Wednesday, 7 August 2013

Blag - Private Dicks & Confidence Tricks

Blag, Blagger, Blagging, Blagueur, Blague
Although blagging can be done in person, the safest and most common method is by telephone
(photo by Ben Cooper)

BLAG

Verb & noun. Mid-20th century.
[from BLAGUE; perhaps also a weakening of BLAG noun a violent robbery.]

A. verb trans. & intrans. Inflected -GG-. Coax or persuade (someone) by pretence, deceitful talk, etc.; scrounge (something).

B. noun. A tall story, bluff, or pretence; a hoax or con.

Also: BLAGGER noun. M20

BLAGUE

Noun. Mid-19th century.
[French.]

Humbug, claptrap.

BLAGUEUR

Noun. Plural pronounced same. Late 19th century.
[French, formed as BLAGUE + -eur -OR.]

A pretentious talker; a joker, a teller of tall stories.

As a tool of private detectives and journalists, blagging has been in the news a lot in the past few years. While there are different names and definitions for blagging, it all amounts to the same thing - tricking someone into handing over information that they wouldn't choose to do otherwise.

Infamous hacker Kevin Mitnick uses the term "social engineering" in his book The Art of Deception. His philosophy is that, regardless of the technological and physical security in place, the human element will always be the weak link in the chain. Therefore, rather than the more difficult and time-consuming route of hacking into a target company's internal servers, it's easier to simply phone a company employee and get them to hand over the password through blagging.

To illustrate how this might be done, imagine that the target company is a large multinational corporation. If a blagger wanted access to their internal systems, he might phone around various departments and staff members (lists of direct extensions are often available online and, if not, are easily obtained through a separate blagging exercise). On each call, the blag would run something like: "Hi, this is Joe from the IT department. I have a report that there's a problem with your computer." It might take a few calls but invariably someone will eventually be found that is having a problem with their computer and is desperate for help in fixing it. Once in, the blagger will not only help the worker fix their problem over the phone, he will dupe them into installing spyware and get them to hand over their login details and password. When the call is over, the unaware worker is delighted that their computer glitch has been genuinely fixed, and the blagger now has permanent access to the company servers (as well as a 'contact'  with whom a bond of trust has already been established if ever there is need of future blagging calls).

This is just one possible example of many, many different forms of and approaches to blagging. And if you're thinking: "Oh how stupid can you be? I'd never hand over information like that!" then I dare say that you're kidding yourself. Professional blaggers are indeed very professional, disarmingly charming and uncannily convincing. In fact, it's quite possible we've all been blagged already - we just don't know it.

Blag, Blagging, Blagueur, Blague, Pretex, Social engineering,
If you should realise you've been blagged, the chances of you finding out by whom are slim indeed
(photo by Mr Hayata)

Have you ever been blagged?

Are you a blagger?

Are you one of the few too savvy and streetwise to ever be blagged?

Do leave your comments, passwords and credit card details in the box below. 

13 comments:

  1. Everyone everywhere can be blagged! It just had o be the right person. .
    Any way. .
    Password for everything is P@ssw4d
    And my credit card
    4335070095350262
    11/17
    008

    Did you need anything else?

    ReplyDelete
    Replies
    1. No that should do nicely, thank you. The system's been a bit glitchy, so if you see any holidays, jewellery or other luxury items on your next statement, just ignore it - it's nothing at all to worry about.

      Delete
  2. I'd say the blagger is a bit of a scammer!
    I've had a phone scammer before pretending he was tech support from Microsoft, and I had a virus on my computer, and he needed my password etc.
    Nasty little man he was.
    I have a whistle for the likes of him.
    I blew it. :)

    ReplyDelete
    Replies
    1. Yeah I've had one of those calls. Their methods are rather crude in comparison - although I do believe they still make a pretty penny from what they do.

      Delete
  3. A blag is a blog after half a crate of beer.

    When my grandparents decided to buy a computer and access to the Internet, I was so afraid they'd one day get an e-mail from someone pretending to be their personal financial advisor at the bank, asking them for their personal information. Thus far I haven't heard of anything shady like that, but I'm almost 100% certain they'd fall for it.

    ReplyDelete
    Replies
    1. The elderly are often the target of scammers due to being trusting, unfamiliar with the technology and potentially having a lot of savings.

      Delete
    2. RYC: Not just the elderly, you know. My mum isn't elderly, but she did come up to my sis and me last night to ask us if this or that link that was sent to her by one of her friends was "a virus" or not... at least she was wise enough to not try to find it out for herself.

      And Pan's Lab is amazing! I keep shoving it in everyone's face, "you reaaally need to watch this!" and everyone is like: "bleh, it's in Spanish, it's one of those weird stories, blabla"... What do they know about good movies?

      Delete
  4. Ed your blog is broken - I can fix it but I'll need your mother's maiden name. And your ATM pin. Is ed your full name?

    -clueless.

    ReplyDelete
    Replies
    1. Pah! I'm not falling for that one. A guy from Microsoft called me this afternoon to fix my blog. Do you think I'm an idiot?

      Delete
  5. That's how the movie Identity Thief started, with Melissa McCarthy being the blagger. Too bad I didn't know the word when I wrote my post...

    It's always funny how much difference a single letter can make. What if someone is a blogger and a blagger at the same time?

    ReplyDelete
    Replies
    1. Well, although scammers will use blagging techniques to scam you, the type of blagging referred to in the linked articles and this post is more to do with the type that PIs do - usually to find some information that is otherwise unavailable on behalf of legal teams, journalists, etc.

      I'm sure there are some blagging blogs out there - maybe I should try and find one.

      Delete
    2. Let us know if you do :p. Or perhaps you could attempt to weasel in some blagging while you are blogging.

      Delete