|Although blagging can be done in person, the safest and most common method is by telephone|
(photo by Ben Cooper)
Verb & noun. Mid-20th century.
[from BLAGUE; perhaps also a weakening of BLAG noun a violent robbery.]
A. verb trans. & intrans. Inflected -GG-. Coax or persuade (someone) by pretence, deceitful talk, etc.; scrounge (something).
B. noun. A tall story, bluff, or pretence; a hoax or con.
Also: BLAGGER noun. M20
Noun. Mid-19th century.
Noun. Plural pronounced same. Late 19th century.
[French, formed as BLAGUE + -eur -OR.]
A pretentious talker; a joker, a teller of tall stories.
As a tool of private detectives and journalists, blagging has been in the news a lot in the past few years. While there are different names and definitions for blagging, it all amounts to the same thing - tricking someone into handing over information that they wouldn't choose to do otherwise.
Infamous hacker Kevin Mitnick uses the term "social engineering" in his book The Art of Deception. His philosophy is that, regardless of the technological and physical security in place, the human element will always be the weak link in the chain. Therefore, rather than the more difficult and time-consuming route of hacking into a target company's internal servers, it's easier to simply phone a company employee and get them to hand over the password through blagging.
To illustrate how this might be done, imagine that the target company is a large multinational corporation. If a blagger wanted access to their internal systems, he might phone around various departments and staff members (lists of direct extensions are often available online and, if not, are easily obtained through a separate blagging exercise). On each call, the blag would run something like: "Hi, this is Joe from the IT department. I have a report that there's a problem with your computer." It might take a few calls but invariably someone will eventually be found that is having a problem with their computer and is desperate for help in fixing it. Once in, the blagger will not only help the worker fix their problem over the phone, he will dupe them into installing spyware and get them to hand over their login details and password. When the call is over, the unaware worker is delighted that their computer glitch has been genuinely fixed, and the blagger now has permanent access to the company servers (as well as a 'contact' with whom a bond of trust has already been established if ever there is need of future blagging calls).
This is just one possible example of many, many different forms of and approaches to blagging. And if you're thinking: "Oh how stupid can you be? I'd never hand over information like that!" then I dare say that you're kidding yourself. Professional blaggers are indeed very professional, disarmingly charming and uncannily convincing. In fact, it's quite possible we've all been blagged already - we just don't know it.
|If you should realise you've been blagged, the chances of you finding out by whom are slim indeed|
(photo by Mr Hayata)
Have you ever been blagged?
Are you a blagger?
Are you one of the few too savvy and streetwise to ever be blagged?
Do leave your comments, passwords and credit card details in the box below.