Social Engineering Attacks and Techniques
Social Engineering is the act of using persuasive techniques and deceptive tactics to manipulate
people into divulging confidential information.
Takes advantage of ingrained cognitive biases.
Key SE Attacks
Creation of a scenario that would make it easier for a target to reveal information.
Time sensitive & involving authority
Quid Pro Quo
Performing an action that is beneficial to the target in return for favors
Aim is to create a feeling of indebtedness
“Mr. Johnson said he needs those company files immediately before he boards his flight, I don’t even want to think of how mad he’ll get if they’re not sent right away. You gotta help me out!”
Quid Pro Quo Example
“Hey, Brian from Sales here. Sent a pizza down to you guys in Tech Support for making the transition to the new database so easy! Thanks for your help! By the way, could you reset the password to my company account? It seems like I’m locked out.”
Mind Your P’s & Q’s
Very importan that you appear polite and informed about areas your target is interested in
Main goal for any social engineering task is to establish legitimacy in the mind of your target
You’ve got mail!
Social engineering through emails sent to a target has proven to be a successful method for obtaining confidential information
Done by using personal information about the target and appearing trustworthy
Fill in the Blanks
A list of highly effective email templates, designed by the SE team at Div 66 are available to you in the archive [GF95YN]
Get all the information you need from the target through OSINT! (Social media, forums, etc.)
Hi [TARGET NAME],
I’m new at [TARGET COMPANY], my first week has been great and I was really happy to hear from your friend [CO-WORKER NAME] that you’re are a huge fan of [TARGET FAVORITE MUSICIAN]! I love that kind of music too, looking forward to the next album. I wanted to just introduce myself and ask if you were free next Friday? If so, we should go see [TARGET INTERESTED MOVIE/SPORTS GAME]. I think it’d be a great way to get to know each other.
Also, I wanted to know what the pin for the orders access portal is? They left a note on my desk about it, but I must have misplaced it and I’m a bit embarrassed to ask for another one.