Ready to Start Your Career?
October 13, 2016
Practical Social Engineering Tactics
October 13, 2016
Attackers know that hacking a WiFi key is just a temporary thing. Maybe they think, why not hack the entire connection instead? Well, here are some basic "tried and true" social engineering tactics that actually work, and you should be aware of. Don't get taken advantage of by these simple actions.1. The Cold Call: On hacking something, port scanning is done first to understand the target and system flow (services etc..). Short duration calls to your ISP can be made asking to change or reset your password.A simple conversation might go like this:"Hey, this is J**N here. How can I help you?""Hello, I just want to change my PPPoE password. I recently did a reset on my router, and I forgot the password. How can I change that?""Username please?""My username is ******""Is this your number? 7*******28??""Yes, this is mine.""and blah blah blah is your address??""Yes Yes...""You have to msg PASS followed by your username, and your reset password will be sent to your phone. You will soon find this format in your message box.""Fine, Thanks""Something else sir?""No""Have a good day."Conclusions:
- Only a username was requested. This can be easily acquired.
- If access to the phone connected to the account could be gained, an SMS to reset the password could easily be infiltrated.
- Just answering "yes" was insecure on the company's side.
- The phone was the vulnerability here.
- They verified with the information which was publicly available.
- What was needed to change the number?
- Old Phone number