Post Mon Mar 26, 2012 1:50 pm

[Article]-Scam Your Clients for Their Own Good

Another EH-ntertaining entry by regular columnist, Chris Hadnagy. Hopefully this starts some interesting conversations. Let us know about how you scammed your clients for their own good.

Permanent Link: [Article]-Scam Your Clients for Their Own Good


Image


By Chris Hadnagy

As a professional social engineer, it is beneficial to study the methods of scamming that the bad guys have used in the past, compare it to modern tactics and see what can be learned.  Experts have agreed that the motivation for most scams is greed.  Although that is true, it is also found that fame, attention or just the need to maliciously hurt and steal from others are strong motivators for scamming people.  This month, let’s analyze some old scams, compare them to a modern-day equivalent and see what we can learn as Social Engineering Pentesters.

Although scams have been around since the dawn of man, this one from 1812 is notable.  A Philadelphia man name Charles Redheffer claimed that he invented a perpetual motion machine, a theoretical device that, after only one initial input of power, will perpetually continue to generate energy.  Even though such a machine would break the laws of thermodynamics, his claim was supposedly backed up by an actual working device.  His next desire was to secure government funding to "build a larger version".  He actually got the money and built a new machine, but he then fled the city when inspectors found that he had hidden the real power source.  Undeterred, he tried the same scam in New York City but was again caught when the inspectors removed a wall of the machine to reveal an old man eating a sandwich and turning a crank.  This machine can still be seen today in the Franklin Institute of Philadelphia.  In analyzing this scam we can see some basic principles at play here.



If there's any topic you'd like Chris to cover, please don't hesitate to share your thoughts. Who knows, you may just dictate the contents of his next article.

Don
CISSP, MCSE, CSTA, Security+ SME