What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Everything You Wanted to Know about Social Engineering -- But Were Afraid to Ask...


Simple Social Engineering Tricks

The moral of this story? I should get a clue! To be specific, beware of people trying to get your credit card number over the phone. Of course that means you can't buy stuff from phone solicitors. However, phone solicitors are a pestilence on society and should never get a sale anyhow. Besides, many phone solicitors who have nothing to do with hacking are also involved in scams.

Password Scams

Next to credit card scamming, perhaps the most common social engineering tactic is to trick people into giving out their passwords. Following is an example of a script that some people have used on AOL Instant Messenger chats:

Hello from America Online! I'm sorry to inform you that there has been an error in the I/O section of your account database, and this server's password information has been temporarily destroyed. We need you, the AOL user, to hit reply and type in your password. Thank you for your help.

Or it might come as a phone call:

Hello, I'm a tech support person with your Internet Service Provider. We have a problem with your account and need your password in order to fix it.

If you are reading this book, you probably are knowledgeable enough to see through these simple scams. However, even experienced people can fall for a phone call that goes something like,

Hello, I'm from Cisco. Your coworker, Joe Schmoe, asked me to help him troubleshoot your border router. It seems something got glitched in the flash ROM and I need to tftp in some software. But he's out of the office right now and… could you give me the password? If I can't fix it right now, I have to leave in half an hour for an on-site job, and I'd hate for Joe to get into trouble with his boss if we don't get it fixed right away."

Yes, a social engineer may seem amazingly familiar with how your network is laid out and who your coworkers are and whether their phone just got picked up by an answering machine. A talented social engineer will do his or her homework - in depth.

More on social engineering --->

Back to the index of "Everything You Wanted to Know About Social Engineering -- But Were Afraid to Ask --->


Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

 © 2013 Happy Hacker All rights reserved.