BOOK REVIEW

Confessions of a confidence man – a book for suckers (1923) by Edward H. Smith telling the story of William C Crosby.

But… its almost 100 years ago! How could it be relevant for modern cyber crimes? (compared to the cyber kill-chain). We’ve used this technique on ethical penetration tests and vulnerability assessments.

Smith goes through the six stages needed to set up a con, including

Foundation work – the con artist figures what supporting people he needs in which roles, and plans the con. People tend to trust information told by another about you (rather than what you say about yourself), so having another to vouch for you is always helpful.

Approach – the victim is contacted. The method, medium and first impression are always crucial.

Build up – victim is given some honey pot or other sweetener to induce them to enter the scheme. Greed and quick thinking bring out the worst in people.

Pay-off – when people see a tangible reward, all the cynicism or caution will normally be forgotten. The payoff can be a fake dividend for example.

The Hurrah – crisis / change of events, and now the victim must make a quick decision. All effort and preparation is made so the victim’s decision is most likely to go in one direction.

In-and-in – an actor from the ‘foundation work’ who seem skeptical and cynical about the deal earlier, now goes all in. This emboldens the victim.

There was no tech when Smith wrote the book, only human nature. Tech changes, people don’t.The_Sting_2750386k

Advertisements