Internet Social Engineering - Avoid Con Tricks

Most of all Internet Marketing and Sales content is a very dubious selling scheme. While not directly a security issue, all these sites have characteristics of Confidence tricks - A subset of Social Engineering that merit analysis, so they can be identified and avoided.
Let's use the same tactic of actions to help the visitor protect himself, and differentiate real deals from scams:

  1. Analyze the content.
  2. Identify their goals.
  3. Question their promises.
1. Analyze the content:
The common characteristics of immediately visible dubious sites are:
  • No site structure or organization - everything is blasted on the title page. These sites don't have a meaningful structure, menus, links or sub levels, nor any real readable content. They instantly remind of a commercial, where everything needs to be communicated within a time frame of 10 seconds.
  • Large and contrasting font, delivering a message sounding like "You can do this too" - The actual message varies, but always boils down to "I have done it, you can do it too"
  • Messages appealing to laziness and promise of easy money - These sites always stress that all achievements will be made from the comfort of your home, or in your free time, or while you sleep.
  • Frequent use of key words that make the reader imagine a better future - money, saving, earning, improve, change...
  • Success or Character References from unknown sources - John Doe from Down Under, SomeCounty, OtherState is thanking the author for the great success he achieved using this miraculous system. This statement is usually accompanied by an obvious clipping from a family or wedding photo of some unknown person.
  • References to "actual" weekly or daily income that should look like a real sum - The sites drop numbers which are not rounded, since rounded sound too fake. Instead, you'll see a lot of $7,431.51 a week or something similar
  • Actual Images of Success - Images of the site author leaning on a brand new BMW or Mercedes parked on a street or driveway in front of a mansion. Similar to this, images of large office with the author sitting at a huge desk, or an image of a beach with the author suntanning while supposedly money is pouring in.
  • Invitation to action on every second paragraph so you can start your success - Frequent occurrence of a statement like: "Just buy this for a small price of $79.99 and you'll earn within a week"

2. Identify the goal of the site:

There are 2 major goals that the authors of such sites are attempting to achieve:

  1. Sell some unknown product or service (CD/DVD/Book/Pamphlet/Training)
  2. Collect valid email data for spamming purposes or sale of targeted leads (mostly used for offers of credit by loan sharks or for real estate scams)

3. Question the promises in the offers:

As in all education about social engineering, the solution to avoid these "attacks" is to avoid implicit trust and question everything :

  • If you see an image presenting a pyramid structure of people or objects, RUN LIKE HELL - pyramid schemes don't work for you. Don't even hope they will work for you! You have much better odds at blackjack then in a pyramid scheme!
  • Are these references actually real? - Who are these people, and did they actually write the reference? Simply disregard such claims, it takes too much time to verify them and they are too easy to be faked (Photoshop).
  • Do these pictures have any merit? - Last time you checked, once you lean on a parked car and take a photo of yourself, the car instantly becomes yours. Using this method, I became a proud owner of a Bentley Continental, 2 Carreras, Lamborghini Diablo and several BMW's. Yeah, right!
  • Who actually makes $7,431.51 a week? - Very very very few people in the world. A person earning $19,000 per year is in the top 11% of the world population. So, yes It is NOT possible to sit on your ass and earn that amount per week, no matter what they tell you.
  • If this product can make my car achieve a 100 mpg, why isn't it on the title of TIME magazine? - There is a process by which a real idea gets used - first you patent it, then you offer it to the big manufacturers and present it on innovation conferences. Pretty soon, SCIENCE, NATIONAL GEOGRAPHIC and a lot of others write articles about it, and the big manufacturers negotiate the purchase of the patent. If instead you find the product just on the Internet, the author is either unbelievably stupid, or he just hopes you are unbelievably stupid.
Related posts
Preventing Online Credit Card Theft - Revisited
Control Delegated Responsibility

Talckback and comments are most welcome

No comments:

Designed by Posicionamiento Web