What would you do if you got an SMS telling you that you have won a huge amount of money in a lottery? Think for a minute, perhaps, before deleting it. But for an 24-year-old MCA graduate living in Salem in Tamil Nadu such an SMS led to tragic consequences last week.
This young man had received an SMS telling him that his mobile number had won a jackpot of Rs. 7.40 crore. He took it lightly the first time. But he continued to receive two more formally worded messages, one of which seemed to have been sent from Reserve Bank of India. The messages looked so authentic that he made the mistake of responding to them.
In a series of messages that were exchanged following this, a person going under the name of J. Anderson convinced him that in order to claim the money he had to deposit an amount of six lakh rupees to a given bank account. Young and desperate to rise above his means, he borrowed money in instalments and remitted the money to this bank account. The instalment he paid on 29 April 2012 turned out to be the last, and there was no response from “Anderson” after that. Unable to face up to the consequences and perhaps alone in his situation, the youth was driven to suicide and left a note describing these events in detail.
What is social engineering?
This sad story is an example of the new types of crimes of cheating that happen using new technology such as cell phones and email. Loosely speaking, it is an example of social engineering. Social engineering is the act of gaining access to sensitive or confidential data by preying on human weaknesses. Just like a hacker looks for a weak link in the firewalls and other protective programmes, the social engineer tries to convince people to give away information voluntarily.
Phishing is one technique of social engineering. This is most often done by sending an email which looks as if it has been sent by an important agency, such as the Police Department, and is cleverly worded requesting the victim to submit their bank account information for verification.
Vhishing is the voice-based equivalent of phishing. Someone can steal your credit card and then use an automated ‘your credit card has been stolen' message and pretend to be someone of authority from the bank who needs your security numbers to restore normal access.
Hooking into a user
Sometimes the scammer leaves malware lying around in the form of an abandoned USB device and waits for someone who is curious enough to take it and use it on their computer. In this way the victim's computer may become infected with a Trojan or some such malware loaded into the USB device. This form of breaching security is known as baiting.
There are many, many such ways of tricking people and new techniques are being devised everyday. So much so that it is not possible to be pre-warned of everything. But one thing is common to all these forms of cheating and that is the trickster's effort to prise knowledge from the unsuspecting victim. So if anyone you don't know is trying to do this, talk to your teachers and parents about this and play it safe.