To begin social engineering you must know how to cross-analyze someone. Cross Analyzation is basically determining someone's personality by looking at them. This can be farely easy because people make the way they live so obvious to others. For example, how would you determine someone as being a homeless drunk? Well by their clothes, hygeine, smell, a bottle of alcohol in their hand, etc. Another way cross analyzation can be used is over the phone but this method is not reliable in some cases. But it is a very useful tool when social engineering. Look for things such as their tone of voice, the way they answer the phone, mumbling, stuttering, etc. You can also see how dumb someone is if you tell them that they won a sweepstakes and you want to collect some information about them and they dont hang up on you.
Information Gathering these days is very easy for example if you wanted to find out the phone # your next door neighbor simply log onto the internet and goto portal.cyberarmy.com and you just type in what you know whether it be the phone number, address, or full name. Another method would be by snooping through their mail and trash. The best method (in my opinion) is to run a tap on their line. This way you can use what you heard to make a better cross-analyzation and you might gain some valuable information such as usernames and passwords, (which could doubtfully be obtained by social engineering or you wouldnt be reading this)and maybe you'll even be able to get some dirt on them. Another method would be to get the old binoculars and watch as they enter passwords for e-mail on their computer or as they chat with people. Another method I have used in the passed is hacking their voice mail box or answering machine. Now if you do all of this you will have a shit load of information on them. Now to get to the engineering.
Before calling your victim you might want to get a caller id spoofer or go box someone else's line. Another useful tool is a voice changer. Now if you do use a voice changer make it sound like you are a woman because most men will listen and believe what women tell them more then men. You might also want to see what kind of counter measures they have by snooping around the building or office that is your target. If its just someone's house then you can assume that they have caller id and some have anonymous call rejection. You might also want to route your call through a pbx if you have access to one. That way if you call out of area its billed on them. Another tip would be to call your target up to see what you have to say or do to get the information you want from a person. for example, if you were trying to get an operator to tell you the number you are dialing from you might want to immatate a telco guy and say you are calling from a trunk (which might work). You might also wanna find out about that person's boss so that you could immatate him/her. This is a very good idea if you can immatate their of voice and their slang. And if they give you some shit just give them shit back and say you're gonna fire them!!!
Now its time to put all that effort to work. This should actually be the easiest part if you successfully completed the other stuff. But if not you are gonna have to do some serious bullshitting. You might wanna reherse what you are gonna say as best as you can but you must expect the unexpected. If the target is on a PBX then hack into an account (such as the bosses) and call them from that. Or you could box the bosses house if you know where he/she lives.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.