Security Testing Tips: How to practice social engineering attacks?

Security Testing Tips
Security Testing Tips

Exercise #1: Try getting access to your friends e-mail account by using his / her mobile phone to receive the AUTH code. How to?
1. Start to build trust
2. Make him / her your close friend
3. Find a way to get hold of his / her mobile hand-set
4. Divert his / her mind to something else
5. Play some game on his / her phone & initiate forgot password AUTH code request (You can ask some other friend to do this from a different location)
6. Once you receive AUTH code via SMS on your target’s phone, memorize it and make sure you delete that SMS before you return the phone.
7. Do not change the password right away, wait for some time and then use AUTH code to set new password

Exercise #2: Try getting personal details of someone
1. First task is to get the phone number of the target
2. Make a call when that person is in important meeting or with some person
3. Fake yourself as “Manager at so and so bank”, “Manager at Telephone company” or anything where the target has subscribed to those services
4. Say something like, “As per new regulations we need to keep the records updated and we do frequent checks with the owner if all the details furnished are up-to-date”.
5. Ask for Date of Birth, Residential Address and everything that matters to you for hacking an account or stealing something from the residence.

Disclaimer: I am not responsible if you try bypassing some security in physical infrastructure to practice social engineering attacks. Example: Do not carry weapons or harmful items which may get you behind the bars. Carrying food items in a movie theatre might be good example as security checks will just ask you to leave it out if they find it. Be sensible and careful with your exercises. Do it for educational purpose only.

https://i0.wp.com/www.testingcircus.com/wp-content/uploads/security-testing-7.jpg?fit=320%2C245&ssl=1https://i0.wp.com/www.testingcircus.com/wp-content/uploads/security-testing-7.jpg?resize=150%2C123&ssl=1Santhosh TuppadSecurity Testing TipsSecurity Testing TipsSecurity Testing Tips: How to practice social engineering attacks? Exercise #1: Try getting access to your friends e-mail account by using his / her mobile phone to receive the AUTH code. How to? 1. Start to build trust 2. Make him / her your close friend 3. Find a way to get hold of...
The following two tabs change content below.
Santhosh Tuppad is the Cofounder & Software Tester of Moolya Software Testing Private Limited (www.moolya.com). He also won the uTest Top Tester of the Year 2010 apart from winning several testing competitions from uTest and Zappers. Santhosh specializes in exploratory testing approach and his core interests are security, usability and accessibility amidst other quality criteria. Santhosh loves writing and he has a blog http://tuppad.com/blog. He has also authored several articles and crash courses in the past. He attends conferences and confers with testers he meets. Santhosh is known for his skills in testing and you should get in touch with him if you are passionate about testing.