Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 967
- Points
- 113
In this article I will tell you how social engineering is used in action, as well as other subtleties.
This will be visual information that is used by some sellers. The information provided in this article is presented for educational purposes only.
It is very important to understand that one day you may find yourself on the other side. Therefore, think twice before sending anyone documents or other data that confirms your identity.
What are these documents used for? For identification in specific services, a set of loans, etc. Depending on the focus, a specific set of documents is collected. For example, if a European poker room offers a no deposit bonus of $500 to new customers, then it makes sense to become a “newbie” several times.
Why market condition? Yes, only because some sellers use such methods to obtain a complete set of documents and sell them on boards. A regular set of documents from CIS countries costs 10–20 dollars, depending on the number of pages and photographs. The price for a set from foreign countries can reach 50–80 dollars, if there is an additional photo with a selfie.
In his books, Kevin Mitnick talked about how new employees in a company are a very dangerous link. They want to gain a foothold and very actively agree to offers of help. In our case, people are highly motivated to get a job, so in some case they may be subject to an attack, which we will consider using a specific example.
After the conversation has begun and the person has answered, you need to start the test task. Why not include in this task an action that will be paid to us by the CPA network. For example, registration in a directory or on another website. If you quickly look through popular offers, you can find from 20 to 200 rubles for registration or installation on your phone.
We definitely emphasize in the conversation that you will need to register in catalogs and look at information in applications, so you need to download the application and place an application there as a test task. Be sure to add a professional signature to your email.
After everything is done, you need to congratulate you on the successful completion of the application and ask for a package of documents for verification and preparation of a further contract. We get the result. It is very important that all the details are as similar as possible. It is very important to prepare a vacancy and requirements that will fit the position. This information can be found in requests from other companies on these sites.
This will be visual information that is used by some sellers. The information provided in this article is presented for educational purposes only.
It is very important to understand that one day you may find yourself on the other side. Therefore, think twice before sending anyone documents or other data that confirms your identity.
Market conditions
I wanted to start from this point. Today I will show you how you can get a set of documents that confirm your identity and ask them to perform the action that will be necessary. We will try to break down the whole process and show it in a way that is interesting and useful.What are these documents used for? For identification in specific services, a set of loans, etc. Depending on the focus, a specific set of documents is collected. For example, if a European poker room offers a no deposit bonus of $500 to new customers, then it makes sense to become a “newbie” several times.
Why market condition? Yes, only because some sellers use such methods to obtain a complete set of documents and sell them on boards. A regular set of documents from CIS countries costs 10–20 dollars, depending on the number of pages and photographs. The price for a set from foreign countries can reach 50–80 dollars, if there is an additional photo with a selfie.
How to obtain information to confirm your identity?
Most people look for work from time to time. To do this, they sometimes use popular job search sites. There are quite a few services that have different features and functions. But the main goal is to connect the company with the employee. Thus, companies publish vacancies, and potential employees publish resumes. This scheme has everything needed for a social engineering attack.In his books, Kevin Mitnick talked about how new employees in a company are a very dangerous link. They want to gain a foothold and very actively agree to offers of help. In our case, people are highly motivated to get a job, so in some case they may be subject to an attack, which we will consider using a specific example.
A brief algorithm of possible actions of a social engineer
- Finds several potential targets.
- A social engineer introduces himself as the HR person of a large company based on the person's specialization.
- Convinces potential employees.
- Asks you to take one or two small tests on IQ or the ability to work in a team.
- He evaluates the results positively and suggests doing several tasks in the form of a test.
- Requests you to send a package of documents to prepare a contract. In case of denial or additional questions, it convinces of the need to check the criminal base, the base of tax payers, etc.
- Reports any inconsistencies in the resume and refuses.
Implementation
Let's use one of the popular resume search sites, for example hh.ru or any other site. First, we need to register as a user. After this, most sites will have visible contacts. This is a phone number, email or instant messengers. We will use what is easiest - messengers. We are looking for a suitable person and write him something like this (the content can be adapted to suit your needs and desires):After the conversation has begun and the person has answered, you need to start the test task. Why not include in this task an action that will be paid to us by the CPA network. For example, registration in a directory or on another website. If you quickly look through popular offers, you can find from 20 to 200 rubles for registration or installation on your phone.
We definitely emphasize in the conversation that you will need to register in catalogs and look at information in applications, so you need to download the application and place an application there as a test task. Be sure to add a professional signature to your email.
After everything is done, you need to congratulate you on the successful completion of the application and ask for a package of documents for verification and preparation of a further contract. We get the result. It is very important that all the details are as similar as possible. It is very important to prepare a vacancy and requirements that will fit the position. This information can be found in requests from other companies on these sites.
