Latest Social Engineering Posts

Every Attack Must Have A Method

 


Every Social Engineering Attack Must Have A Method.

Social engineering Is a very powerful tool that's predominantly used to obtain confidential Information from unsuspecting victims, such as usernames & passwords, email addresses, date of births, phone numbers and the list goes on- with the Intention to build Identities from the ground up or perhaps compromise accounts and transfer funds Into the SE'ers credit card. If you Google Its definition, you'll read a lot of resources relating to this and more, such as Infecting computers with malware with the objective to gain remote access and steal sensitive data. However there's one type of social engineering methodology that you will not find on major technology-based and security websites, namely "company manipulation and exploitation". This Is known as "the new breed of human hacking", that takes an exceptional set of skills to get the job done without fail. 

It relates to SEing online stores to the likes of John Lewis and Amazon, by manipulating their representatives to Issue refunds and replacement Items by using what's called a "method", which supports the attack vector all the way to the end - an outcome In favor of the SE'er. So what exactly Is a method and how Is It used? In simple terms, It's the backbone of every social engineering attack and without It, the SE will not move forward. For example, In order to grab your target's user credentials, you first need to figure out "how" you're going to do It by formulating a "plan", thereby you have a foundation to work with during your exploitation. That's precisely what a method Is- a "plan" that guides your attack vector In a positive direction and helps maintain Its consistency throughout the entire duration of the SE. There are many methods to choose from, but It's not as simple as opting for the first one that comes to mind. To give It the best chance of success, It must be compatible with the nature of the Item.

For Instance, there Is (but not limited to) the "leaking battery method", "missing Item", "partial", "wrong Item received", "sealed box", "boxing" and many more- all of which MUST be prepared and applied accordingly. There are no Ifs, ands, or buts about It! It's absolutely Imperative that you make the correct decision right from the get-go, as It will ultimately determine whether you'll successfully refund that beautiful gaming laptop, or prematurely end your SE due to your Incapacity to opt for a suitable method. It's way beyond the scope of this article to elaborate on that, so please refer to my tutorial here that I've written on my other blog. In closing and on the grounds that you've read my tutorial as per the above link, you're now well aware that every attack must not only have a method In place, but also one that supports It by leaving nothing to chance





Comments