Execution: My
task that I chose for the last social engineering task was to make a phone call
to someone not from Boston, tell them a fake story, and tell them to give me an
email address.
Yes, I accomplished it.
Method: First, I
went online and searched for the Area Code Map, I chose some targets from New
York, Texas, and Washington state. I made several calls to few numbers, and
tell them the same story. Someone just picked up the phone for few seconds, and
then they hanged up. I know that my English is not very good to convince them
to believe what I was saying, then I tried to write a short story down, and
practiced it many times. The fake story was about I was working for an agency,
where you could get the discount for the travel trip to some places such as New
York, or Washington DC in this season, and the time is limited; and I asked
them to give me and email address so that I could send them more information
about it. Finally, I succeed convince a lady in Washington state to give me her
email address after 4 minutes on the phone.
Application:
Someone could use the same method that I did to convince their victims to give
them some information, even more than just an email address. They could apply
this method to many people, and gain much more information about their victims.
Ethical reflection: I
think using this method to gain someone information is wrong. In the real-world
situation, this is called phishing. People believe to what the attacker says,
and they would give some important information for the attacker.
No comments:
Post a Comment