Little Red Riding Hood: CyberHero 2021

Little Red Riding Hood was going to visit her grandmother. Red’s mother packed a nice lunch and treats for Grandma and told Red to deliver the package. She told Red, “Stay on the sidewalk, don’t talk to strangers, and call me when you get there.”

Red – being a very typical kid – said, “I know mom! I got this.”

Red went to Grandma’s and, on the way, she met a really nice guy named Steve Wolfer, aka: the Wolf. Steve said he knew Red because she and his daughter went to school together. In fact, he seemed to know a bit about Red. Even though Red knew she wasn’t supposed to talk to him, he seemed safe enough, so she chatted with him.

Red told the Wolf that Grandma wasn’t feeling well. The Wolf seemed really interested in what she was saying and asked questions that seemed innocent enough… like what was wrong with Grandma?, where did she live?, how long did she live there?, did she live alone or did she have help? Once the Wolf got the information he wanted, he tricked Red again.

“Hey, you said your Grandma isn’t well. There’s a flower shop just down the street. You should stop and grab flowers for her.”

Red said, “Oh, my mom told me I should go straight to Grandma’s.”

“But,” the Wolf persisted, “imagine how happy she’ll be to have flowers. You’ll show her how much you care about her!” This convinced Red and she went to the flower shop. While she was distracted, the Wolf went straight to Grandma’s house.

When he got there, he used the information Red shared to trick Red’s grandmother, as well. He said, “Grandma! I ran into your granddaughter, Red, on the way here. Our kids go to school together and – Grandma, I’m sorry – but Red’s been hurt, and she needs help! She can’t reach her mother and asked me to get some money so she can cover her Uber and the hospital co-pay. She said to ask for your credit card. This is an emergency!”

Grandma, feeling overwhelmed and scared, didn’t hesitate to give her credit card to the Wolf.

When Red arrived at Grandma’s 30 minutes later, totally healthy and bearing treats and flowers, both she and Grandma realized they’d been victims of… social engineering.

Moral of the Story

This is a pretty classic example of social engineering. The Wolf cleverly asked Red questions in such a way that Red didn’t even realize she was revealing personally identifiable information (PII) and personal health information (PHI) to him.

The Wolf was able to use readily available information about Red from the internet, including what school she went to, her interests and hobbies, and even her friend’s names. And using this information, he tricked her into believing they knew each other which, in turn, made Red trust him enough to reveal even more information. He distracted her and then used the information to scam her Grandmother.

Social engineers – wolves – will go to great lengths to fool us. Their desire can be as devious as completely obliterating your bank account, or as sinister as revealing PHI or other personal information just to humiliate you. It’s important to remember that social engineers aren’t necessarily technically proficient. The Wolf didn’t need to do anything more than check out Red’s Facebook profile to learn about her likes and dislikes, her friends, and where she went to school.

Just like it doesn’t require technical proficiency to be an internet scammer or cybercriminal, it doesn’t require technical proficiency to stop cybercrime. It just takes a bit of attention and practicing what you’ve learned. You can download and use three family pledges to be cyber secure from the Connect Safely website.

OIT is always seeking to improve customer service to ensure VA consistently delivers exceptional customer service to our Veterans. We believe anyone can be a CyberHERO. You’ve heard the saying “knowledge is power,” but really, applied knowledge is power. So, it’s not just what you know, it’s what you do.

---

Submitted by VA’s Office of Information and Technology.