You are viewing a single comment's thread from:

RE: how to social engineer

in #security8 years ago

I think I had SE's call me a couple times when I worked at a call center doing tech support. The particular guys doing it screwed up though because their spoof accounts were pop culture references, so I yessed them along and escalated the calls so my leads were the ones on the hook. Not sure what came of those. God I hated that job.

There was also someone internally at another job of mine who SE'd password changes on work emails regularly. The security protocols were so lax that you just had to have minimal relevant information and be the same sex as the person whose account you were hacking. I figured this out because my email password kept not working repeatedly and I realized when I called to have it reset how easy it would be to just pretend to be me and do the same. I notified network security but they didn't take heed. They were super worried about someone stealing trade secrets with USB dongles though lol. They probably saw that in a movie or something. Funny part is that I don't really have much technical knowledge but I figured out their security holes before they did. For all I know you can still call and reset email passwords without any challenge at that company.