YuckTheFankees wrote:I would like to know how you prepped for the social engineering and maybe an example of one you have completed. thank you!
I have done corporate espionage on several occasions. The most important way to prep is to have a detailed back story, and be able to respond to questions without hesitations. I never ask ask for information, I volunteer information and it is an opprutunity for them to contribute to a situation. For Example, I was writing an english paper in college on Social Engineering and I had to meet with my teacher to go over the my rough draft. She was intrigued by the topic. (About a week earlier I went on the campus website and typed in my teachers username and there was a tick box for a password reminder, when I clicked submit it displayed the password reminder "dog1" so I knew the information I needed to discover... her dogs name). When I was in her office there was a picture of a dog on her desk... I guess I could have asked what her dogs name was, but the topic of my paper might tip her off, so I enterjected a story about my daughter and how whenever we got a new dog she would always want to name it after herself (we never did),but actually we named our dogs after Disney Princesses (Bella, Aurora, and Jasmine). So in an attempt to contribute to the conversation she told me the orgin of her dogs name, and all of the pets she has ever had... so to make a long story short her Password is Molly1. I didn't ask her for any information but I used basic psychology to direct the conversation. People become cautious when questioned. It is better to make them think it was their idea to to divulge the information you are looking for.
Pro tip: Hackers use social engineering to reset passwords. For example, when I set up a security question, I have an irrelevent "Key word" like "bananna", and I use it for all of my security questions, it makes it impossible for anyone to social engineer my security questions... like if I am asked, What is your home town? the answer would be "bananna" because with the internet and social media it is pretty easy to stumble accross that info and reset a password. I suggest 3 keywords in the event that there are multiple security questions. ~Happy Hacking