It was about time for a less technical, and more fun post, so I decided to do a brief write-up on a humorous social engineering attempt/con job gone wrong.
Dave Holmes, a writer for Esquire recently trolled/socially engineered/performed counterintel against a group of the worst scammers that I have seen.
The full article can be found here now. That said, I will post the actual tweets from his timeline as well as a bit more about how it fits into security.
So, other than getting to read a hilarious story, we also get to look at it through some social engineering goggles (albeit briefly)
3 Basic Rules of Social Engineering
- Don't get caught
- Stick to the con
- K.I.S.S. (keep it simple, stupid)
The part where they lost the mark (other than the beginning) was their elaborate, and unnecessary, plan to get the money.
Other than that, Dave did a great job of gathering information, distracting the target, and obtaining some counter intelligence himself.
While a funny story in its own regard, still a fun lesson in social engineering too!
He currently serves as a Principal Penetration Testing Consultant for Secureworks. His previous position was a Senior Penetration Tester for a major financial institution.
When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.