Pretexting
As you can see, pretexting is basically lying to the target in order to obtain privileged information. The pretext is the hacker’s motive. In the first video the target clearly gives the other person too much information. Enough that they are able to use different methods to further gain access to their information. In a later video on impersonation, you will see the information the "bad guy" got from this call can be used to obtain access to the target's network.
Why it Works
Pretexting, like most social engineering techniques, works because humans tend to trust others and want to be helpful. The person who answered the phone also believed that the information he gave was harmless. In fact, the IT consultant likely even asked for the referrals. In his ignorance, he believed he was helping two people.
What Should He Have Done
We aren't claiming you shouldn't give referrals, but lets look at how he could have still been helpful, if the caller was legitimate, yet still refrain from giving out any information.
If Dave was a legitimate caller, giving out his own contact information would not be a problem, and A+ Consulting still gets the referral. Since he is a Social Engineer, he won't do that, and will instead try a different, easier target.
No comments:
Post a Comment