The Case of the Vengeful Hairdresser

Last year I was asked by a law enforcement client to examine a set of 42 social media profiles engaged in an online harassment campaign. In-depth analysis revealed that all 42 profiles were fakes. They had been setup and were being used by a nineteen-year-old hairdresser who had been dumped by her boyfriend and was now targeting his new partner, the mother of his new-born child.

Rather than approaching the young mother directly, the hairdresser connected with her target’s friend network. Widely used in a social media context, this triadic closure ploy means that when a target eventually receives a friend invite from the fraudster, they will see that they already have friends in common and this may induce the victim to accept the request without investigating it further.

Triadic closure is widely used by financial fraudsters and by other criminals intent on subverting employees in key roles. It is also a favoured technique for grooming and stalking. It can be challenging for even well-trained and alert members of staff to see through engineering of this nature

After a few weeks, the 42 fake profiles operated by the vengeful hairdresser each had over one hundred friends, all of whom were friends of the mother. The hairdresser had surrounded her target with a network of fake connections; friends of friends and then friends of their friends; a virtual spider’s web.

This was only possible because, like many users, the new mother had left her social media profile settings at the default level; anyone could see her profile, her timeline, her photos, posts and friends list. Anyone could therefore send friend requests to her friends and create fake profiles that were of a similar type, in terms of demographic, interests and apparent lifestyle.

Leaving settings at their default level is an issue that stripes across all types of technology and default settings are rarely secure.

With her intended victim encircled, the young hairdresser then carried out the crucial phase of her attack. She created an In-Memoriam tribute page dedicated to the new-born child of the new girlfriend, bearing the child’s photo, although there was nothing wrong with the child in reality. As a result, the new mother received a torrent of condolence messages, coming not only from her friends, but from the friends of her and from hundreds of their friends. The emotional impact of this virtual death threat can only be imagined.

The example of the vengeful hairdresser is illustrative of the ruthless approach to online social engineering that is a hallmark of digital criminals, ‘cyberpaths’; online sociopaths who exclusively use digital channels. Today there are millions of such actors and the very nature of the internet fosters their development because it puts them anonymously in touch with victims at a distance. Some of their key characteristics include:

• Lack of remorse
• Lack of conscience
• Obsessive behaviour
• Strong social engineering abilities
• Some degree of technical or online skill
• Engagement in fraud, stalking, grooming, harassment or the seeking of revenge for perceived wrongs

Many internet trolls are clearly cyberpaths, as are many prolific online fraudsters.

Malicious social engineering has evolved beyond the simple con. As organisations respond to the threat of cybercrime and online fraud by introducing more sophisticated controls, cybercriminals have increasingly focused on human beings as targets. After all, we can update our software, but updating people is a much tougher challenge; just push the right emotional button and all those hours of security awareness training can suddenly become worthless.

Social engineering threats now top of the list of threats that counter-fraud teams need to understand and prepare for. In response to this, Cifas has created a social engineering 1-day course as one of the foundational elements of its new Digital Counter-fraud Learning Pathway. The course focuses on practical demonstrations of how social engineers find and exploit data, as well as the steps internet users should take to protect themselves.

To learn more about this course and all other course we offer visit our dedicated LinkedIn page and our website.