that ironic) and his credit was shot. He contacted the police about it and they gave him a stack of paperwork to fill out. It was over 20 pages long, basically you got the impression they were actually going to do something. The impression was that they would cross reference this with others and find some sort of trail. But when the police left they said- “there is not much we can do about it.” HA HA!

Turned out they never caught the guy- but they knew what was going on. The guy had a dummy address in Milwaukee and was buying computers from Best Buy, Dell, etc. He moved around fairly quickly- that was the last we heard about it.

About hackers- good of you to mention the difference between a hacker & a cracker. It took years of listening to my husband point out the difference before it sunk in and I got it right in my head. For some reason on tv and in the media- they have confused what a hacker is and it sticks with the general population. My Dad for one went to his grave thinking that hackers were the cause of all national security problems and I kept telling him it was Bush. Well- you know he was an old hippy and if you smoke a lot of dope you’ll believe anything.
Revellian on May 8th, 2008 8:59 pm

Thanks Teeni, I hope it is worth reading!
Revellian on May 8th, 2008 9:01 pm

I know Marzie…I’m the one who sent it, just to check…hahaha! Just kidding of course What did I do this week? WORKED too many hours
Revellian on May 8th, 2008 9:06 pm

Hi Michelle! Law enforcement is completely inept at solving identity theft crimes. The main reason is because they are behind most of it. Most people have no idea how ineffective they are at catching identity thieves until their own information is stolen. Hackers dive around in cars and log in to people’s unprotected wireless modems (war driving). It offers crooks complete anonymity
Madhur Kapoor on May 11th, 2008 2:33 pm

Great Info Bobby. I am on college LAN all the time here so i dont actually use credit card but for email purpose, i dont have any other option. However thanks for introducing Social Engineering to me. I will definitely read the book.

Madhur Kapoor’s last blog post..Demonoid is back online
Debbie Dolphin on May 13th, 2008 9:59 pm

Speaking of Social Engineering, my Radar of Secret Service (RSS) seems to have been re-engineered to digital print a portion of your post?

For me, the answer to prevent online identity theft is never enter any private information online especially SSNs and credit card numbers.

Debbie Dolphin’s last blog post..Lighthouse Spring is in Full Swing!
Revellian on May 15th, 2008 1:57 am

Hi Madhur! I’ll bet that college LAN is filled with security holes. You’ve never heard of social engineering? It is absolutely fascinating and practiced by corrupted governments and individuals all over the world
Revellian on May 15th, 2008 2:00 am

Hi Debbie! The only time I ever use a credit card is on line, never in my daily life - only because you can’t pay any other way. The people who steal are the ones working at your local bank or at the IRS
Debbie Dolphin on May 15th, 2008 8:56 pm

Hi Bobby!

With the interest rates, I am surprised anyone uses credit cards anywhere, online or offline. We use cash, check, or traveler checks.

Yet with climbing gas prices, we may need to use a credit card to shop online?
Debbie Dolphin’s last blog post..Irbensky Lighthouse Cruise Control