Scripts

From SERepository

Jump to: navigation, search

Social Engineering Scripts

This page is designed to maintain scripts that can be used in Social Engineering assessments as well as provide information on attacks seen in the wild. Submit a script!

This scam purports to be from webmail administrators and attempts to convince users to reply to the message, providing usernames and passwords to their webmail accounts, as well as their birth year.
This attack notifies victims that they have a tax deficiency and must download relevant documents.
C-Suite executives are told that they have been sued in federal court and must click on a Web link to download court documents. Victims are taken to a phony Web site where they are told they need to install browser plug-in software to view the documents. That software gives the criminals access to the victim's computer.
Look for parking violations in a corporate parking lot such as cars that do not have the proper company specific registration sticker or hang tag. Place a ticket on violators warning that they must register their car or they will be fined.
Spoof an email coming from the CIO which says the organization is being evaluated for inclusion is some magazine's 100 best places to work. Please fill out this online survey.
Scam Artists use this technique to pressure employees into giving out information about office supplies. The scammers then use the stolen information to create an over sized invoice for unwanted goods.
Inform executives there has been a complaint against their company with the Better Business Bureau and they must visit a website for details.
Due to increasing compliance concerns everyone feels the need to help audit when asked of them. By pretending to be the audit department of the target organization you may be surprised of how helpful people will be.
Social engineering can alway be easier and more successful when the victim is calling you. One good way of doing this is to exploit windows messenger service to pop up a message such as "Virus Detected please call the Security Help Desk at 555-1234."
As with the Windows Messenger script this is another way to persuade victims into calling you. If the printers are not properly secured, change the display to read something such as "Security Error, call help desk at 555-1234."
Retrieved from "http://socialengineeringdb.org/index.php5?title=Scripts"
Personal tools