Research
Experience, time, and patience.

People
Find an employee to become friends with and exploit.

Relationship
If you come across as fake you will not succeed.

Viewpoint
CCTV, buildings, storage, airport & hangers, parking lots, highrises, physical security points.

Google Maps | City Mapper | Bing Maps | Open Street Cam

Locks in use, employee schedules (days, evenings, graveyard, weekend shifts), contact numbers and addresses, email lists, client lists, company and employee social media pages, social events, or weekend rallies.

Functional View
Technologies, devices, operating systems, software and hardware security, enterprise resource planning (ERP), company visibility, efficiency, intelligence, biz model, company website, databases, email servers, customer portals, surveys.

Dumpster Diving
Industrial, Commercial, Residential bins. Recon first.

Tailgating
Walk in behind a person who is authorized. Impersonate delivery driver or caretaker. Dolly with parcels, clipboard. Ask employee to hold door open, says thanks you got it from here.

Pretexting
Excuse to do or say something that is false. Pretexts may be based on a half-truth or developed in the context of a misleading fabrication. Pretexts have been used to conceal the true purpose or rationale behind actions and words.

Quid Pro Quo
Exchange, trade, trade-off, swap, switch, barter, substitute, substitution, reciprocity, reciprocation, return, payment, remuneration, amends, compensation, indemnity, recompense, restitution, reparation, satisfaction, requital. In cases of "Quid Pro Quo" business contracts, the term takes on a negative connotation because major corporations may cross ethical boundaries in order to enter into these very valuable, mutually beneficial, agreements with other major big businesses. In these deals, large sums of money are often at play and can consequently lead to promises of exclusive partnerships indefinitely or promises of distortion of economic reports.

Scareware
Part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it.

Baiting
Dropping thumb drives with malicious payloads. Parking lots, librairies, shopping malls, and restaurants are high traffic areas. Notification upon activation. Remote attacks wreak havoc.

Response to a question you never had
Some representative has your attention. Service outage has been scheduled. Problem with one of your accounts. Verification required. Remote assistance.

Some Notes

Do not give personal information over the phone or by email.
Cross-micro-cut old account bank/cc, signatures, numbers, ssn, medical, legal info.
Travel with id/b/cc you need for that day.
Invest in 2&3 factor, hardware authentication.
Change default passwords to strong pass phrases. 4 to 7 words.
Strengthen with upper, lower, numbers, and special chars.
Do Not connect to WiFi without encryption.

Good Reads

Prince Harry conned by Russian telephone pranksters

IBM social engineer @_sn0ww easily hacked 2 journalists for 3 weeks.

An ethical hacker's view of cloud security risks from social engineering.

Social Engineering Circumvent Multi-Factor Authentication — .pdf FBI

How Device-Aware 2FA Can Defeat Social Engineering Attacks — Markus Jakobsson


Trackers: United States | Canada | BBB

Social Engineering

© 2020 . phishy website