Everything You Wanted to Know about
Social Engineering -- But Were Afraid to Ask...
Simple Social Engineering Tricks
As with politics, in the field of computer security, the most
powerful and versatile attacks use social engineering. That's
why I chose to make this one of the longest, most detailed chapters
of this book.
Credit Card Scamming
I like to think that I am brilliant and wise. Hey, I got a
Masters Degree in Industrial Engineering! I have gotten many
research papers published! I write books about how to hack! Yet
people have successfully social engineered me.
It was June 1996 when I got a phone call from someone saying
he was an employee of New Mexico Internet Access. "We're
calling all our customers to let you know that we have decided
to start accepting credit card payments on your account."
I thought this was a great idea. Back then Nmia.com had a really
flaky billing procedure. They didn't use credit cards, so you
couldn't just tell them to charge your card every month. They
didn't even send you a bill each month, not even by email. The
crusty owner told me that if someone forgot to pay, he'd just
remind the victim, er, customer, by shutting down the delinquent
account until the owner either figured out what was wrong and
mailed in a check, or else found another Internet Access Provider.
Hey, this was back at the dawn of the commercial Internet. No
one found this way of doing business to be particularly odd.
I was thankful just to have a shell account and web site on a
Linux box with a T1.
I hesitated a moment. The voice at the other end of the phone
piped up, "Because this will simplify billing, if you go
to credit card payment, we'll cut the monthly bill from $20 to
I bit. I gave that voice my credit card number. The next month
charges for computer games turned up on my credit card billing
statement. The perpetrator turned out to be only 14. Gosh, he
sounded a lot older than that to me. Oh, well
and I are friends now, but that's another story.
More on simple social engineering