Latest Social Engineering Posts

Be Realistic About Your Target


Use Common Sense By Being Realistic About Your Target.

Those who know me In the social engineering community that I'm registered with, are well aware that I've always stood by the fact that "anyone on any level can be manipulated and exploited", Irrespective of their nature and level of complexity. Given the human mind Is the weakest component In every security configuration, with careful planning and strategic formulation & execution, It doesn't take too much effort to get the person on the other end of the conversation, to perform actions that they're not supposed to do to begin with. That's the power of human hacking- the SE'er, can basically convince his target to dance to his tune (so to speak.) As a result, they'd give away confidential Information or transfer funds Into his account, unbeknownst to the fact that their behavior Is the result of being brainwashed via powerful social engineering attack vectors.

Now when I say "anyone on any level can be manipulated and exploited", evidently It's based on feasible and attainable scenarios and when I personally SE under these attributes, I maintain a 100% success rate- there's no Ifs, ands, or buts about It. What I'm predominantly referring to Is SEing online stores to the likes of Currys PC World, Logitech and (stating the obvious) Amazon for refunds and replacement Items. However, they're all done well within reason and my goals are "realistic", and not something that's Improbable and far fetched- as this Is a major reason why the majority of SEs fail. As an SE'er yourself, It's of paramount Importance "to be realistic about your target", and not attempt to social engineer things that're Imaginary and way beyond the point of reality. In doing so, Is not only a complete waste of time, but It can also have a significant negative Impact on your confidence level.

For example, let's say you're looking to SE a nice gaming laptop with a weight of 4.5 Kg by using the "missing Item method". Given all packages are weighed on consignment, how do you justify that the package you received from the carrier, was 4.5 kg lighter compared to the weight taken at their depot as It was being loaded Into their van to be delivered at your address? I'll answer It for you- "you can't". Believe It or not, I've come across many social engineers who've attempted this, only to be disappointed with the result. Or perhaps "boxing the company" with an Item of 20 Kg, by adding dry Ice as the weight substitute. It's virtually Impossible to calculate the sublimate time (of the dry Ice), from the collection point, to the carrier's storage facilities and when the package finally reaches Its destination. As you can see, both events are fanciful and not based on Incidents that have even the slightest chance of succeeding. The message Is pretty clear- set yourself some "realistic goals" and you'll find that regardless of complexities, the SE will work In your favor.