- 7 Tem 2013
- 8,197
- 667
A Way To Create A Fake Scenario
yeah, when we talk about creating a script, we immediately think about series or movies. But in general, creating a scenario isn't just about them. We make plans when we go to a job interview or meet someone new, we create a kind of scenario. We'll have the questions ready in our heads. There are many ways to create scenarios in social engineering and one of them is pretexting. So what is pretexting?
What Is Pretexting ?
Pretexting is a scenario method that an attacker uses to collect sensitive information about the target person. This scenario is a social engineering method. This method is done after contacting the target person. First, a scenario is created to contact the person. Once we start communicating with the target person, we need to approach it calmly and comfortably. In a situation of excitement, the target person suspects your situation. So, we must take our steps slowly by thinking. If we want to get efficiency in these cases, a little research is done about it before contacting the person.
With the results of our research, we collected the victim's weaknesses, social media accounts, information about his family. This information is used to confirm when communicating. And in this way, the victim will have a sense of trust with us.
Let's give an example of this situation: authorized employees of a cybersecurity firm go to visit the IT manager of a firm that sells bus tickets. Their goal is to scan for vulnerabilities on websites. The IT manager tells staff "there is full protection on our website that you will not find any vulnerabilities" and they don't want staff to scan the system. The security firm is going to examine the staff of the firm that sells those tickets. They take advantage of the weaknesses of staff with the information they find, making them a website about what they like, and texting them with a fake mail address.
If one person clicks on the website address that comes to the employee's email address, the software in the background gradually starts infecting other computers using the company network. By entering his/her personal information on the page...that's it..end of the story.
So how can we protect ourselves?
I know this is classic, but we have to check our e-mails. Fraudsters identify themselves on the phone as police, prosecutor, bank officer and ask for personal information. Let's not forget, the police don't want money from you. Don't be a victim of fraud.
Source:https://www.turkhackteam.org/sosyal...dislikte-sahte-senaryo-olusturmanin-yolu.html
Translator Gauloran
yeah, when we talk about creating a script, we immediately think about series or movies. But in general, creating a scenario isn't just about them. We make plans when we go to a job interview or meet someone new, we create a kind of scenario. We'll have the questions ready in our heads. There are many ways to create scenarios in social engineering and one of them is pretexting. So what is pretexting?
What Is Pretexting ?
Pretexting is a scenario method that an attacker uses to collect sensitive information about the target person. This scenario is a social engineering method. This method is done after contacting the target person. First, a scenario is created to contact the person. Once we start communicating with the target person, we need to approach it calmly and comfortably. In a situation of excitement, the target person suspects your situation. So, we must take our steps slowly by thinking. If we want to get efficiency in these cases, a little research is done about it before contacting the person.
With the results of our research, we collected the victim's weaknesses, social media accounts, information about his family. This information is used to confirm when communicating. And in this way, the victim will have a sense of trust with us.
Let's give an example of this situation: authorized employees of a cybersecurity firm go to visit the IT manager of a firm that sells bus tickets. Their goal is to scan for vulnerabilities on websites. The IT manager tells staff "there is full protection on our website that you will not find any vulnerabilities" and they don't want staff to scan the system. The security firm is going to examine the staff of the firm that sells those tickets. They take advantage of the weaknesses of staff with the information they find, making them a website about what they like, and texting them with a fake mail address.
If one person clicks on the website address that comes to the employee's email address, the software in the background gradually starts infecting other computers using the company network. By entering his/her personal information on the page...that's it..end of the story.
So how can we protect ourselves?
I know this is classic, but we have to check our e-mails. Fraudsters identify themselves on the phone as police, prosecutor, bank officer and ask for personal information. Let's not forget, the police don't want money from you. Don't be a victim of fraud.
Source:https://www.turkhackteam.org/sosyal...dislikte-sahte-senaryo-olusturmanin-yolu.html
Translator Gauloran
Son düzenleme:
