Social Engineering
A tool for today's criminal actors
Criminal activity, as with anything in life, evolves with the passage of time. My career in law enforcement began in 2009, which doesn’t seem that long ago for some. However, the method of criminal activity and the methods of investigating the same have changed. Many of the more common facets of crime still exist and occur commonly today, to include:
- Thefts, Robberies and Burglaries
- DUI and other Driving Offense
- Domestic Violence Offenses
- Sexual Assaults
- Child Abuse & Neglect
- Scams and Financial Exploitation
So what is different today? Criminals have evolved over time and have incorporated, and more so relied upon, technology to help them achieve their criminal goals. For the majority, these technological differences have gone unnoticed to some, much like the tail of the frog in boiling water. This is mainly due to the inclusion of technology in day to day life and our society as a whole. The advancements in technology that we rely on, also make it easier for all of us to be tracked and monitored, at least to some degree.
Technology and Crime
Most people think of cyber crime and assume that an individual was caught hacking, or maybe involved in the illegal sale of drugs or illegal sexual content online. However, I have found that almost every criminal act involves some degree of technology. For example, those involved in burglaries are often tracked using surveillance camera technology, or they might be tracked by GPS location technology in a cell phone or vehicle. As criminal investigators, we have to utilize the reliance of society on technology to help identify suspects and further case investigations. All the while, we have to respect the privacy rights of average citizens and ensure that the constitution of our state and federal government, as well as all laws are followed.
Social Engineering
There are a certain select group of criminals who have developed a keen skill for hacking, but not electronics. These criminals use their hacking skills to explain other humans, through social engineering. Merriam-Webster online defines [social engineering](https://www.merriam-webster.com/dictionary/social engineering) as:
social methods (such as phishing) that are used to obtain personal or confidential information which can then be used illicitly
Again, I feel that this definition is not all inclusive as there are a number of different scams social engineering helps to facilitate. For example, romance scams are a common occurrence in my jurisdiction and I would venture to say that a vast majority of the victims of romance scams never report being victims of criminal activity to police. Why? Mostly due to the embarrassment caused by such scams. After all, when you believe that you love and trust a person it is a deeply personal feeling. Being betrayed by that same person, and having your entire life savings stolen from you in the process, is personally, emotionally, and financially devastating for victims.
Yeah, but who really falls for these scams…
It is a huge and very real problem, and almost anyone can fall victim if the scammer is well versed in their social engineering skills. Suspects “groom” their victims to develop a very personal and emotional connection to their victims. They may spend several weeks, and even months, grooming their victims in an online relationship before successfully exploiting them. After all, if it takes three weeks to successfully exploit a person of their live savings, it’s a huge pay off to the criminal actor.
Norton.com has a new blog post on their website discussing romance scams and what you need to know in 2023. An interesting statistic from 2021 is included in their blog post:
According to the FBI, reports of these online scams have increased by nearly 25% since 2019, with those affected losing a record high of $547 million in 2021 from being swindled by their cyber sweetheart. This just grazes the surface of online dating scam statistics.
There are several other scams that involve social engineering, and investigators should be aware of them. They include:
- Business Email Compromise (BEC)
- Phishing, Vishing and SMShing
- Investment Frauds/Inheritance Scams
- Sextortion
- Family Member in Jail Scams
- Arrest Warrant Scams
This is only a few in the game, and the scammers are getting smarter everyday and trying new and unique methods to extort victims.
How can we help prevent or mitigate social engineering scams?
In short, be understanding with those victims who are brave enough to report that they are victims. Investigate to the best of your ability in a timely fashion, I have on multiple occasions been able to recover at least some of the funds that the victim lost.
Second, make your community aware of these scams. Not just those individuals who are elderly or impaired adults, but all citizens to include teens and young adults. There are a vast array of age range for victims of these social engineering crimes, educate everyone you can in your community about the dangers of social engineering so they know what to be alert for when interacting with individuals online or on the phone.
Lastly, make yourself aware of the vast variety of these scams out their and continue your education in investigations online. There is a great resource available for law enforcement only titled, “The Fraud Guide” with versions released every year through NESPIN. The author is Detective Brian O’Connor from the Cambridge Police Department. Det. O’Connor does a great job outlining all of the different types of fraud is out there and how to best conduct investigations surrounding these types of frauds. Additionally, another great resource to investigators is the National White Collar Crime Center or NW3C. They offer a lot of free online and in-person courses that help investigators navigate financial and cyber crime.
Wishing everyone a wonderful New Year, lets help reduce the impacts of social engineering on society in 2023!