Tuesday, September 12, 2017

SCAM ALERT: Deliveries and Social Engineering



"A fool and his money are soon parted."

My friend, "B", bought a new stove. He expected delivery ~6pm last Friday night. Delivery crew showed up at 8:30pm. It was dark, he was looking out the window after one of the crew rang the bell. The truck was parked in the street and my friend saw a man, "M", talking to the delivery crew as they were unloading the stove.

"M" went to my friend's house and was met by B. "M" asked "B" for payment. B thinking nothing of M's request, and thinking he was part of the delivery crew informed M that he didn't have the funds on him. B requested M to go into the house and M would be paid after B inspects the stove. M didn't go in and as the delivery people started moving the stove in, M disappeared.

After the stove is set and inspected, B asks the delivery crew where M was. The crew informed B that they don't know who M was. A lightning bolt struck B on the spot! He was relieved he didn't have the funds to pay at the time of M's request and if he did have the monies, he would've paid him!!

I'm imagining this to be the sequence of events:

  1. "M" walking down the street and sees the parked delivery truck. He approaches the delivery crew.
  2. "Hi, you are finally here! I'm expecting a delivery tonight. Are you delivering a refrigerator to 124 Broadway?", asks M.
    "No, we are delivering a stove to 128 Broadway.", replied one of the crew.
    "Ah, ok, I'll call the store. Wonder why I still didn't get my refrigerator.", says M.
  3. "M" now goes to 128 Broadway. "B" greets him at the door.
  4. "Hello Sir. Your stove is here. Please pay me as my crew will bring in and install your stove for you.", says M.
    B replies, "Why don't you come in. I don't have the money with me now. I will pay you after I inspect the stove."
Opportunities abound and "M" is quick-witted and/or experienced. It really can be this easy! Most people don't even realize that "social engineering" is at play.

From wiki:

"'Social engineering', in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme."


Forewarned is forearmed!

0 comments:

ShareThis

 
back to top
Stickgrappler's Sojourn of Septillion Steps