Social engineering—using deception to manipulate individuals for fraudulent purposes—is nothing new, but it has proliferated in the internet age. We all have some exposure to it, either firsthand or through friends and family. Maybe you know someone who gave Apple their SIN to unlock their account via a phishing link, or had a friend who dated a sociopathic grifter, or you yourself have been the victim of a con artist.
There is power in learning from stories and examples of social engineering. While the vehicles, platforms and tools of fraud change as technology develops, we can learn from the common tactics used in social engineering. Some trusted CIRA colleagues and I have gathered a few recommendations to learn more about social engineering, con artists, hacking and more—with the hope that we can help prevent you or someone you know from falling victim to a scam.
The Tinder Swindler
Media type: documentary
Description: women track down a swindler to recover millions of dollars that were stolen from them.
Holleh, creative manager’s takeaway: I appreciate that the victims were brave enough to share their stories. The swindler is a psychopath with a strong ability to read people, act on their vulnerability and manipulate them. He starts his con by funnelling out the people who would never give him money, instead targeting more gullible individuals on his first dates. Most women wouldn’t go on a trip out of the country within hours of meeting a stranger, but the ones that do are more likely to want to believe the dream and part with their money.
Other series to watch:
- Bad Vegan. Fame. Fraud. Fugitives.: follows a scandal based in NYC, a story of love turned criminal with a side of immortal dogs.
- Inventing Anna: in a drama miniseries, a journalist investigates Anna Delvey, an “heiress” with a unique accent.
- Trust No One: The Hunt for the Crypto King: investigates the Canadian founder of QuadrigaCX, his untimely death and what happened to the $250 million that was housed in the crypto exchange platform.
Media type: podcast
Description: stories of hackers, breaches, cybercrime and more, often told from the perspective of people working in cybersecurity.
Monica, senior software developer’s take: the host, Jack, along with an array of guests, presents captivating stories, all linked by a common theme: the internet. Each episode, I learn something new about one of the many topics Jack covers: hacking, security, heists, gaming, music and more. The show strikes a perfect balance between providing technical details on the topics that are covered, while being inclusive of all listeners’ technical backgrounds, from novice to expert. If you use the web, social media, or pretty much anything else on the internet, this show is for you.
Erin, product marketing manager's takeaway: I find the episodes with ethical hackers/“social engineers for hire” to be interesting. Check out Jenny – Episode 90 to hear many great stories from Jenny’s 20+ years experience of being a physical penetration tester.
Media type: podcast
Description: true stories of relentless con artists and corporate evil.
Erin’s takeaway: Swindled’s host, “A Concerned Citizen,” disguises his voice to remain anonymous—it takes a minute to get used to it—but the true stories he tells of corporate crime are so fascinating. Something that I’ve learned from listening to this podcast is that jail time seems to have no effect on these criminals. Many stories follow the same pattern: getting released and getting right back at it again. It seems like they have an addiction to the thrill of conning people. If these con artists are so dedicated and persistent in their schemes, I wonder what the world would be like if they channelled their hard work into a good cause instead.
Sizing People Up: A veteran FBI Agent’s User Manual for Behavior Prediction
Description: a toolkit for assessing who you can trust—and who you can't.
Media type: book
Eric, ICT and Security Analyst’s takeaway: I appreciate the book’s approach to relationship dynamics and how it breaks down, from a very operational standpoint, ways that people need one another. It provides real-world examples of how the author learned these realities, with real-life stakes that most of us would never have to deal with. Though it’s not a social engineering-focused book per se, it does examine how people react and depend on one another, while also giving you the insight needed to help you gain the outcome you desire in your interactions with people.
Some books about human interaction take a very clinical, and almost theoretical position—though these books have tremendous value, it was insightful to read stories from a more operational viewpoint.
- Social Engineering: The Science of Human Hacking
- The Art of Deception: Controlling the Human Element of Security
- Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You
- 419 (Novel)
You don’t just have to be on guard at home—social engineering is commonly used in cyber attacks that compromise business data and systems. Many attacks have common themes and red flags to watch out for, and employees can learn through courses and phishing simulations offered in CIRA’s cybersecurity awareness training for workplaces.