Latest Social Engineering Posts

The Environment Must Be Suitable


Your Environment Must Be Suited To The Nature Of Your Target.

Regardless of whom you're social engineering and the amount of times you've hit the SE over and over again, the fact Is, there are no two SEs that are a carbon copy of each other- they will differ to some degree, For Instance, let's say you're planning to hit a telecommunications company, by pretending to be an employee from another department In the same complex, with the objective to manipulate their representative Into reading out the default four-digit PIN code to access every user's voice mailbox on the same network. After a somewhat lengthy procedure and having to authenticate yourself a number of times, you've finally succeeded and achieved your goal. 

Now let's say you've applied the exact methodology to another company (such as a fast food restaurant) with a similar Intention, by claiming to be the assistant manager from the head office who's lost the four-digit PIN code to the building's staff entrance. Yet again, the SE has worked In your favor. Although both attacks used the same manipulative tactics, "the environment they operate In" Is very different to one another. The telco company Is typical of an office organization with phones ringing and keyboards tapping away, whilst the fast food restaurant has cash registers opening & closing, as well as customers talking and laughing out loud. 

As such, when social engineering an entity "by pretending to be an Internal/existing employee", It's of the utmost Importance that "your background environment matches with that of your target". For example, I'll use a business that purely handles Incoming calls from clients, customers and their workers, by taking all requests from any one of their offices. Now If I was calling as though I'm from the HR section with the Intent to SE a worker for their password, and there's dogs barking In the background or perhaps babies crying, anyone with common sense will Identify that the call Is fake. Instead, I'll prepare my method by locating an "office noises/sounds clip" on YouTube (yes, there's heaps!) and play that during the time of my call. In closing and simply put, "your social engineering environment must match that of your target"