There is an alarming increase in cases of unknown individuals winning the trust of unsuspecting victims in the virtual world and then misusing this trust to commit crimes on the victims. This is the world of the social engineering attack. It starts with information collection regarding a targeted individual.
A college girl in Gujarat was asked her mobile number by a co-student. She refused but the co-student coolly replied that he will get it. Next day he had her name, her fathers’ name, her address and her phone number!! How did he get it? By uploading her “Scooty” number on the RTO site of Gujarat.
An Income Tax Department site of the Government of India called “e-filling” is another such target. A cyber criminal provides the surname of a person and his date of birth – he can get the PAN card number of a targeted individual. Using this number and a photograph of the person, the criminal can photoshop and make a new PAN card. Then he prints it out and laminates it and approached a SIM card dealer and gets a pre-paid SIM issued in the name of the target. He then proceeds to commit a crime using the SIM issued. As a result the target will become an offender in a criminal activity, only due to information available about him/her in the cyber space and the misuse of this information by an avaricious criminal.
Another case is of a senior private sector employee of a leading firm in Indore. He is a water conservation expert and travels the world delivering his rather effective talks to appreciative audiences. Cyber criminals through the social engineering technique got hold of information regarding his interest and attacked him using this as their main weapon. They sent him an email and invited him to deliver his talk in an international seminar at UK. He fell for this trap and in a series of well planned moves the criminals succeeded in having him transfer Rupees Five and a Half Lakhs to an account in the Bank of England. After a lot of difficulty the targeted executive got the security apparatus to trace the location of the accused and that was found to be in Ghana. Thus the money went to UK and the criminal resides in Ghana – both cannot be obtained in normal circumstances. Perfect crime has been committed on the unsuspecting executive.
These cases are rampant in present times. The criminals use small bits of information available regarding a target in the cyber space. This information is either posted by us or by a third party. This is collected diligently and intelligently by cyber thugs. This is either directly used for a wrongful/criminal activity by the offender (the scooty case, SIM card case). Alternatively this information is used to develop a relationship with the target (International Conference case). Once a trust and relation is developed it is exploited by the criminal to further his ends and to executive his objectives of gaining either money or other benefits from the targeted individual. A cyclical representation of this attack is given below:
The best safety against this attack is that we on our part put the least amount of personal information in the cyber space. This personal information includes – addresses, phone numbers, email id, financial information, passwords, schedules, PAN card numbers, photographs etc. In addition we also make it a habit not to trust too easily on emails, sms & phone calls that we receive from unknown sources in the cyber world. We view with suspicion or at least diffidence any such communication and offer – because it maybe a smart criminal trying to outsmart us and making us fall prey to his nefarious designs. He will use deception to trap us and cleverly sue the anonymity that the cyber world provides him to make us victims of a heinous crime based on breach of our trust. Once we fall prey to his overtures, then we can realize only after the commission of the crime, that we have been defrauded and violated. By then it will be too late!
The views expressed here are those of the author and do not necessarily represent or reflect the views of The Morung Express.