Protecting Yourself From Cons Skimming and Spoofing

Illustration of hands grabbing identifying information from a cloud
youngID/Getty Images

Each year, DEFCON occurs in Las Vegas, which is a convention that brings hackers from around the world to learn more about security, hacking and much more in regards to tinkering in tech. A few years ago, a group of hackers set up a fake ATM and successfully fooled the other hackers in attendance. The hackers were hacked by hackers. They were “socially engineered.”

Explaining Social Engineering

Social engineering is the process of manipulating others into either performing a specific action or giving out information that is confidential.

This generally applies to any deception that is used to gather information, commit fraud, or access a computer system.

In most cases, these attackers never even see their victims. These are grifters, thieves, scammers, and con artists, and most importantly…liars. This, of course, is what they do best, and they do it casually and with conviction, so we have no reason to not believe them. This allows them to get away with what they do.

How Social Engineering Affect People on the Internet and in Real Life

One of the things that social engineering does is to break down the ability we have to trust one another. Social engineering is just fraud and lies.​​

Lying is a behavior that is learned, and we learned this as young children. One day we came upon a situation, we were confronted by a person in authority, like a teacher or parent, and they ask us a question. Instead of giving them an honest answer, however, we responded with an answer that we believed they wanted to hear.

They believe our answer, and we get away with it.

Once we learned how to do this, we use this tool throughout our lives. We lie whenever we believe that it will outweigh the benefit of being honest. If you think you don’t lie, what would you say to the cop who pulls you over and ask if you know you were over the speed limit?

We lie to ourselves, and we lie to each other. Some lie less than others, but at the end of the day, it’s a tool for survival. Some, however, are professionals when it comes to lying, and these people go beyond what is considered reasonable. These people deceive others, lack empathy for feelings, are greedy, and are not concerned about the consequences.

Liars with experience are so good that they can end up in authoritative positions, such as CEOs, heads of state, clergy members, or judges. Do you think these people don’t lie? For the past year, I have corresponded with a member of the clergy who is serving 18 months for identity theft.

What makes things even worse is that we are, overall, naïve. We were also raised to have respect and love for each other, and to tell the truth. In fact, trust is the key to functioning in society. Without this trust, we are unable to move forward and will live in fear of leaving our homes. If we didn’t have inherent trust in others, how could we drive, walk, or even approach other people?

When we are lied to, we usually feel as if something is off. The face-to-face contact we have with others gives us the chance to spot the signs that tell us whether or not what we are hearing is a lie.

Keep in mind that human communication is much more than words. It is also body language and tone. We all give energy to each other, too. Negative energy, along with certain gestures, phrases, or words, can cause us to feel the hair rising on the back of our necks or a ping in our bellies.

Technology makes it easier than ever before for thieves to perfect their art. We see thousands of ruses and scams pulled off each day. The key is to understand these lures, tactics, and motivations. When you can smell the snake-oil salesman from miles away, you are more secure and safer than those who cannot. Trust is a necessary and fundamental part of our lives, but when you can balance trust with cynicism, you can go far.

Let’s get back to DEFCON. A couple of years ago, DEFCON attendees participated in a contest where they attempted to manipulate employees from Fortune 500 companies into sharing details about their company that could be used to launch a cyber-attack.

Some of the employees shared information about what operating system they use at work, as well as the browsers, antivirus software, laptop models, email addresses, and VPN software information. Some even shared when the company trash goes out, which can be used to know when to pick through the garbage for company information.

Additionally, in some cases, the DEFCON participants got these employees to visit certain websites when on the phone with them. Remember, visiting a simple website is enough to cause a malicious program to infiltrate a computer if it doesn’t have protection. Based on the answers that were provided to them, they knew that social engineers would be able to manipulate someone to visit a malicious website to infect their computer.

It is important to understand that though you may think you are unlikely to become a victim of someone who calls, it is always possible if they properly “push your buttons.” This means that you, your family or your company must always have protocols in place, which explains what can be said to what person, why things can be said, and even when. Training your staff about social engineering is imperative for all companies, and it is useful for anyone who doesn’t want to be a victim to con artists.

What Is Automated Teller Machine Skimming?

Automated teller machine skimming is the process that criminals use to gather data from ATM cards. They do this by placing a device on the ATM card slot, which not only looks like a real card slot but also blends into the ATM. To someone who has never seen these devices, the ATM looks normal. Once the ATM user puts her card into the slot, the information on the card is ‘skimmed,’ and the criminal can use this information to access the money and other information. This is a fairly common practice because the tools for skimming are easy to get and we have little to no security to protect the plastic card system. 

There are two main components that allow a criminal to skim data and turn card information into cash. The first component is the skimmer device, and the second is a tiny camera that reveals the person's PIN when s/he types it in.

There could be a number of places where a person will place these cameras, and they include:

  • Inside a brochure holder on the side of the machine
  • In a light bar over the keypad
  • In a cardboard box behind the mirror
  • In a speaker attached to the ATM

The technology that is used in skimming has grown to be quite sophisticated. Those who skim often use texting and Bluetooth capabilities that will instantly send data from the ATM to their mobile phones in seconds. Additionally, it is extremely easy to compromise the keypads on an ATM. Because of this, if you have to use an ATM, it’s best to use one that is located inside of the bank.

What Is Caller ID Spoofing?

Simply put, spoofing is falsifying or masquerading data. The bad guys use this technique to hide their phone number or to display a different number when calling someone with caller ID. This is similar to email spoofing, where a message might appear to be sent from a user you know, but it is actually from a spam account. It is also similar to website spoofing, which is when an email link goes to a fake website. Most people do trust their caller IDs, but they are very easy to manipulate by criminals.

It is easy for your imagination to run wild thinking about the criminal activity that someone can do with caller ID spoofing, but it can also be useful in some cases. For example, it is useful when investigating crimes. Law enforcement, for instance, can disguise themselves when attempting to nab a suspect. If someone is trying to skip out on their child support payment, this type of spoofing is a good tool to catch them. It is also often used to investigate a spouse that is suspected of cheating, or for doctors who don’t want to reveal their home phone numbers when checking on a patient.

Though there is good in caller ID spoofing, it is most frequently used for bad things. Yes, businesses and law enforcement can use it in a positive way, but the technology makes it easy for criminals to take advantage of their victims.​

Most people simply lack the knowledge, time, and resources that it takes to protect their identity. Not all forms of identity theft or fraud are preventable, either, which is why having some forewarning is best. The current climate for cybercrime makes it imperative that you have protection from identity theft.