Lessons in Social Engineering: Let the games begin!

***Based on actual events. Some details have been altered or enhanced for entertainment purposes.***

Photo taken from Amazon.com

This topic was inspired by a book I’m reading called The Art of Deception, by Kevin Mitnick & William Simon. Kevin Mitnick is a world renowned con-artist who scammed a lot of people by getting them to give him seemingly harmless information and then putting all of that information together to get what he was really after. He has since switched teams and now works with agencies and businesses all over, helping them figure out what their vulnerabilities are and what they can do to tighten up security. I have no idea who William Simon is.

The topic of this book is all about social engineers – people like Kevin who work tirelessly to gain sensitive information for profit by convincing you first, that they’re your friend and then asking you for whatever it is they need.

It occurred to me when reading this book that I’ve already encountered my share of social engineers. In fact, I’m willing to bet just about everyone who reads this has had a social engineer cross their path at one point in time or another.

For me, the most entertaining and persistent social engineers were the individuals who called claiming they were from Microsoft. When I was living in Georgia, I was plagued by these phone calls. They called several times a month. The scam was always the same: We’re receiving numerous error messages from your computer and with your help, we can go in and fix the problem.

Here’s how I knew this was a scam. According to Microsoft, an estimated 400 million devices are running Windows 10. This next number varies from website to website: there are an estimated 100,000 employees working for Microsoft. If Microsoft were actually monitoring every device running Windows 10, each employee (secretaries, janitors, sales reps, security, engineers, programmers, developers, cafeteria workers, etc.) would have to monitor 4,000 users every day. That’s not possible. Microsoft doesn’t have the staff or budget to handle something like that.

After receiving the first two phone calls from “Microsoft” I decided to have a little fun with next caller.

Me: Hello?

Scammer: Yes, hello. I’m calling from Microsoft. We’ve detected a number of error messages being sent from your computer. If you follow my instructions, I’ll help fix the problem.

Me: Now’s not really a good time.

Scammer: It’s important that we do this now. If we don’t, serious system issues could result later.

They always sound urgent when they call, trying to rush or panic you into being cooperative.

Me: Yeah. The thing is, I’m pretty sure this phone call is being monitored by the police.  I’m a person of interest in the disappearance of my third husband which is really unfair. Just because my first two husbands were found dead with a certain appendage missing does not mean my third husband is going to be found dead….and definitely not with a certain appendage missing because…well…maybe the real killer didn’t have time to remove it because a car was coming down the road. Things happen and sometimes basic survival instincts supersede criminal signatures. Not that I would know anything about this….you know….in case someone is listening to this phone call……. Besides, my first two husbands weren’t the nicest people. They were total scam artists – always trying to get something for nothing.

Scammer: Um….I see….Yes….well….

Me:  I can hear you, DICK LICKER!

Scammer: Excuse me?

Me: Huh? Oh. No not you. The people listening to our conversation.  I can totally hear them. Can’t you? There’s that strange clicking sound coming from somewhere……..(singing badly) SOMEWHERE OVER THE RAINBOW, WAY UP HIGH….

Scammer:  Yes…..that’s very nice–

Me: Shush. Don’t interrupt! It’s rude. THERE’S A LAND THAT I’VE HEARD OF ONCE IN A LULLABYE!

Scammer:  I can see this is a bad time for you. Perhaps we can schedule another time for me to call you back?

Me:  Sure thing. Would you like to do it before or after my arraignment? SQUIRREL!

Scammer:  A…what? Did you say squirrel?

Me: Yes.

(Silent pause)

Scammer: Okay….

Me: Just for the record….if I happen to be in custody when you call back, I’m not wasting my one and only phone call on you. 

Scammer: I see. I’ll call you back tomorrow.

Me:  I won’t be home. Have a nice day!

[End Call]

The fact that my phone could’ve been monitored by the police did not deter these people. And sure enough they called back….again and again and again.

The best thing you can do if you ever receive a phone call like this is hang up. Do not engage!  You never know what information you might accidentally give these guys that could prove useful to their cause.  Also, if you do receive one of these phone calls, report it to Microsoft or whatever company they’re pretending to be from.

Clearly I’m not smart enough to take my own advice. But some of the conversations I’ve had with these guys are too entertaining not to write about it. Plus, being that I’m a stay-at-home-mom to two tiny kids, I have an awful lot of days where I feel like this:

Sometimes I crave human interaction so bad I’ll talk to anyone…..even scammers. Sigh……I should stick to blogging.

And now it’s your turn to tell me. Have you ever received a call from “Microsoft” or any other telephone scammer?  Please tell me about it in the comments.

 

Sharing is caring!

21 thoughts on “Lessons in Social Engineering: Let the games begin!

  1. As always your posts had me ROTFL!! This social engineering can also apply to our current political situation with alternative facts!! Thanks for the Laughs. I needed some chuckles in my life as opposed to Chuckleheads!! LOL!! <3 😀 🙂

  2. Yes! It’s happened to me too. Unfortunately, my landlady fell for a similar scam, claiming to be from Apple. She gave them her checking account number. I told her to call the police and bank immediately. and close her account.

    Loved your response! These people are tenacious. And desperate sounding!

  3. I toy with scammers whenever I can. It’s like free therapy. Just start unloading your troubles and see what they advise. Or read Bible verses. Or sing DIsney tunes. Or ask them what color to paint the living room. Or “what do you think mouse tastes like?” And on and on….

  4. I looooooove when they’ll engage in a conversation. My kids love it because I talk nonsense.
    Once, though, I got a bunch of calls in which the guy would hang up as soon as I started to say “please take us off…” before I could say, “your call list,” and then he would call back the next day. This happened for about 2 weeks and finally I answered and acted like I was really interested in whatever he was trying to sell. I kept him on the phone for about 5 minutes and then mid-sentence inserted, “please take us off your contact list.” The guy screamed, “EFF YOU!” (only he actually said the word) and hung up. He never called back.
    I’ve found that if I ask them whether they know Jesus, they’ll hang up in short order but I’m going to try the serial killer bit next time.

  5. Oh that’s a great way to destroy them!
    Not had a call like that…yet.
    My favourite- the Spam e-mails telling me their from HMRC (UK version of IRS) and I am due a refund of tax- which is a shame for the spammer….seeing as how I spent 25 years working for the said department.

    1. Gotta love that! My favorite spam emails are the ones that try to get me to enlarge my penis…..Maybe it’s a birth defect….but I’m fairly certain was born without a penis.

  6. I totally love your conversation with the MS scammer. I get those annoying calls all the time. What a great tip, and let the games begin. Next time I get one of those calls, the aliens are going to creep from the woods. 🙂

  7. I received many such calls from Microsoft over the years when I had my landline. I had a feeling it was a scam, so I always hung up. Now, I just have a cell phone, so I don’t get those calls anymore.

  8. For the last few years, I’ve refused to answer my house phone unless I recognize the number on Caller ID. Rarely do I get such calls on my cell and when I do, I hang up. If I think there’s a possibility that it is legit, I call the company directly. Identify theft is my one of my greatest fears, up there with mice, Republicans and soccer moms.

Leave a Reply