Worst Scammers Ever (Social Engineering)

It was about time for a less technical, and more fun post, so I decided to do a brief write-up on a humorous social engineering attempt/con job gone wrong.

Dave Holmes, a writer for Esquire recently trolled/socially engineered/performed counterintel against a group of the worst scammers that I have seen.

The full article can be found here now. That said, I will post the actual tweets from his timeline as well as a bit more about how it fits into security.

(YouTube link)

So, other than getting to read a hilarious story, we also get to look at it through some social engineering goggles (albeit briefly)

3 Basic Rules of Social Engineering

  1. Don't get caught
  2. Stick to the con
  3. K.I.S.S. (keep it simple, stupid)

The part where they lost the mark (other than the beginning) was their elaborate, and unnecessary, plan to get the money.

Other than that, Dave did a great job of gathering information, distracting the target, and obtaining some counter intelligence himself.

While a funny story in its own regard, still a fun lesson in social engineering too!

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Principal Penetration Testing Consultant for Secureworks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.