Great example of a social engineering pen test

wes allenwes allen Member Posts: 540 ■■■■■□□□□□
in Off-Topic
"Every time we include social engineering in our penetration tests we have a hundred percent success rate," he said. "Every time we do social engineering, we get into the systems."

Fake social media ID duped security-aware IT guys | ITworld
· Share on FacebookShare on Twitter

Comments

  • SteveFTSteveFT Users Awaiting Email Confirmation Posts: 149
    Pretty amazing stuff. I am completely new to the IT field as a whole. That being said, I usually follow a few rules:

    - Never accept social media requests from people you don't know.
    - Never click links that are sent via email, social media, or just in general.
    - If a woman is pretty, intelligent, and wants to talk to you, be suspicious.

    I find it hilarious and scary that this actually worked. The power of women I guess?

    As another somewhat related example of this, I swear that law enforcement in my area makes fake social media accounts. They get every naive male to accept them by using a picture of an attractive female. Meanwhile, they instantly gain access to thousands of pictures of incriminating behavior.

    Very interesting post.
    · Share on FacebookShare on Twitter
  • DissonantDataDissonantData Member Posts: 158
    SteveFT wrote: »
    - Never click links that are sent via email, social media, or just in general.

    What if the link is for confirmation of something like an account on a site? Other than that, spot on. By the way, if they can't get to your social media account using your information, they can get to it through your friends information.
    · Share on FacebookShare on Twitter
  • j23evanj23evan Member Posts: 135 ■■■■□□□□□□
    SteveFT wrote: »
    - If a woman is pretty, intelligent, and wants to talk to you, be suspicious.

    Ah the internet. Where Men are Men, Women are Men, and Children are FBI Agents.
    https://vWrong.com - Microsoft Certified Trainer 2013-2018 - VMware vExpert 2014-2018 - Cisco Champion 2018 - http://linkedin.com/in/j23evan/
    · Share on FacebookShare on Twitter
  • SteveFTSteveFT Users Awaiting Email Confirmation Posts: 149
    DissonantData wrote: »
    What if the link is for confirmation of something like an account on a site? Other than that, spot on. By the way, if they can't get to your social media account using your information, they can get to it through your friends information.

    Yes, I agree there are some links that we click and they are legitimate. Especially if I just ordered something or requested a password change. I'm talking more about the "Click here to win money!", "Click here for an awesome e-card that definitely isn't a virus", or any link that looks suspicious. I used to get PayPal phishing emails all the time. Something like <a href="http://goingtostealyourpassword.com/xatastas15151/">http://www.paypal.com/verifypassword</a>. The sad thing is I'm sure many non-tech savvy people have fallen for this.
    j23evan wrote:
    Ah the internet. Where Men are Men, Women are Men, and Children are FBI Agents.

    Awesome.
    · Share on FacebookShare on Twitter
  • olaHaloolaHalo Member Posts: 748 ■■■■□□□□□□
    Interesting read thank you.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.