3.1 Volunteer Profile Option 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

1 hour 31 minutes
Video Transcription
Hello and welcome back to this next section on how to do a live identity hack. In this episode, we'll be discussing how to profile your volunteer. One of the areas that you need to look for is choosing the right volunteer. I've had several environments where, unfortunately, I chose the wrong volunteer,
and I'll be explaining some tips and tricks on how you can stay safe yourself
and choosing the right volunteer by utilizing social engineering techniques.
This is really important because you want this presentation to go without a hitch.
One of the first questions that I get asked us, Do I need a volunteer
or you need a volunteer? Because the whole premise of the presentation is you're doing a live identity hack on an individual, so choosing a volunteer is critical for the presentation itself to succeed.
Why do you need to choose a volunteer? Well, like any good presentation, you want to be able to control the outcome. So by being out to determine who the volunteer is, you're not leaving things to chance.
Tops of volunteers that is suitable are ones that are very social.
And what I mean by social is anyone that is active on social media platforms. These social media platforms include things like Facebook, Twitter, instagram, Google plus ET cetera.
The more active they are, the more successful that you're going to be in doing this presentation.
What happens if you can't get a volunteer?
Well, there's a couple of stars that you can go through one. If you have some pre canned information, you might just work off that.
I've done that before. And it's not as successful as a true life. Identity had presentation. Alternatively, what you can do is just choose random names
when you choose random names, as I'm about to do in this demonstration, you're not going in and doing the identity hack on any one individual, and that there is really critical.
The reason being is is if you focus on just one person where you're trying to get their address, their data birth, I enough information to know identity theft.
If that person finds out that you've done that and that you've done it publicly, you could be in a world of hurt. They could potentially sue you so by just grabbing snippets of information from different people, and it could be in different countries it convey in different states, et cetera.
You're just providing a taste off the information
that is readily available.
What also recommend that you do is that you have a back up off. This is well, so, for example, if you can't get a volunteer, what you may want to do is you might want tohave are some common names that you've already checked out that you know are going to work.
The last thing you want to do is choose a random person,
and it doesn't come up with any information because again, then the demonstration doesn't look very good.
So how do you go about staging for success?
Well, I work off one of three principles when it comes to choosing my volunteer.
Let's go through these options now.
The first option is to ask for a volunteer a couple weeks before the event What our deal is. Our contact the organizer's off the conference or the speaking engagement on Ask for them. Thio, identify volunteer. I'll set some criteria for the volunteer,
the main one being that we need somebody that is very active in their social media profiles. I somebody that is utilizing or engaging in Facebook, Twitter, instagram, Pinterest, etcetera on a very regular basis. So what are the pros of this? Well, this allows you to profile the volunteer to ensure success.
You can have a look at that profile. Why in advance
and even build the presentation before you go and present it by having an offline demonstration. It enables you to ensure that everything goes smoothly. There was one time I did a presentation. I had chosen a random audience member,
and as we started going through the Facebook profile,
the guy went want.
As I looked up at the Facebook screen, it showed him with a photograph of him in a yellow dressing gown and bright yellow chicken slippers. He was really, really embarrassed by it, and he forgot that he posted this Facebook picture on his profile.
So you want to ensure that the volunteer that you work with them on the presentation itself?
What I always do with the volunteer is I will go through the presentation with them beforehand to ensure that than Stan exactly what information I'm showing them and that they approve that information being shown publicly.
A good example, that is, I worked with another volunteer and I was going through the presentation with
and she was quite happy to form A to show some basic information about her Children. But she didn't want me to show some posts on Facebook where those kids played football or soccer or where they did ballet.
And so I was able to remove that particular slide from the presentation itself.
It also allows you to check the information with your volunteer to make sure that it is correct. How do I go about doing this? Well, I'll ask for the volunteer
and sometimes they'll ask May. Well, why why you actually wanting to get a volunteer beforehand and that's when I'll talk to them and I'll say, OK, look, the reason why I want to volunteer is because I want to make sure that one, the presentation goes smoothly and two,
that the bones here is comfortable with the information that I'm presenting because
we are dealing with sensitive information here and that's really important. I use the same lines.
When I talk, Thio volunteer themselves. I want to reinsure them that the information that I'm providing to the audience, which can be a bunch of complete strangers that they're comfortable with it.
One of the downsides of doing a presentation like this is that some people within the audience may realize that it is a staged presentation.
Up Next