Why may Facebook contribute to the rise in cyber crimes of a certain kind? Because social engineering and social network make such a good metaphor.
I learned about the real meaning of social engineering during one of my IT courses at the university. Some value where added through my intelligence seminar in England. Even though there can be a close relationship between social engineering and information- and communication technologies, there must not necessarily be one at all. For the arguments sake – and indeed for the sake of this blog, featuring ICT topics – we focus on those attempts where social engineering is connected or linked to the use of ICTs.
So what is social engineering then? It is basically the attempt to get information or money by twisting the reality and the heads of the people you are talking to. Basically you convince someone to do something he or she normally would not do. They only do it for you, because you are not you but someone else. Right? Even though it is called ‘social’ engineering, you can use phones or emails to get the job done. Doing it in person might be more effective but also more risky if you get caught. The social engineering part is one, of course that you make the other person do something and two, that you engineer your own personality. You are someone else. A potential buyer, a family friend of the boss or whoever. What does it take to let you appear credible? Apart from charm and social skills you need more than anything else: information.
That is the point where social networks such as Facebook become interesting. If you want to know something, you can stalk him or her on Facebook. If he or she has high privacy settings, you come up with a fake identity and pretend to flirt or just hope that he adds all friends anyway. Once, you have information about his or her personal life, things become easy. Most people even put their company and their position in the company on their Facebook profile. If Google cannot do it, Facebook can. Any other social network might also do the trick – just FYI. Having found friends, information, pictures you can great a pretty good profile of that person. If you want to become him/ her for some emails/ phone calls or just want to know what to say to that person ‘Hey we met at $event (listed under Facebook events), weren’t you there with $name (friend from friendlist who attended the same event) ….’ and it goes on and on. If you are lucky and the company you are aiming at does not even have proper IT security (and therefore does not recognize forged email addresses) you are going to have a real good shot at whatever it is you are trying to do. The network has been engineered.
Getting all these information online with little risk, does it make easier to do things like social engineering. If you sneak around the house of someone to find out what he or she is up to, what music he or she likes and so on, you might get arrested. If you create a fake identity and read Facebook profiles via proxy and vpn, there is not a lot that can happen to you. That – among other things – is why Internet scam and fraud is preferred by criminals.