Unsolicited Approaches

August 13, 2012

In keeping with the themes of social engineering and elicitation its a good point to discuss the need to be wary of unsolicited approaches. We also need to be mindful that these approaches are not necessarily made in person although they can be. In today’s technological world they are frequently also made via email or through social media.

These types of unsolicited approaches are made by criminals and other dangerous people for a variety of reasons. Their objective is often fraud or theft of proprietary or classified information or other sensitive data. Sometimes – as we saw in the case of the Colombian Facebook kidnapping gang it can be to facilitate more violent crimes such as kidnapping, armed robbery or rape. Anytime people you don’t know seek you out – whether in person or online – you should look at the situation with a critical eye and question their motivation.

I once attended a counterintelligence presentation that addressed this issue. The instructor – a short, overweight middle-aged man with a beard and glasses wearing suspenders and a bowtie – stepped to the podium. He began by saying how when he was at home in the US he couldn’t get an attractive women to give him the time or to even spit on his shoes. But when he goes overseas its another story. He turns into Brad Pitt and beautiful women at the bar flock around him. He gets phone calls from women and has them knocking on his hotel room door at all hours of the night.

The point is well made. If these types of things don’t happen to you regularly at home why are they suddenly happening when you arrive in country X? His presentation was focused on counterintelligence but the motivation may be different and probably related to separating you from your money in some way. The broader concept is that you should be cautious of someone’s potential ulterior motives if you are approached unexpectedly.

Sometimes these are “cold approaches” that come largely out of the blue and some are “warm approaches” where the person may have gathered some basic information on you (often through social media or other Internet resources) and has – or purports to have – something either professional or personal in common with you. This is one of the risks of posting too much on social media sites, especially concerning hobbies, interests and other things that can be used as a vehicle to get in contact with you, establish rapport and so forth.

These warm approaches can take places over time and may be very effective in getting you to gradually lower you guard. It appears that was the case in the Colombia Facebook case. The kidnap gang was apparently successful in convincing their wealthy male victims via Facebook that they were attractive women and by cultivating an online discussion and ultimately enticing them to come to a physical meeting where they were subsequently drugged and kidnapped.

There can also be “cold approaches” where you are approached by a stranger who initiates conversation without any prior connection of any sort.

Be wary – but not paranoid – if you are approached by a stranger. Always look at the situation with a critical mind and ask yourself what ulterior motives or hidden agendas might exist. You do not need to be rude but be cautious, especially if the situation seems unusual or outside your usual frame of reference.