Have you been to Nairobi and other towns and you come across salespeople of big telecommunication companies offering you free lines?
In case you are not aware, Social Engineers are those who use both social skills (e.g. psychological manipulations) and engineering tools (e.g. a software or a tech gadget) to achieve a given objective. Most of the time, the objective is to defraud someone of money or important information.
Social Engineering is as old as hacking.
She was on her way to an M-Pesa agent when she was stopped by the smartly dressed group. They were offering what sounded like a great deal.
The SIM cards they had were for one of the country’s telecoms providers and came with a cheaper tariff than what she was currently on. Further, they were giving out the cards free of charge.
That was not all. Rather than her having to walk around looking for a place to register the SIM card, they would do it for her right there.
Are you within Nairobi? Coz its free to get a Telkom line…
— The Founding Father (@BriznGitz) October 21, 2018
It was an easy decision to make. After all, the SIM cards were from a well-known company and the three looked nothing like fraudsters.
The lady who had taken Anne’s phone started firing questions. What were her full names? When was she born? What was her ID number? And on and on. All the while, the lady keyed in responses into Anne’s phone.
#ARREST OF FRAUDSTERS
Nineteen #Nigerian citizens residing within Nairobi have this morning been arrested for electronic fraud targeting Kenyans.
The fraudsters start by befriending you on social media & once you https://t.co/Zy1yg6ahaa pic.twitter.com/z8MRdDLZJl— DCI KENYA (@DCI_Kenya) August 17, 2018
After she was done, they went their separate ways, with Anne looking forward to seeing a drop in her airtime expenses.
But as she got closer to the M-Pesa agent she was headed to, she got the urge to look back at the trio she had just met.
To her dismay, she noticed them moving in haste as though they were being pursued.
As she stood for a moment wondering what could possibly be wrong. She quickly pulled out her phone. Her hands began to shake as she called up her M-Pesa menu.
Her worst fears were realised. The money she was going to withdraw had been deducted.
She tried calling her mobile services provider to reverse the transaction, but realised she could not make any calls. Her phone had been deactivated.
It turns out the details she was asked for had been used to key in possible password combinations. Anne used her date of birth as her M-Pesa PIN. It was a lucky guess.
Immediately the funds were transferred to an agent for withdrawal, Anne’s phone was deactivated and returned. She ended up losing Sh2,000, money she could ill afford to go without.
Anne is just one of the thousands of victims in Kenya who have fallen victim to a brand of cybercrime known as social engineering. It is a global phenomenon, and it has taken firm root in Kenya.
It refers to the psychological manipulation of people into performing actions or divulging confidential information.
In the early days when emails were first introduced, hackers could get access to target’s email credentials by for example asking one what their secret questions were or just guess the passwords as most people used their spouse’s names, birthdays, or even pet names as their passwords. These were pure sociological/psychological tricks and personally I liked employing them and managed to obtain passwords of every girl I have ever dated.
Then people became smarter and the use of pure sociological or psychological tricks became difficult, and that’s when social engineering became useful. Social engineering uses aspects of social constructs like trust, confidence, and love in order to get access to someone’s systems so that engineering tools can be implanted. An example would be sending a loved one a photo of oneself but the attachment contains a hidden code or file e.g. key logger or phishing malware for gathering desired information.