Social Engineer.org sent out a plea to help us analyze and decipher this large report. What we came up with was a two part blog post that will analyze this story from some unique perspectives.
The Social-Engineer Blog
The Social-Engineer Blog is an informational post designed to keep our readers up-to-date with current SE news involving science, research, and studies. It also reports on SE attacks with tips on staying safe, as well as funny stories that are related to SE.
Even armed with this knowledge there are some things we must be aware of to avoid falling prey to a scam that can lead to identity theft. It is not private knowledge that 100 million surveys are being sent this week. You know it, I know it and all malicious scammers and social engineers know it too. Be aware of these attacks
Yet we get a lot of requests for tutorials and/or training on how to effectively use the tool.
The Social-Engineer Toolkit (SET) has progressed over the months thanks to the suggestions and collaboration with the security community. With this version, I am proud to announce the immediate release of the Social-Engineer Toolkit v0.5
The main objective was to compromise someone’s existing password which would provide ongoing opportunities to access all sorts of company systems in a stealth mode.
This exercise demonstrates what can be accomplished by an attacker, potentially an insider threat, in a very short period of time through non-technical means, mainly a telephone.
While searching for the new Apple “magical” device don’t get caught falling for the magic tricks of malicious social engineers.
Tested : successfully tested on Adobe Reader 9.1/9.2/9.3 OS Windows XP(SP2,SP3 any languages), also works with Adobe browser plugin
Heck, most intelligent IT Admins won’t click on the link to “See Britney Naked” or “Adjust your Bank of America Account” because they know it is phishing.
But comes in the “new and improved shiny phishing”. These social engineers have done their homework.