How do you?

Social engineering is the art of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim.

Re: How do you?

Post by Jack_Payne on Sun Sep 13, 2009 1:19 am
([msg=29560]see Re: How do you?[/msg])

It is not overly difficult. The biggest thing you need to be able to do is have confidence. Act as if you belong/ whatever the situation is and typically nobody will question you. Now, as far as the question "Who would be stupid enough to fall for that?" it's really quite easy. I will give a quick example: (please note, this is for educational purposes and shouldn't be attempted or copied if it would lead to any illegal activities)

There are applications that you can use to disguise your phone number, a notable one being Spoof App. So, lets just say you want to get a teacher's password at school (or you could just say an employee's password at a corporation... most of this process would probably work well in that context) (please remember, I am merely using this for educational purposes!). Well, you obviously already have the name of the teacher that you are trying to get a password for. Chances are it isn't that hard to obtain their username either, by some observation (or, for instance at my school usernames are determined by the first letter of your first name, followed by a period and then the last name). Then, you find the head of the IT department for the school, and hopefully a phone number to reach that department, or the head of it. You then fake the phone number, and call up the person of choice. Give them something like: "Yes Mr. John Doe it seems we are having a problem with your account down here at the IT department and Mr. (head of IT department) wanted me to take a look at it. Unfortunetly, he forgot to tell me your password. He's in a meeting right now and it would save me a lot of time and a headache if you could help me out."

It can be that easy. You just have to act like you belong, know the right names to mention and most of all, try to be charismatic. By mentioning something along the lines that they would be helping you out, you trigger an emotion within your target that makes them feel compelled to help you.

Please also note that this wasn't exactly an incredibly smart excuse for obtaining a password, but I was just trying to make a point.
Jack_Payne
New User
New User
 
Posts: 7
Joined: Thu Jul 03, 2008 2:46 am
Blog: View Blog (0)


Re: How do you?

Post by Syncvoid on Tue Jan 26, 2010 5:54 pm
([msg=33947]see Re: How do you?[/msg])

Social Engineering can be as natural as meeting a person.

You can take SE really far, but it's probably very easy for you to target people of your own culture, background, and local community. This is especially true if you would think about testing it out on people. Simply "getting to know someone" can yield tons of information that can apply to your trade.

Personally, I think a good SE will be a jack of all trades. What I mean by this is, they know enough about topics that are discussed in a particular group, but they are not necessarily a guru on the subject. Just being able to discuss a topic on level beyond just "hearing about" can open more doors for you.

Another good way to SE (This is very true with technology) is to be an "expert" on it. Sounding and acting like you know what you're talking about will gain confidence and trust (Trust is usually the goal). Young people who use computers can tell when a person is BSing about technology, but if you have a little passion behind what you are saying, you can talk over their heads to the point of them just accepting what you're telling them. Older people are similar.

But SE goes beyond what I talked about, WAY BEYOND.

If I had to give some tips based on personal experience (You don't even need to have any malicious intent):

Recognized the value of information- Being from America, I can tell you people, want attention, so much so they are a walking recorder willing to hit play on their personal lives.

Critical thinking- Many people don't do this. Their is a good chance many poster don't do this. Arguments are full of information (Emotions have a higher affect on people than facts). Being able to see both sides, play the devils advocate, and understanding peoples emotion will get you far.

Use what you know and if you don't know learn it - Here's an example. There is a kid in my IT class that is full of himself. He thinks he know everything about computers so much, he though his vast experience of 1 year, would out play the teachers 40+ years. If you recognize when you are intellectually out matched, you probably not going to win any SE schemes.

FYI, I am no expert, this is just personal experience. Here's a good experience for you, Stop watching mainstream TV, News, Website for a few month. Than try and watch them again and you'll see the absurdity of SE in action and the people around it buying into it. I no longer own a TV and avoid major websites and stick only with music. It a huge perspective change to pull yourself out of that barrage.
Syncvoid
New User
New User
 
Posts: 9
Joined: Tue Jan 26, 2010 10:00 am
Blog: View Blog (0)


Previous

Return to Social Engineering

Who is online

Users browsing this forum: No registered users and 0 guests