Successful Ways of Social Engineering?

[trickytap]

I have long ago accepted the fact that I will never be so computer literate as to hack in any smart, mechanical way and find social engineering a much more viable road to take, but as usual there is little to no information that helps very much. Do you guys have any experiences, thoughts, warnings, that would help point me in the right direction?

[Ezekiel]

Quote:

Originally Posted by trickytap

I have long ago accepted the fact that I will never be so computer literate as to hack in any smart, mechanical way

Why is that? You seem more intelligent than many people I've seen learning about hacking, security and programming. Nobody becomes a security expert in days, weeks or even months.

Quote:

and find social engineering a much more viable road to take, but as usual there is little to no information that helps very much. Do you guys have any experiences, thoughts, warnings, that would help point me in the right direction?

It's mostly down to creativity, but a bit of technical know-how is never a bad thing either.

For example, if a malicious person wanted to steal Yahoo accounts via phishing, he would write a convincing email as one of the Yahoo staff, asking the user to login to a fake page or send their details to him, etc. However, this scam would only be complete if he could successfully send an email from the Yahoo staff -- this would involve email spoofing (which requires technical knowledge of SMTP). Both creativity and technical skills.

Saying that, most of the scams in circulation today are copied from somewhere, and technical tricks are documented everywhere in step-by-step instructions. This leaves social engineering to two paths -- follow a script and use somebody else's methods, or invent your own and be original.

Just try to think as the person you are targeting -- who do they trust? It's through impersonation of trusted people that social engineering works. Either that or the promise of great things, in which case people's greed takes over and they forget their usual skepticism.

Following on from that, social engineering works best when the user is offered something desirable (most often for free), or when the user is told of a deadline and consequences that they will face if they do not perform a certain action by the deadline (e.g., their e-mail account will be shut down if they don't re-activate within two days).

[__Dave__]

totally agree with mike it takes along time to learn the things you want to learn tricky my friend of mine is pretty good and he's still young, started taking classes in school about keyloggers he knows what they do and how they work so ya i totally agree with mike

[trickytap]

What specific areas of programming do I need to look into in order to phish, apart from SMTP, in order to make fake log in pages? I can't find any of those technical tricks with step by step instructions, but maybe I don't know which key words to search under.

[__Dave__]

Quote:

Originally Posted by trickytap

What specific areas of programming do I need to look into in order to phish, apart from SMTP, in order to make fake log in pages? I can't find any of those technical tricks with step by step instructions, but maybe I don't know which key words to search under.

you can find these on antiyahoo sites they always got shit on them matter of fact i know where you can get php script's to try it for yourself and what you need is already in the file once you download it. you can find these at www.yah-stalkaz.com hope this helps

[trickytap]

alright, i seem to have found everything i would need to make a fake log in, complete with files and instructions, so i will try it over the weekend (hi, bye, social life) and see what happens.

[Ezekiel]

Quote:

Originally Posted by trickytap

What specific areas of programming do I need to look into in order to phish, apart from SMTP, in order to make fake log in pages? I can't find any of those technical tricks with step by step instructions, but maybe I don't know which key words to search under.

• Browser scripting such as (X)HTML, Javascript and CSS, and server scripting such as PHP or Perl.
  
• Website administration and management.
  
• The DNS.
  
• Use of FTP clients.

Learn about websites from those that set the standards:

www.w3schools.com

[sweet-virus]

Quote:

Originally Posted by __Dave__

you can find these on antiyahoo sites they always got shit on them matter of fact i know where you can get php script's to try it for yourself and what you need is already in the file once you download it. you can find these at www.yah-stalkaz.com hope this helps

as u mentioned the site above i visited..... but unfortunately its no longer ther
the site owner dont have money to keep the site up an running ..do u know ne otha ? plz

[trickytap]

damn that sucks, thats where i got my fake log in from and it works great... if you want i can help, send me an aim message, i posted the handle in the other post about fake logins... i wish now i could do a fake login for facebook!

[Troll]

From the previous post it seems you want to phishing email passwords? (not bank account details, etc..)

There are lots of other ways to social engineer than using fake login pages.. I personally wouldn't use them as more and more people are aware of clicking on links in emails (whether spoofed or not)..

It's far more (technically) easier just to find out enough amount of information to answer thier secret question/zip code etc when you click the forgotten password link..

Create a fake myspace profile which includes a picture of an attractive female.. getting chatting to people and phish all the information you need from them..

Good luck

[trickytap]

Oh no I'm just nosy, not a criminal lol. It's people I know, so I'm doing a combination of tricking them into trusting me and asking seemingly random questions that would answer their forgotten password security, or just telling them it's my new pictures and they have to log in to see them. I'm not looking to just get a bunch of random information from random people (i.e. links sent in emails).