#3 How does a private detective work? - Social engineers and other criminals
The way private detectives work can be a tightrope walk between legality and crime. It is therefore not uncommon for private investigators to turn out to be good social engineers. Because the detectives work as we know it from television, where the scripts are not as stupid as on the German channel RTL. For married couples in not very loving relationships it can be difficult to track money movements from the joint account. Especially when the money is withdrawn and hidden in physical form somewhere. If the money flows through institutions (which are not exactly block chained), then depending on the banking system it should be possible to track it. You don't even have to be the tax office to do this. Depending on the country it can be more or less easy. The Swiss banking system, for example, is very closed as long as there is no concrete evidence of criminal activity. For this purpose, theoretically anyone can open an account as long as the liquidity is right.
With the British banking system it is a bit more difficult to open an account. There should be a certain exclusivity.
British/American banking system
To open an account with an English bank, a person who is already a customer must vouch for the new customer. In order not to bother customers unnecessarily, institutions have now been formed to answer such inquiries. In Germany, for example, a score system is used. In America, a consumer report on individual persons is used, similar to that in Great Britain.
If our private detective now needs information about a bank customer, it would be wise to acquire the disguise of a cooperation partner of the bank. Before we can do that, we have to learn what is discussed between banks and cooperation partners.
As a social engineer you should avoid to be present in person, so it is advisable to learn the appropriate jargon/names or similar.
Do we ask for the PIN?
Yes, indeed. In this case, we would not ask for a PIN, but how a bank identifies itself to request a consumer report. The best way is to call the bank and ask them to put you through to an employee who could open an account. Instead of opening an account, we have to ask how they start such a query. At this point, most employees are perplexed because someone on the other end of the phone is asking for important information.
One should have a good excuse ready: "I am writing a book for bankers. Or "I'm doing research for a novel." Or "I'm a business student and I'm writing my thesis on communication methods between banks and check checking services." You should have a good feeling for when the person on the phone starts to get suspicious. The more suspicion one dispels, the more one is presented with important information. In this case we should be given a kind of "dealer recognition". Because when companies work together, parties need a kind of code with which the other party authenticates himself.
Do not lose sight of the goal. At first we only try to gather information by learning the jargon of the parties involved.
The Russians salute Napoleon
It is important to note that the person you are trying to trick should not be put into an alarm state. It would be difficult to restart if the whole branch was warned of such calls by the colleague. So it is very unfavorable to leave scorched earth behind. You have to pay a lot of attention to individual pauses and answers of the person and often react very spontaneously and intuitively.
Helpful method
If you ask a personal question to the person on the phone, the reaction can reveal a lot about the trust you have placed in them.
If the person on the phone is irritated or doesn't know whether to answer it, he or she is suspicious.
If the person answers the question gladly or enthusiastically, then it is definitely a sign of trust.
It is also important never to end the conversation after receiving the information you are looking for, this seems very unnatural.
What do we do with the new jargon?
When a child learns a new word, he or she has to say it in order to use it. Now that we have learned what is being discussed as private investigators, we need to have the latest data on the jargon.
So we now call the bank on behalf of the cooperation partner, namely as service provider for the Consumer Reports, and ask them how satisfied they are with our service. 😉
This conversation is somewhat easier, since we can use by our learned from the first call, thereby from the outset somewhat more confidence will be able to enjoy and will thereby the person of the bank in security weigh. (So that the voice or expression is not recognized, someone else is fooled with the newly learned. Someone in another branch, possibly even in another city.
It is best to start with general questions, which preferably require short answers. To make it look more serious, you can decorate this with a scale: "On a scale of 1-10, 10 being good, how do you find our customer service?"; "Do you think we work reasonably fast?"; "Which dealer ID do you currently use?".
With the last question we are pursuing our goal. By asking more mundane questions about the satisfaction of our questions, we may at some point ask this particular information, because as a conscientious service provider we want to offer the most up-to-date and effective procedures. As learned above, we ask more mundane questions and thank the bank staff for their help in improving our services.
With the merchant ID we are now able to contact the bank and query which funds have been transferred to where. Further required information can be requested from the clients, since we are snooping around on their behalf.
The trick in the whole thing is to give away supposedly harmless information, therefore would like to encourage all readers to think about it to whom you pass on which information.
Can this information serve as a piece of the puzzle for a coup?
If I pass on information, can I be accused of negligence?
(In our example this will probably "only" end in a War of the Roses)
It is difficult to protect oneself against the demand for the correct jargon, as it is very common in the banking profession and is therefore an object of everyday life.
But what you can defend yourself against was the position in which you are asked by the "customer service" of the cooperation partner. If the question seems suspicious to you, you can ask for a callback number and your name, because something is interrupting your phone call. In this case this was the biggest weakness of the private detective. One could also call the cooperation partner and ask that such a query of the "service" has been made, with a negation one could inform the bank and put it on alert.
I understand that cyber security is a whole lengthy topic on its own and people who are moving in the direction of this filed needs to be extremely smart and knowledgeable.
Absolutely, they even require information about specific processes of the working habits in a bank. A merchant ID's, branch numbers of domestic or international branches are sometimes a must have. For example the german police is living strong in bondage with authorities. An unexpierenced police officer can be outwitted by mentioning the name and rank on Phone.
That's why I want to introduce simple tricks with cool examples to sensitize the community for such topics. I have to accept, that this post is more specific about Phone calls, but you can transfer it to an conversation by E-Mail and faked questionaires. By the way thank you a lot for your comment. I should expand my next Post about the possibilities, how the trick can be transferred. :)
you have to be very careful to avoid fraud, well today social engineering is used to get hold of people's money, so the wisest thing to do is be careful.
Yes, it can ruin your life, besides it can ruin the life of the victims. That's why we should educate us together in this Community. Maybe my next post Will be about the "Mermaid call".