How (not) To Find Someone By Conning Someone Else

Social Engineering.

Ever heard of that? What on earth could that have to do with how to find someone?

Sounds like a class from a Social Sciences Degree.

Nuh-uh.


'Social Engineering' is the fancy intellectual title scammers give to scams when they are after a different victim, and don't even think about trying it because its most likely to be completely illegal, no matter where you are. Its better to use the same system as Police Officers and respectable agencies.

The title originated with computer hackers. Access to the system was their prize and the 'little' people who could inadvertently give them that access were just convenient tools to be used. For example, if you worked for a big company and had a password for the computer, a hacker might approach you over the phone and con you into giving out your password.

You got conned.
You'll probably lose your job.
You will always and forever be the jerk that let the hackers in, but....

.....in the eyes of the hacker this isn't personal; you are just a part of the solution he/she requires and a tool to be used. An extension of that disassociation is the title they came up with for the process.

Cheer up, you weren't conned, scammed or victimised (oh yes you were) - officially you were 'socially engineered' - you were fed through a process designed to push your buttons and have you behave in a certain way.

These days the term has been adopted by all sorts, and whilst original subcategories like 'phishing' still relate only to computer-based crime, the element of Social Engineering known as Pretexting is used for any conceivable reason.

Wikipedia says:

Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is usually done over the telephone. It's more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information (e.g., for impersonation: date of birth, Social Security Number, last bill amount) to establish legitimacy in the mind of the target.

This technique is often used to trick a business into disclosing customer information, and is used by private investigators to obtain telephone records, utility records, banking records and other information directly from junior company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager (e.g., to make account changes, get specific balances, etc).

As most U.S. companies still authenticate a client by asking only for a Social Security Number, date of birth, or mother's maiden name — all of which are easily obtained from public records, the method is extremely effective and will likely continue to work well until a more stringent identification method is adopted.

Pretexting can also be used to impersonate co-workers, police, bank, tax authorities or insurance investigators — or any other individual who could have perceived authority or right-to-know in the mind of the target. The pretexter must simply prepare answers to questions that might be asked by the target. In some cases all that is needed is a voice of the right gender, an earnest tone and an ability to think on one's feet.

Voice over IP programs are starting to become a standard in pretexting, as the absence of a traceable number makes the pretexter less vulnerable to being caught.

Taken from THIS ARTICLE.

Don't forget to check out the link in the middle of that quote, which leads to a list of 'cognitive biases' a.k.a. attitudes that can make you volunteer to be fooled.