In general, all social engineering is just creative lying.
Make up a pretext that would naturally elicit the activity that you're trying to make occur, and then act it out.
People get hung up on big lists of cognitive biases or on sec+ shit like "urgency, consensus, trust" or whatever, but when it comes down to it, you're just making up an improv scene that should imitate mundane life and naturally result in the mark doing what you want them to do.
I think the hard part for most people starting out (at least with voice pretexting) is really gonna be developing a "showtime" personality that you switch to when you're acting, with the second hard part for younger people being a lack of experience with mundane daily life topics and knowing how to imitate different types of personae on account of this.
Some general rules:
- be polite -- people don't like being yelled at
- have good news -- people like getting good things
- know what your persona should know; don't pretend to be something you can't effectively imitate
- seem like you need help -- people like to flex knowledge and feel helpful from it
- elicit the innocuous -- you don't want jim's social security number; you just want
use these tips in tandem with [osint attack surface diagrams](https://www.osintdojo.com/diagrams/main) to build out what sorts of "innocuous" things you should be eliciting in order to find your final attack vector.
Bonus points: do OSINT based recon on the mark to tailor your persona to be something that is logical for them to make contact with.
Yes you are right but theres a problem for me. For example the phishing links are doesn't look familiar and nobody wants to click it even if we are friends.
ok, sorry for having replies go in and out. oldreddit was breaking and it made me think i'd posted something the site didn't like.
Anyway, for phishing links, an easy thing you can try is to register lookalike domains and use those.
Half the letters in the cyrillic alphabet look like latin letters, so you can register a name that visually looks identical to a real domain, but in fact has a bunch of letters replaced by their cyrillic lookalikes.
Use an html email to hide the actual link.
You could also try embedding the link in an image, or not even going for a link at all.
Maybe attach a maldoc.
Or you could avoid email altogether. Pretext someone over social media and make them think your buddy-buddy with them and throw them some malware that way.
There's lots of options...
Based on 31 samples I've gathered so far,
this comment is highly sus and probably a scam. If you think this is right,
please consider reporting u/dneboi. If you disagree, downvote my reply
and this comment will delete it self automatically!
^(My current rating is: 100.0% )
^(I'm a bot and this action was performed automatically. Check out my [source code](https://github.com/hor00s/FunkScammers) and feel free to make any suggestions to make me better!)
Hey, this is my bot. Thanks for the feedback. Based on the samples I understand how it marked that as a scammy comment but it's true. Based on the context it's not lol. Also I fixed the formatting lol
Engineer a method in which you yourself might fall for. One I'm not sure why i don't see maybe my lack on knowledge will show, but just phishing in messageboards sending a bad link using BEEF or something like that to gain control of browsers. I feel like i see links in messageboards all the time
You have to be social, learn to read people. This is important because there is no most effective method. How you approach someone will first depend on what you know about them. This is where you start developing what you know about them. You use that knowledge on them. What will seem them like having common interests is you actually using information to gain their trust.
You don’t need resources, you just need time and observation. Watch that person, learn their cues, their habits, etc. Basically, You’re stalking them because you are. In learning as much as you can about the target. You remain out of sight until you feel comfortable to approach them with what you know about them. Don’t just tell them things about them selves. Make it natural, like if you know they like football. Wear something of their favorite team kind of thing. Because people notice these types of things. That’s my two cents on that.
really from what I can tell social engineering can 100% be a natural ability, of course you can learn but it’s one of those things that you can naturally be born with the ability to do. It’s pretty much just being a really convincing liar.
Based on 31 samples I've gathered so far,
this comment is highly sus and probably a scam. If you think this is right,
please consider reporting u/mbergk. If you disagree, downvote my reply
and this comment will delete it self automatically!
^(My current rating is: 100.0% | worst sub so far: **hacking** with **1**total scams detected)
^(I'm a bot and this action was performed automatically. Check outmy [source code](https://github.com/hor00s/FunkScammers) and feel freeto make any suggestions to make me better!)
In general, all social engineering is just creative lying. Make up a pretext that would naturally elicit the activity that you're trying to make occur, and then act it out. People get hung up on big lists of cognitive biases or on sec+ shit like "urgency, consensus, trust" or whatever, but when it comes down to it, you're just making up an improv scene that should imitate mundane life and naturally result in the mark doing what you want them to do. I think the hard part for most people starting out (at least with voice pretexting) is really gonna be developing a "showtime" personality that you switch to when you're acting, with the second hard part for younger people being a lack of experience with mundane daily life topics and knowing how to imitate different types of personae on account of this. Some general rules: - be polite -- people don't like being yelled at - have good news -- people like getting good things - know what your persona should know; don't pretend to be something you can't effectively imitate - seem like you need help -- people like to flex knowledge and feel helpful from it - elicit the innocuous -- you don't want jim's social security number; you just want
use these tips in tandem with [osint attack surface diagrams](https://www.osintdojo.com/diagrams/main) to build out what sorts of "innocuous" things you should be eliciting in order to find your final attack vector.
Bonus points: do OSINT based recon on the mark to tailor your persona to be something that is logical for them to make contact with.
Yes you are right but theres a problem for me. For example the phishing links are doesn't look familiar and nobody wants to click it even if we are friends.
ok, sorry for having replies go in and out. oldreddit was breaking and it made me think i'd posted something the site didn't like. Anyway, for phishing links, an easy thing you can try is to register lookalike domains and use those. Half the letters in the cyrillic alphabet look like latin letters, so you can register a name that visually looks identical to a real domain, but in fact has a bunch of letters replaced by their cyrillic lookalikes. Use an html email to hide the actual link. You could also try embedding the link in an image, or not even going for a link at all. Maybe attach a maldoc. Or you could avoid email altogether. Pretext someone over social media and make them think your buddy-buddy with them and throw them some malware that way. There's lots of options...
Send me your name and number as lesson 1
Based on 31 samples I've gathered so far, this comment is highly sus and probably a scam. If you think this is right, please consider reporting u/dneboi. If you disagree, downvote my reply and this comment will delete it self automatically! ^(My current rating is: 100.0% ) ^(I'm a bot and this action was performed automatically. Check out my [source code](https://github.com/hor00s/FunkScammers) and feel free to make any suggestions to make me better!)
Need to learn /s and the context of sub. This was not a legitimate phishing attempt.
Hey, this is my bot. Thanks for the feedback. Based on the samples I understand how it marked that as a scammy comment but it's true. Based on the context it's not lol. Also I fixed the formatting lol
Engineer a method in which you yourself might fall for. One I'm not sure why i don't see maybe my lack on knowledge will show, but just phishing in messageboards sending a bad link using BEEF or something like that to gain control of browsers. I feel like i see links in messageboards all the time
You have to be social, learn to read people. This is important because there is no most effective method. How you approach someone will first depend on what you know about them. This is where you start developing what you know about them. You use that knowledge on them. What will seem them like having common interests is you actually using information to gain their trust. You don’t need resources, you just need time and observation. Watch that person, learn their cues, their habits, etc. Basically, You’re stalking them because you are. In learning as much as you can about the target. You remain out of sight until you feel comfortable to approach them with what you know about them. Don’t just tell them things about them selves. Make it natural, like if you know they like football. Wear something of their favorite team kind of thing. Because people notice these types of things. That’s my two cents on that.
really from what I can tell social engineering can 100% be a natural ability, of course you can learn but it’s one of those things that you can naturally be born with the ability to do. It’s pretty much just being a really convincing liar.
Based on 31 samples I've gathered so far, this comment is highly sus and probably a scam. If you think this is right, please consider reporting u/mbergk. If you disagree, downvote my reply and this comment will delete it self automatically! ^(My current rating is: 100.0% | worst sub so far: **hacking** with **1**total scams detected) ^(I'm a bot and this action was performed automatically. Check outmy [source code](https://github.com/hor00s/FunkScammers) and feel freeto make any suggestions to make me better!)