It was about time for a less technical, and more fun post, so I decided to do a brief write-up on a humorous social engineering attempt/con job gone wrong.
Dave Holmes, a writer for Esquire recently trolled/socially engineered/performed counterintel against a group of the worst scammers that I have seen.
The full article can be found here now. That said, I will post the actual tweets from his timeline as well as a bit more about how it fits into security.
So, other than getting to read a hilarious story, we also get to look at it through some social engineering goggles (albeit briefly)
3 Basic Rules of Social Engineering
- Don't get caught
- Stick to the con
- K.I.S.S. (keep it simple, stupid)
The part where they lost the mark (other than the beginning) was their elaborate, and unnecessary, plan to get the money.
Other than that, Dave did a great job of gathering information, distracting the target, and obtaining some counter intelligence himself.
While a funny story in its own regard, still a fun lesson in social engineering too!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.
As an Amazon Associate I earn from qualifying purchases.
Common passed on this blog, I made it to a jam.