My task was: “Get someone to let you take a picture of them with their own cellphone”
Did I accomplish it? Yes
I did not include the evidence because I'm featured in the picture and it was hard to cover my identity.
I did not include the evidence because I'm featured in the picture and it was hard to cover my identity.
How did I do it?
My roommate had asked me if I would let her take a picture of me for her photography picture and I agreed but told her I had to take a picture of her with her own cellphone for a social experiment and since I was going to help her with her homework she let me take the picture.
Application: This could be useful for someone to need to know how an specific person looks like to be able to impersonate them and show up to their job pretending to be her, given the fact that not everyone knows her there. Or simple to be able to get a person that shows you guys "know each other" and then use that picture to cover their identity or get introduced to a particular person/group of people to then get information from them during "casual conversation", or even post it in social media and make a comment that would get that person in trouble.
Ethical reflection: By doing this assignment O realized how unsafe this can be and how people have the power to get others to do want they want as easy as saying 123. This type of social engineering attack can cost someone their job and open a window foe the attacker to carry on with a much larger plan. Good implementation of this, in a positive way would be to identify someone that is a suspect related to a social engineering attack to a particular company. A negative application of this could be as I previously said, in example; someone trying to pretend to know you and use this picture taken to get introduced to someone else, possibly the actual target to get the information the attacker is looking for.
No comments:
Post a Comment