0
1 votes
Social Engineering , The Best Way Into A Victims Life.
16 December 2010
I've always been a huge fan of social engineering, I love to manipulate people into doing what I want, and giving me the information I need. The thrill and happiness behind a successful manipulation is fantastic. And we all know, the weakest part of a security system, is the human using it.
We got multiple ways to manipulate the victim into giving away the information we need to make an attack or identity fraud. I will get into each of this techniques and explain in depth, and giving away some personal tips. The first technique I will explain is the "pretext technique".
Pretexting
The pretexting technique involves some research on the victim before we may start to fish out more information, and get more into this persons life. Information that would be handy is stuff like:
You would need some of these items to start with the pretexting technique and establish legitimacy in the mind of the target. Targets in this case would be to trick more information out of a business, like telephone records, banking records and other handy information right from the company service representatives. And this infomation can help you to obtain even greater legitimacy and you would be able to do even more stuff with the victims information, like make account changes, get specific balances and more specific information.
Pretexting is often used to impersonate co-workers, police, bank , tax authorities, insurance agents and of course the victim u have gathered information about. In most cases all you need is a voice which sound authoritative, sound earnest and a good ability to talk and trick people, its also important to study the victims information and know all the information well so u can answer anything blindfolded and without thinking. You do not want to slip out an "ehhhh" "uhh" during these calls. That could be crucial..
Phishing
Who hasnt been out a late night with their fishingrod, looking for some fish? I'm just kidding.. Phishing is a metod that is used alot to gain access to different accounts. Usually the "hacker" are sending emails from the firm that owns the product (email spoofing), and tells the bait to log in at the scammers site, that looks just the same as the genuine site. This site is grabbing the users password and/or the users information, such as name, location, phone number, email, social security number. This is a very clever way to lure the private information from the bait. And this is an excellent start for pretexting, pretexting would be perfect after the phishing sessions if it ends up with success, and you can get into the victims life! Sadly, most people are very observant at scam attempts these days, so you gotta be clever and make some really genuine site to make this work. And usually the spoofmail gets in the victims trashcan. So I would recommend to spread the phishingsite through other social media, like facebook, msn etc.
I will add more to this blog, just follow and more clever ways into a victims life will be explained.
We got multiple ways to manipulate the victim into giving away the information we need to make an attack or identity fraud. I will get into each of this techniques and explain in depth, and giving away some personal tips. The first technique I will explain is the "pretext technique".
Pretexting
The pretexting technique involves some research on the victim before we may start to fish out more information, and get more into this persons life. Information that would be handy is stuff like:
- Social security number
- Birthdate
- Bill number, and bill amounts
- The victims full name
You would need some of these items to start with the pretexting technique and establish legitimacy in the mind of the target. Targets in this case would be to trick more information out of a business, like telephone records, banking records and other handy information right from the company service representatives. And this infomation can help you to obtain even greater legitimacy and you would be able to do even more stuff with the victims information, like make account changes, get specific balances and more specific information.
Pretexting is often used to impersonate co-workers, police, bank , tax authorities, insurance agents and of course the victim u have gathered information about. In most cases all you need is a voice which sound authoritative, sound earnest and a good ability to talk and trick people, its also important to study the victims information and know all the information well so u can answer anything blindfolded and without thinking. You do not want to slip out an "ehhhh" "uhh" during these calls. That could be crucial..
Phishing
Who hasnt been out a late night with their fishingrod, looking for some fish? I'm just kidding.. Phishing is a metod that is used alot to gain access to different accounts. Usually the "hacker" are sending emails from the firm that owns the product (email spoofing), and tells the bait to log in at the scammers site, that looks just the same as the genuine site. This site is grabbing the users password and/or the users information, such as name, location, phone number, email, social security number. This is a very clever way to lure the private information from the bait. And this is an excellent start for pretexting, pretexting would be perfect after the phishing sessions if it ends up with success, and you can get into the victims life! Sadly, most people are very observant at scam attempts these days, so you gotta be clever and make some really genuine site to make this work. And usually the spoofmail gets in the victims trashcan. So I would recommend to spread the phishingsite through other social media, like facebook, msn etc.
I will add more to this blog, just follow and more clever ways into a victims life will be explained.
. Working on the next part as we write.
