Those of us charged with protecting the citizens of the United States will not like this story but it happens often enough that we should understand the social engineering aspects of it. Social engineering with regard to cybersecurity as you may know is defined as “The act of obtaining or attempting to obtain otherwise secure data by conning an individual into revealing secure information”. Social engineering takes many forms from phishing emails to bogus phone calls, but ‘dumpster diving’ is one method that is commonly used and often provides fruitful information to those with malicious intent.
Research indicates that people residing within gated communities, while seemingly safe, are subject to crimes such as extortion through social engineering. The cyber-crimes are perpetrated by fellow community neighbors or the security guards charged with protecting the community. Once the target is determined and located, often a well-known celebrity or sports figure concerned about their public reputation, the social engineering begins. The cyber-criminal searches through the target’s garbage to obtain information such as email addresses, charge card numbers, planned itineraries or financial information. Banking information is especially useful as the criminals will attempt to extort money from the target based on a threat of damaging the targets reputation. This type of attack has worked best with married targets.
After the target has been photographed and/or observed in less than reputable conduct, the cyber-criminal uses a fictitious email address, one that can be taken down following the crime, to contact the target. The criminal threatens to expose the pictures, information to the public or to their spouse. The criminal than proposes to exchange the information to the target for a specified amount of money. You might call it cyberblackmail.
Notice how this cyber-crime is not committed solely in the cyber world but incorporates technology as well as non-technical measures. Digital as well as non-cyber laws are broken during the commission of this crime. Investigation into this criminal behavior can therefore begin by pursuing paths that violate both cyber or general laws. Those with malicious intent are clever and resourceful and will utilize as many tools as it takes to attain their goal. Having the knowledge to combat them on all fronts, from cyber to the physical world can contribute to their eventual apprehension.
Learn more about protecting yourself from cyber threats at the National Cybersecurity Institute.
Webopedia (n.d.)Definition of Social Engineering – Retrieved from http://www.webopedia.com/TERM/S/social_engineering.html