Volume 02 Issue 15
In this issue
A huge thank you to all of our supporters. Elwood tweeted about the upcoming book, Social Engineering: The Art of Human Hacking. Its not even released yet (Jan 2011) and it hit #10 in Best Sellers list in the Hacking Category. WOW. Thanks.
We have a few public speeches planned on NLH, Social Engineering or Information Gathering are the hot topics. One coming up in Feb In NYC at SourceCon.
Thanks for the votes in last months poll. We will be posting the results really soon. I think you will be surprised.
Finally, Spy Associates continues to send us cool devices to test. Please visit their page to check out some of the coolest devices around.
Check out the awesome music of Dual Core - IT geek, Rapper and all around awesome guy...
Want to say thank you to our sponsors this month
Spy Associates for continually giving us some awesome products to test out.
The EFF for supporting freedom of Speech
Continuum WorldWide for their support and sponsorship
Offensive Security for their continual Support. Are you looking for world class security training? Offensive Security has live classes scheudled now. Sign up before they fill up!
Editor: John 'J' Trinckes, Jr
We just completed an amazing Offensive Security PWB Class in Columbia MD. Another one is already in the works. If you are interested in coming or getting more information contact me at:
10 Holiday Scams To Watch Out For
Cybercrime, scams and malicious social engineering is always a threat, but when a large company did a survey on how shoppers shop during the holiday, 70% stated they would spend considerable time on the Internet researching purchases before the holidays. With the increase time and purchases on the Internet, there will inherently be an increase in the scams and crimes committed online.
I thought it would be a good idea to talk about the ten holiday scams you will want to watch out for during this holiday season and how you can protect against them.
3. Recession Scams: With many people suffering from the poor economy and now being put under pressure to still buy gifts for the holidays, there are many scams that offer low interest or interest free loans. Others target people through email to offer prequalified credit cards or other methods of obtaining money to spend during the holidays. The problem is, there is no money; only loss. Many of these offers should be researched heavily to ensure that they are not scams, but real offers.
4. To-Good-To-Be-True Scam: While many feel the pressure to
provide good gifts, scammers will use auction sites as well as fake websites
to make offers that are way too good to be true. The victims pay and receive
nothing in return. Of course, a shopper should not fall for the "price
is too good to be true scams" and only buy from reputable websites and
auction houses as well as purchasing from high ranking sellers on those
5. A time for giving: Holidays are times when people are in a very giving spirit. From guys ringing the bells as you enter Walmart to phone calls, many people are interested in helping those in need. This is an avenue that many scammers will use. Fake websites, spam email and solicitation phone calls are all used to get information from victims that can be talked into giving out personal information and even worse, financial information. Be sure that the charity you are about to donate to is legitimate and the person you are speaking to is the real deal. For example, if you get a call from a local children's fund, you can tell them you are not able to talk right now. Then you can get the number to their local office, call them and make your donation that way. This will ensure you are donating to the right cause.
6. "I've been robbed" scams.: This is a more
malicious and evil scam that has been on the rise lately. Scammers do a
little bit of research and find out the name of an elderly couple’s son or
daughter then grab an email with that name, i.e. ChrisHadnagy1234@yahoo.com.,
Then they send their "parents" an email stating they have been a
victim of a robbery and need to be bailed out. The unsuspecting parents wire
some money and are victims of this terrible scam. I know we are a very
digital society, but I guess to me, it is amazing this one is on the rise.
Pick up the phone!! Confirm your kid is in trouble before you go sending your
7. Dangerous Wifi Scams: Many people take time off of work
and travel a lot for the holidays. While traveling, you may want to
connect to the Internet to check email, send a message, etc. Many scammers
will increase the proliferation of fake and malicious Wifi spots. Using free
tools like Metasploit and Karma, attackers can give you a working Internet
connection and when you connect, it will harvest your information,
credentials and maybe even your financial information.
8. Dangerous Downloads: Closely linked with many of the others is the increase in holiday screensavers or cute little animations that are anything but fun and cute. Instead. they are viruses, trojans or other malicious pieces of software. Of course, the protection for this one is easy... don't download and execute programs from any untrusted source.
10. The infamous free iPad: It is no doubt the iPad has taken the world by storm and who wouldn't want a free iPad? Well that is just what many banners and sites are offering. This particular scam became so prevalent thatFacebook banned free iPad offers. There is no such thing as a "free iPad". Even legitimate offers require the person to complete some other offers to get their "gift".
Thieves and scammers want to go where there is a larger chance
for success. The holidays afford them many opportunities to succeed. With a
little bit of forethought and some planning, you can remain safe during this
time of the year as well as all year long. As a side note, you can do a few
other things to remain safe.
Written by Christopher Hadnagy
What is the role you play in your family?
What is the role you see yourself playing in your family? This is a question that is often times asked by family counselors and with good reason. The way people act and the way people respond to you is often times based off of the perceived role you play.
This “role” we are talking about is defined by Wikipedia as “A set of connected behaviors, rights and obligations as conceptualized by actors in a social situation. It is an expected or free or continuously changing behavior and may have a given individual social status or social position. It is vital to both functionalist and interactions understandings of society.” I started thinking about this the other day when I heard a clip from an old interview with Marlon Brando.
If you go about six minutes into that clip, Brando says:
I thought that articulated, very succinctly, the situation that
we deal with as social engineers constantly. Putting yourself into a new
role, one that is unfamiliar to you, and wearing it as a second skin is an
action that most people have never done. It becomes very uncomfortable for
many people to do this, as we often don’t like to tell others what to think
You can see this with children many times, when adults, parents or teachers, primarily, place kids into “buckets”. The class clown, the troublemaker, the smart kid, the loser, the suck-up, and so on. Once the adult starts to look at the child in this manner, it affects the way they treat them. And in the end, affects the child’s behavior as they start to fill out the role that has been chosen for them.
Picking the right role in a social engineering engagement is typically straightforward. You examine the situation, find the right pretext, and identify the role that is going to best support that pretext. Wearing that role; however, is a different matter all together. Convincingly placing yourself into that role and having others believe that it is authentic can feel overwhelming. You may be thinking, “This is not me, they are going to see right through me, there is no way this is going to work”.
How to change your roles
When you meet a stranger, you tell them who you are. They are waiting for it; they are asking for it; the only way they won’t believe it, is if you don’t sell it right.
When you are placing yourself into a role, consider the external
items first, like:
Before anything else, work on this aspect of the role, as this will make everything else feel more natural to you.
From there, start working your way inward:
Get this figured out and in your head, and then start to wear it. Combine it with the external measures and see how well they merge.
Wearing Your New Role
Construct a role, consisting of both the external and internal aspects. One I suggest is a buyer for a large retail establishment. Then, try three different combinations.
First, take both the external and internal aspects of the role
and go to the store. Start looking around and after a while, strike up a
conversation with an employee. Explain to them that you are a buyer for
whatever product you are looking for, but you are from out of town. You are
looking to gain information about this product in this market, as you are not
familiar with the region at all. Try to get information from them about items
such as sell through, prices, return rates, and so on. Never claim to be an
employee of the business you are in. See how the situation plays out.
Then after that, try it again at a different store except with only the internal aspects of the role. See how much of a change in the type of interaction there is when you are missing that aspect of it. Then try at yet another business with only the external aspects of the role and see how that plays out.
Finally, after that is over, one last time, put on the role with
both the internal and external aspects active. This should reinforce to you
the importance of having both the internal and external aspects of a role in
sync with each other.
Try this sort of experiment as much as you like. As often as you need to gain comfort in operating in a role different than what you are used too.
Anytime you go to interact with someone that you have never had contact with before is an opportunity to try this out. But just remember, never put yourself in a situation where you could potentially get in trouble or cause other negative ramifications later on.
Take confidence in Brando’s words. This is something we all do
everyday anyways, all you have to do is put it to work for you. This is an
important and often used skill for social engineers, and taking the time to
get it right is time well spent. Just “knowing” what to do is not the same as
experiencing success and failure in real world situations, so this sort of
practical in the field experience is important to go through.
Written by James O'Gorman