back to article Crooks don't need ChatGPT to social-engineer victims, as they're more than happy to demonstrate

Crooks are becoming more and more adept at using social engineering to hoodwink corporate executives into unwittingly helping the fiends break into organizations' networks — and it's not because the miscreants are using ChatGPT, according to folks at Kaspersky. "Social engineering as a means of getting a foothold into a target …

  1. Anonymous Coward
    Anonymous Coward

    Voice replication is already being used to target people with ransom for family members - a perfect replica of their daughters crying voice "Mom, help me!".

    Expect to here a message from the CEO - "Hi Jen, Could you please look out for mail I sent you with a bank account number to which you should transfer 100K. Yes that's it. Yes, a transfer to Prince Harry Windsor, Duke of Sussex- that's it."

    1. Anonymous John

      That works if you know what his/her voice sounds like. But not if you are making loads of phone calls posing as children or grandchildren in urgent need of money.

      1. anthonyhegedus Silver badge

        Not always the case I'm afraid. A muffled cry for help using any female voice might be enough to convince a concerned father that his daughter is held captive if he's already in a state of panic.

        1. Diogenes

          Because of this we a have agreed on a phrase for our kids, or us for that matter, to use if it is a genuine emergency. It is something very family specific.

    2. Nifty

      Like I posted 12 days ago.

      https://forums.theregister.com/forum/all/2023/04/28/tencent_digital_humans/#c_4656967

  2. Ideasource Bronze badge

    Everyone's a social engineer.

    That's what social interaction is.

    Parents socially engineer their children.

    Children's socially engineer their parents.

    People socially engineer each other to become friends.

    The concept of authority is one of the biggest and ongoing constructions of social engineering I'm aware of.

    The government socially engineers the country to worship law as if it were based reality.

    Advertising is social engineering

    So it should be no surprise that occasionally someone rotates use of these pattern recognition and "hand-shaking" heuristics towards influencing behavior, to greater personal benefit.

    Personally I find it surprising that more people don't.

    To interact socially with purpose.

    That is social engineering.

    It cannot be stopped because it makes use of the same basic interactions and heuristics that allows humans to be social creatures.

    It's the same thing, distinguished only by preference and direction relative to a particular perspective.

    It doesn't take a special mind to social engineer.

    The social world is just the jungle we individuals scrape, farm and defend from.

    For the social world has claimed all physical property forcing us to compete with each other rather than honorably gathering from a physical landscape.

    If you have to go to war, (competitive economics is barely describable as a war game). You better fight with every bit of creativity you have.

  3. Omnipresent Bronze badge

    gpt

    IS the crook. It's a crime against humanity.

  4. Anonymous Coward
    Anonymous Coward

    Fear at the top doesn't help

    At the last place the Chief Exec was known to be, to put it bluntly, a massive cunt. From attempting to fire 3 members in legal (half of legal joined them so he couldn't fire them), to general fear from even directors. This isn't a good way to run a company and so because of this, one day a director got a phishing e-mail, an active and live one. He was in Manchester at the time at a conference and the phisher was e-mailing him by spoofing the Chief Exec, this was before Apple would show the full e-mail address next to the name, so all you saw was the spoofed name (Apple and their shit security). As he was replying it was then clearly showing the spoofed address it was coming from, but this director not paying attention and due to having a fear of this Chief Exec rushed round to pay the £5k that was being requested. "Who is it to be paid to? Finance will need a reference", just put it down as consultant fees was the reply. "I'm having trouble finding someone in legal to process this for you". Eventually the head of finance intercepted it and stopped the con and stopped it. Thankfully & this was all down to the director being an idiot for one but also the fear of a Chief Exec or CEO. Lower down staff are quick to jump, for fear of being fired or bollocked and that is the problem.

    We had a phishing e-mail come in at another place from the CEO. They were nice, nothing to fear from them but, for some, some don't see this or realise so still jump when they say. So they replied and the con moved to text messages. What gets me is at the point the scammers said "We need you to buy Amazon vouchers for the business and we'll refund you later.", why didn't he question this? Why? He followed it through and lost a 4 figure sum.

  5. amanfromMars 1 Silver badge

    Meanwhile, elsewhere, there be others hatching and patching in other plans

    The ultimate being to fool or persuade the mark into doing something they shouldn't, such as grant the fraudster access to accounts and data that doesn't belong to them.

    Oh? Surely not the ultimate?

    One imagines the ultimate to be much more the persuading/brainwashing of the mark to believe in one's own possible future viable actions, which may or may not have been formerly openly shared as a very attractive and addictive and likely course of 0day proaction for global failsafe initiation of an increasingly expansive and horrendously expensive and unstoppable asset and/or program destruction or disruption, rather than expecting them, the marks themselves, to be able to do anything so complex and convenient/inconvenient.

    Such knowledge though can easily have marks doing whatever they can themselves to try and ensure one be appropriately well rewarded to defer such a destructive and/or disruptive activity until a slighter later date .... should things of future concern not be realised and resolved to a greater mutually beneficial satisfaction ....... immaculate resolution/final solution.

  6. Paul Hovnanian Silver badge

    Hoodwinking corporate executives

    Easy, because 'social engineering' is how many of them attained their positions in the company. Fitting in and getting along is an important skill set to get into mahogany row. So it's no wonder that they can be back-slapped and sweet-talked into doing stupid things.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like