Social engineering, Emerging tech and victim support.pptx
1. SOCIAL ENGINEERING,
EMERGING TECH AND
VICTIM SUPPORT.
Waridah Makena, Research Analyst.
Illicit Financial Flows| Technology | Human
rights | Fiscal policy.
2. Social engineering, Emerging
tech and victim support.
Context
1. METHODOLOGY
2. INTRODUCTION
3.OVERVIEW
Social Engineering
1. MECHANICS OF SOCIAL ENGINEERING
2. PROFILES OF VICTIMS, VILLAINS & CRIMES
3. CASE STUDIES
CONCLUSION
1. RECOMMENDATIONS
3. Methodology
◦ The research methodology adopted for this research is the doctrinal methodology of research.
This methodology involves the comparative study of information and analysis of existing legal
material consisting of books, journals, and the internet.
◦ Empirical research that involves the use of materials that are not regarded as legal may be
used for the purposes of comparative studies and analysis such as case studies and content
analysis.
◦ The research carried out is in line with ethics from research to the analysis and
recommendations provided.
◦ This research maps out the gaps that will enable individuals to act as firewalls and reduce
cases of cyber crime
4. Impact of cyber crimes
◦ Stolen Intellectual Property such as product designs, technologies, and
go-to-market strategies
◦ Lost Revenue
◦ Reputational damage
◦ Psychological pain
◦ Financial security
◦ Safety of family members
◦ Ability to trust
5. Introduction
◦ One dollar - the price of a malware
installation kit on the dark web
marketplace.
◦ The amount lost from scams like
extortion, identity theft, and data
breaches, went up too, from $4.2
billion to $6.9 billion in 2021.
◦ Global cybercrime costs to grow by
15% per year over the next 5 years,
reaching $10.5 trillion USD
annually by 2025, up from $3 trillion
USD in 2015
◦ Global Cyber Security Spending Is
Expected to Reach $170.4 Billion
by 2022
6. Potential criminals and victims in cyberspace
◦ There are 4.74 billion social media users
in the world today – equivalent to 59.3
percent of the world’s total population.
◦ There are 5.48 billion unique mobile
phone users in the world today, according
to the latest data from GSMA Intelligence.
◦ Nearly 6 in 10 internet users aged 16 to
64 buy something online every week,
according to the latest data from GWI.
7. Potential criminals and victims in cyberspace
◦ This represents the greatest transfer
of economic wealth in history, risks the
incentives for innovation and
investment, is exponentially larger
than the damage inflicted from natural
disasters in a year, and will be more
profitable than the global trade of all
major illegal drugs combined
8. Relationships in cyberspace with law
◦ The Budapest Convention is more than a legal document; it is a framework that permits
hundreds of practitioners from Parties to share experience and create relationships that
facilitate cooperation in specific cases, including in emergency situations, beyond the
specific provisions foreseen in this Convention.
◦ 84 countries out of 195 countries
68
Parties*
16
countries
have signed
or been
invited to
accede
10. Potential criminals and victims: Space transition
theory
◦ Space transition theory explains the nature of the
behavior of the persons who brings out their
conforming and non- conforming behavior in the
physical space and cyber space.
◦ Space transition involves the movement of the
person from one space to another (e.g., from
physical space to cyber space and vice versa).
Space transition theory argues that, people behave
differently when they move from one space to
another
◦ (K. Jaishankar, Professor of Criminology & Crime
Science, 2008)
11. Social engineering as an attack
◦Social engineering is a manipulation technique that exploits human error to gain private
information, access, or valuables.
◦ Attacks can happen online, in-person, and via other interactions.
◦Scams based on social engineering are built around how people think and act. As such, social
engineering attacks are especially useful for manipulating a user’s behavior. Generally, social
engineering attackers have one of two goals:
a. Sabotage: Disrupting or corrupting data to cause harm
or inconvenience.
b. Theft: Obtaining valuables like information, access, or money.
14. Traits of Social Engineering Attacks
1.Urgency: Time-sensitive opportunities
or requests are another reliable tool in
an attacker’s arsenal.
2.Trust: Believability is invaluable and
essential to a social engineering attack.
3.Heightened emotions : Emotional
manipulation gives attackers the upper
hand in an any interaction: Fear, Anger,
Sadness, Curiosity
◦Are my emotions heightened?
◦Did this message come from a legitimate sender?
◦Did my friend actually send this message to me?
◦Does the website I’m on have odd details?
◦Does this offer sound too good to be true?
◦Attachments or links suspicious?
◦Can this person prove their identity?
15. Social engineering: The criminal profile
◦ The four motivational aspects are (1) revenge, (2) financial, (3) notoriety and (4) curiosity
16. The criminal psyche: Social Learning
Theory
◦ From this perspective, the learning mechanisms are influenced by and operate through differential association
process. The social environment for the criminals is created through differential association (Rogers, 2006).
◦ While in a social environment, cybercriminals acquire definitions by observing, learning and imitation.
◦ Similarly, external and internal sources create differential reinforcement that presents themselves in the form of
tangible rewards of the criminal activity.
◦ Over time, the actions’ consequences and reinforcement prominently determines the probability with which the
criminal activity will be sustained as imitation become less important.
◦ Social Learning Theory suggests that errant behaviour is likely to increase and continue unabated where there is
very high ratio of two variables namely positive reinforcement and punishment.
◦ Again, it becomes difficult for law enforcement officers to neutralize the criminal’s errant behaviour where the there
is a resilient learning paradigm that is caused by variation in the ratio of positive reinforcement to the punishment
administered (Rogers, 2006).
17. The criminal psyche: Moral
Disengagement Model
◦ The Moral Disengagement model by Bandura (1996) examines the process via which criminals justify and
rationalize their aberrant or deviant behaviour.
◦ The moral engagement asserts that individuals tend to participate in behaviour that goes against their moral
standards, and that these actions may lead to self sanctions and possibly self-condemnation. Bandura (1990)
argues that individual behaviours are influenced by moral standards
◦ It is possible to disengage self-sanctions from behaviour. In view of this theory, cybercriminals may defeat their
internal moral control in the self-regulatory systems by ensuring their internal moral control decoupled from
detrimental conduct in four ways identified in Bandura et al. (1996).
◦ These include obscuring personal causal agency, disregarding or misrepresenting the action’s negative
consequences, re-construing the conduct, and vilifying the victims, blaming them and mistreating them.
18. The criminal psyche online
◦ Social Control Theory supports the assertion that
online anonymity encourages permissiveness.
◦ According to Social Control Theory, individuals are
compelled to refrain from criminal and deviant
behaviours where social controls, including social
ostracisation and laws are present.
◦ However, the deviance grows where the controls or
assumed power of controls are missing or
diminished (Rogers, Siegfried, & Tidke, 2006).
◦ Anonymity theory: Internet protocols allows individuals to
operate virtually anonymously.
◦ Internet’s underlying protocols and technology allows these
criminals to make it virtually impossible for victims to track
them by obfuscating their physical locations.
◦ Studies on individuals’ behaviour online have revealed that
individual’s real world behaviour differs from online
behaviour.
◦ It is believed that real world moderate individuals’ behaviour
is based on social identity that incorporates cultural morality
and social norms.
19. Case study: Wangiri scams
◦ Also known as One-Ring Call, it is a phone call scam where fraudster tries to extract money from potential victims by
making short calls to trick users into calling back to a premium-rated number.
◦ They occur through :
A. unknown numbers : Rely on receiver’s curiosity to find out who the missed call is form. Missed calls are usually from
international numbers.
B. stalling: Upon returning the call, receive an automated voice response asking you to stay on the line to be connected
to operator. It is an attempt to charge you as much as possible.
How can you protect yourself?
A. Ignore missed calls from international, unrecognised number
B. DO NOT be tempted to call the number back
C. Report the number to your mobile operator as a potential Wangiri scam
D. DO NOT share your personal info with anyone on the other end
20. Emerging crimes: cryptocurrencies
◦ Cybercriminals have stolen as much as $3 billion of investor funds through 141 various
cryptocurrency exploits since January, putting 2022 on track to top 2021 levels of digital
currency malfeasance.
◦ Since 2011, hackers have stolen $7.9 billion in cryptocurrency worth about $45.5 billion in
today’s value.
◦ Along with the increased dollar amounts of cryptocurrency thefts, the scams, hacks, and
exploits of cryptocurrency, Web3, and blockchain-related organizations are growing bolder
and more lucrative for malicious hackers even as the value of cryptocurrencies stagnates.
◦ Binance saw its BNB chain drained of $586 million, close to the all-time most significant
cryptocurrency theft of $624 million from the Ronin Network in March 2022.
21. Case study : Crypto Pump and dump
schemes
◦ A South Korean court issued its own arrest warrant two weeks ago for Do Kwon, alleging that the
cryptocurrency mogul was violating capital markets law. The failure of Do Kwon's stablecoin Terra
and its sister token Luna helped create the domino effect that led to this year's major cryptocurrency
crash. Crypto's plunge further continued as major crypto lending firms became insolvent due to
investment in Terra.
◦ Do Kwon's stablecoin Terra (UST)was pegged to $1 peg through code, not collateral. UST sank as
low as 27 cents
◦ About $40 billion was gone in a few days after a previous project with similar characteristics had
been shut down by the Securities and Exchange Commission in 2018
◦ Do Kwon would call opposers ‘poor ’ with a related character flow of project being set up as a ponzi
scheme
22. Emerging crimes: Cloud computing
◦ Cybercriminals are already exploiting this new security arrangement between cloud networks and
organizations to commit fraud, steal sensitive financial data, or even launch ransomware attacks on local
businesses.
◦ There is a growing list of breaches like lost personally identifiable information (PII) and stolen credit card
or banking information linked directly to cloud service providers (CSPs).
◦ Amazon, Facebook, Google, Twitter, PayPal at some point or the other have faced the repercussions of
data theft where terabytes of internal business data were up for sale on the dark web.
◦ Cybercriminals usually sneak such data from the cloud logs where it is stored and sell them wherever
profitable. The time it takes for these guys to perpetrate fraud and monetize profits has decreased from
weeks to a few days or just hours.
23. FINDINGS
◦ The crime is motivated by the likely financial reward or ego
◦ Lack of policy touching on cyber-attacks.
◦ Poor detection techniques. Mechanisms of tracking the
culprit are much behind.
◦ Lack of capacity to respond to the crime. This exposes
vulnerability of systems (in Kenya).
◦ Attackers are also capitalizing on the naivety of some of
the Internet system users
◦ Collecting and using evidence for justice is difficult and
often needs high degrees to be accepted in court
This Photo by Unknown Author is licensed
under CC BY-NC-ND
24. Recommendation & Conclusions
Safe Communication and Account
Management Habits
◦ Never click on links in any emails or
messages
◦ Use multi-factor authentication.
◦ Use strong passwords (and a password
manager).
◦ Avoid sharing names of your schools,
pets, place of birth, or other personal
details.
◦ Be very cautious of building online-only
friendships.
◦ Safe Device Use Habits
◦ Use comprehensive internet security
software.
◦ Don’t ever leave your devices unsecured
in public.
◦ Keep all your software updated as soon
as available.
◦ Check for known data breaches of your
online accounts.
◦ Safe Network Use Habits
◦ Never let strangers connect to
your primary Wi-Fi network
◦ Use a virtual private network
(VPN)
◦ Keep all network-connected
devices and services secure.
This Photo by Unknown Author is
licensed under CC BY-NC-ND