by Dave Moore, 07/26/2020
Imagine you bought a new automobile, a new Chevy Malibu, for example. One day, a stranger appears at your front door with an unusual request.
“Hello, I’m Bob, with the Chevrolet Repair Department,” says the friendly fellow wearing the official-looking Chevrolet uniform. There’s his name, “Bob,” embroidered above his shirt pocket, right under the official Chevrolet logo that matches the logo on his ball cap.
Looking down at the clipboard he is holding, “Bob” continues. “We have detected your Malibu’s Repair Transponder System is sending alerts that there are problems with the reticulating grammeter section of your car’s engine.”
“Oh, no,” you reply. “That sounds serious. What do you think is happening?”
“It seems the universal phase detractor could be out of alignment,” Bob continues. “If not corrected, these issues can turn into serious problems down the road, so the Chevrolet Repair Department has sent me to fix your car’s engine. Think we could take a look under the hood?”
Would you do it? Would you let Bob look under the hood?
Sure, you’ve never heard of a reticulating grammeter, or a universal phase detractor, for that matter, but you’ve also never claimed to be much of a car buff, in the first place. In fact, you don’t much about cars at all, except for being able to locate the steering wheel and the gas pedal. Bob seems knowledgeable, trustworthy and sincere; why not let him help protect the investment you have in your new Malibu?
You walk out to the driveway, unlock the car and pop the hood. Bob looks intently at the engine, and his face suddenly changes from cheerful to somber. “You see that?” Bob says, pointing deep into the bowels of the engine compartment, pointing at something you can’t quite make out. “The Repair Transponder System indicated this sort of problem, and, by golly, there it is. The magneto reluctor has degraded the spurving bearings.”
Stunned, you look at Bob, who seems determined to help as he intently examines the engine. “What can we do,” you ask? After a brief pause, Bob says, “I’ll need the keys so I can test drive the car and confirm the problem.”
Would you do it? Would you give Bob, a total stranger, the keys to your car and let him drive away?
Of course you wouldn’t (I hope). Yet, that’s what thousands of people do with their computers, every day. They give complete strangers remote control of their computers, and give up credit card and bank account numbers, as well.
It’s called “social engineering,” the modern-day term describing scams, where con artists trick people into doing things they would not otherwise do.
It starts with a phone call, or a popup on your computer’s screen. “Microsoft,” or some other legitimate company (like Ford or Chevrolet), has detected your computer sending signals across the Internet that something is wrong. Your IP address has been hacked, or your health insurance has become invalid, or your Apple account has become misaligned, or your bank account login needs to be confirmed. Could be your DirecTV is in trouble, or your Windows license is about to expire. Maybe your child has run away from home, and the “police” need money to buy them a bus ticket back home.
No matter what the social engineering scam of the day is, clearly, something needs to be done, immediately. The Official Department of the IRS has detected fraud on your tax return, and the local sheriff will arrest you if you do not reply. Yep, that’s a social engineering scam, too.
On and on, the social engineering goes: where it stops, nobody knows.
Dave Moore has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.com