Latest Social Engineering Posts

Executing The Attack

 

 How To Execute The Social Engineering Attack Effectively.

There's a lot happening In the complex mind of the social engineer, who's constantly facing challenges to get what he's after, such as SEing an ISP to get his victim's login credentials, or hitting a major online retailer for a 3,000$ laptop by using the good old DNA method. At times, Instances of this nature may appear somewhat challenging at first, but they're easily circumvented by being confident, adamant, persevering with the task at hand and taking control of the entire SE. All these attributes play a significant role In the outcome, namely (and obviously) to achieve a successful result with the SE'ers objective, like receiving a refund from Logitech for the Bluetooth Wireless Headset using the serial number method. However, this Is of no value If the social engineer does not have the skill set to "execute his attack effectively with each and every SE performed". As a social engineer yourself, how do you ensure that your attack vector will do the job as Intended? Allow me to demonstrate a simple example as follows.

Choose A Gateway You're Most Comfortable With

In terms of hitting online stores by manipulating their representatives for refunds and replacement Items, nowadays, the three most common forms of contact are "live chat", shooting off an "email" and of course, getting on the "phone" and generating a call. Although they all serve the same purpose to get In touch, they're not equally suited to every social engineer, hence you must choose one that you're comfortable with, otherwise the execution of your attack WILL fail and evidently, so too will the SE. There are no hard and fast rules with how you decide to communicate with a company's representative, but rather "based on how confident and comfortable you are with the gateway that you select". For Instance, If you are somewhat Indecisive or perhaps a little nervous with Instant replies to requests, then "do not opt to speak with someone over the phone". Instead, write everything down In an email message- you'll have all the time In the world to not only document your reply, but to also proofread It, thus making sure It's accurate and effective prior to responding.

On the other hand, you could be the type of social engineer who has difficulty In translating your thoughts Into text format, but great during real-time verbal communications, therefore both live chat and email transmission are not suited. As such, "conversation on the phone Is your strength to execute your attack successfully". There are no fixed or definite rules with what you choose to get In contact with a representative, but "It must be one that you can relate to In every facet". On the grounds that you've been social engineering for quite a while, It won't be hard to Identify the one that's suited to your ability In getting the job done- the number of failed attempts will make the decision for you. Do remember that this Is the execution of your attack and sometimes you only get one shot at It, so make It count by selecting the one that you excel at.



Comments