As people look for job opportunities, malicious actors will seize the opportunity to get personal information from victims. This personal information can lead to data theft, identity fraud, and account and service hijacking.
“Exploring Fraudsters Strategies to Defraud Users on Online Employment Databases”
In the late 60s and early 70s, ARPANET would expand to the internet that is known today. Every day, the internet would grow at a rapid rate. Soon ISPs, internet service providers, would take the use of the internet and sell access to the public. However, the public having access to the internet would lead to an increase in cybercrime around the world. Internet fraud would become more prevalent. From phishing to online money laundering, criminals would utilize the internet for easy money. Fraudsters are using a variety of platforms, such as online employment classified advertisement databases, to defraud users who are unaware of their activities, causing fraud to be on the rise. Fraudsters achieve this level of fraud by pretending and imitating employees of a company to extract information for their personal gain. They use a variety of social engineering attacks that rise in sophistication, which plays a critical role on human behavior. In this experiment, Cole wanted to investigate how attackers would adapt to their environment and to see if people of lower class were more likely to fall for social engineering techniques that were deployed.
According to Cole, pretexting is a type of “SE [social engineering] attack where an offender creates a fake scenario to influence a target into disclosing personal, sensitive, and/or financial information.” Pretexting can be linked to determinism, which means that behavior is caused, determined, or influenced by preceding events. Pretexting can be as simple as acting as support for a company and giving a reason for the target to click a link that executes malicious JavaScript on their computer. The determinism in the prior example would be that the attacker acted as support, which convinced the victim to misuse their trust and trust the cybercriminal. The cybercriminal can then take over the victim’s computer and install keyloggers to steal information such as banking details. Money can then be wired out of the account into cryptocurrency or offshore accounts away from the country of origin of the victim.
Human behavior is often difficult to understand. The routine activities’ theory helps explain this. The routine activities’ theory states that there must be a capable offender, a suitable target, and abstinence of a guardian or defender (Cole, 2022). The RAT, routine activities’ theory, can relate to empiricism. Empiricism is observations based on the human sense such as touch, smell, taste, hearing, or sight. The RAT uses all of these senses to predict if a person is going to be a victim of a crime and if a person is capable of committing a crime. However, online fraud can be committed by anyone, thus suppressing but not eliminating the idea of a capable offender. The RAT also does not follow the objectivity of social sciences. Objectivity refers to the way scientists study topics in a value-free or bias-free manner. Race, regional location, and economic status can skew the prediction results of someone being able to commit a crime and fall for an online crime. This is further backed up by Cole stating, “lower socioeconomic status in major metropolitan areas, specifically Detroit, have a limited understanding of technology and the importance of securing their digital data.” However, this would later change because of how the experiment was conducted.
The experiment conducted had four different education levels, four employment positions, four socioeconomic statuses on resumes, and four featured locations to see if phishing would occur on people who were looking for jobs. All data such as email, phone conversations, and text messages were recorded. Phishing emails and text messages were then sent out targeting the people wanting the jobs mentioning their resumes and other personal information. This means that the emails and text messages would act as a survey and poll to see if people would fall for it. Soon the results would come in. People of lower socioeconomic and educational backgrounds would be attacked more compared to those of high class. Out of those results, most attacks would be sensitive or personal information attacks of 52.5% with phishing just behind by 2.5%. In addition, the attackers would often be 60% polite to the individual that they were phishing rather than using some type of urgency of 32.5% (Cole, 2022). People of the lower class are more likely to fall for phishing and social engineering attacks from the data presented.
People of lower class are more susceptible to social engineering because criminals view them as under-educated and more trustworthy compared to high class individuals. This means that people with lower education often have their identity stolen and sold on the internet. A stolen identity can lead to money laundering and wire fraud. The stolen identity can then be traced back to a person that did not commit the crime which can lead to a complicated legal process. Lower class people also have less money compared to higher class individuals. Security and spam protection is lower as a result. This means emails and phishing text messages can bypass any security measures that is setup do to the lack of security and funds. The study by Cole shows that people of different classes receive and fall for different phishing techniques.
Cole’s research shows that people of all classes need more training and awareness online to combat social engineering attacks. Even though the lower class was affected more, people in the higher class also fell for social engineering attacks but at a smaller rate. The research also shows that there is a lack of security on devices that help prevent social engineering from occurring in the first place. More security should be in place such as artificial intelligence filters and email and text message firewalls to prevent such an event from occurring. This will help the lower, middle, and upper classes collectively.
References
Cole, T. (2022). Exploring Fraudsters Strategies to Defraud Users on Online Employment Databases. International Journal of Cyber Criminology, 16(2), 61–86. https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/view/90/28
