Tag Archives: scams

From the #whydidntyouwarnme desk

This is my last week of Social Engineering class at Webster University. The textbook we have been using is “Social Engineering: The Science of Human Hacking” by Christopher Hadnagy. This book is full of powerful personal ancedotes that help me understand Social Engineering better. They also resonate deeply because so many of the anecdotes are relatable to experiences from my own life.

An example of a story that really made me think is on page 260. Hadnagy tells of talking with a friend whose family had been personally affected by a common scam. The friend was angry with him for not warning him sooner and exclaimed “If you knew these things existed, why didn’t you warn your friends?”

I have had friends get angry with me and stop speaking with me for warning them about social media and other media scams and trying to explain media literacy concepts when I saw that they were being trolled. Part of good Social Engineering is to help the people you are trying to warn become more receptive to what you are trying to teach them so they can take in the information to protect themselves against harmful Social Engineering. If someone is your friend and you care about them, you want them to know these concepts. If my attempts are too clumsy and I arouse their defenses instead of concern and I fail to warn because of that, I need to do better. That’s one of the things I’m learning in this class and others. The more I learn about media and technology as I work on a Advertising and Marketing Communications Master’s degree, the more I feel the need to warn.

I’m going to be writing a LOT this week to finish the course, and some of it is going to end up on this blog immediately and farther in the future. Hadnagy advises us not to “assume that the knowledge about these attacks is just common sense”. There are techniques in Hadnagy’s book, in our class, and in lots of other course material I’m learning that is also in classic books, around for many decades, such as “How to Win Friends and Influence People” by Dale Carnegie and “The Hidden Persuaders” by Vance Packard. I have owned those books a long time and have read them several times and I still have to work to master the material in them.

As I learned on a podcast this morning, the concept and term “Social Engineering” has been around since the late 1800s. With every new technological advance that comes along, there are new skills to learn to avoid exploitation through Social Engineering combined with other types of attacks. In order to help people find information on this blog that I think everyone should know as a life skill, I’m going to apply the hashtag #whydidntyouwarnme/ to relevant past and future blog posts.

I have also started listening to a couple of excellent podcasts that are free to listen to if you want more information about the types of media and security issues I’m trying to warn about. I think every Internet user who has something to lose, whether for personal or business reasons, needs to be informed as well as possible.

The Social-Engineer Podcast – hosted by Christopher Hadnagy himself with a variety of co-hosts as they interview leaders in the Social Engineering field.

Hacking the Humans – information about “social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world”.

What types of scams are you the most concerned about?

Dealing with Deceptive and Unfair Messages

Here is another one of my homework assignments for Media Organization and Regulations class. Please read it if you are interested in preventing financial abuse to yourself or others. Some of this information you probably know but it never hurts to have a refresher on such a critical issue. This paper has been graded but I haven’t changed anything since turning it in yet. I’ll update these comments if I do so later.

Carolyn Hasenfratz Winkelmann
Geri L. Dreiling, J.D.
MEDC 5350: Media Organization Regulations
13 December 2020

Dealing with Deceptive and Unfair Messages

The Federal Trade Commission, or FTC, has the authority based on Section 5(a) of the FTC Act to protect citizens from unfair or deceptive commercial messages.  A message is considered deceptive if it is likely to mislead a reasonable consumer (“A Brief Overview…”).  An unfair practice is one that causes or is likely to cause “substantial injury” which consumers cannot reasonably avoid and there are no “countervailing benefits” to justify it (“A Brief Overview…”).

The first line of defense for consumers is information.  The FTC provides a web page with information to help consumers recognize deceptive messages as well as tips on what actions to take if they receive such a message (“How to Recognize…”).  Blocking and reporting messages are recommended strategies.  The FTC recommends reporting SPAM messages to the app the consumer is using, as well as to the FTC.  The FTC investigates complaints and if unlawful activities are found, the FTC will take administrative or judicial action which may eventually result in civil penalties (“A Brief Overview…”).

An example of one case brought by the FTC to get justice and relief for victimized consumers is Federal Trade Commission vs. Ecommerce Merchants, LLC and Cresta Pillsbury, Jan-Paul Diaz, Joshua Brewer and Daniel Stanitski  (Federal Trade Commission… 1).  The FTC alleged that the defendants were guilty of sending 30 million unwanted SPAM messages that were not only unwanted but deceptive (Federal Trade Commission… 5-6).  Just receiving the unwanted messages was financially damaging to the consumers who according to their service contracts possibly had to pay or use credits to receive the messages (Federal Trade Commission… 7).  Monies that the deceptive messages generated for the defendants was deemed by the FTC to be unfair and the defendants likely to continue to offend (Federal Trade Commission… 9).

The FTC petitioned for the following actions (Federal Trade Commission… 9-10):

  1. That the activity cease while the case is pending, the assets preserved and accounting performed.
  2. The defendants be permanently banned from sending these messages.
  3. The injured consumers be released from contracts, be paid restitution and refunds, and fraudulently obtained monies be confiscated from the defendants.
  4. Repayment of court costs and other expenses deemed necessary by the court by the defendants to the plaintiff.

If implemented, it is my opinion that the above should adequately punish the offenders and repay the consumers if the victims are allowed to collect not only for the dollar value of what they lost but other expenses such as the time they spent dealing with and documenting the problem.  The consumers should also be made whole if they had to pay late fees, have their credit score damaged or other such losses that can occur when a financial problem starts snowballing.

A weakness in this kind of enforcement is apparent when consumers are victimized by international scams.  An organization called econsumer.gov, an initiative of the International Consumer Protection and Enforcement Network (ICPEN), attempts to unite consumer protection agencies from around the world to fight international scams.  With only 40 countries participating, obviously there are many countries that do not cooperate.  I think we should consider not allowing messages from countries that don’t participate in this or some similar international anti-fraud program to be sent to US-based text or email addresses.

 

Works Cited

“About Us.” International Consumer Protection and Enforcement Network (ICPEN), 2020, econsumer.gov/en/Home/About/3#crnt. Accessed 13 December 2020.

“A Brief Overview of the Federal Trade Commission’s Investigative, Law Enforcement, and Rulemaking Authority.” Federal Trade Commission, 2019, www.ftc.gov/about-ftc/what-we-do/enforcement-authority. Accessed 13 December 2020.

Federal Trade Commission vs. Ecommerce Merchants, LLC and Defendants. 1:13-cv-01534. 2013. www.ftc.gov/sites/default/files/documents/cases/2013/03/130307superiorcmpt.pdf. Accessed 13 December 2020.

“How to Recognize and Report Spam Text Messages.” Federal Trade Commission Consumer Information, 2020, www.consumer.ftc.gov/articles/how-recognize-and-report-spam-text-messages. Accessed 13 December 2020.

Trager, Robert Susan Dente Ross and Amy Reynolds. The law of journalism and mass communication. Sixth Edition. SAGE Publications, Inc. 2018.