Bernz's Social Engineering Exploits


I'd say that if if you really want to get him, get his number and address through four11.com or something like that. If four11 doesn't have it, your local library will have national phone books. Write a professional letter. Use a water mark. Make the letter look really nice and trustworthy. Do you have some kind of mailbox besides your own residence to send it to? If so, use that as your return address. If you're a phreak, so use an alternate phone number. Write to him as something scary like as a bank or credit card company and tell him he's $5000 or something overdrawn. At that point he should go apeshit and call that number to straighten things out. If he doesn't respond, send another and label it "urgent, final notice" or some shit. He should call and ask about it. Tell him according to your computers he's too overdrawn and you have to confiscate his credit card/or freeze his bank account. He'll read his account number off to you at one point to which you will (a) have his credit card/bank number and (b) tell him its not the number you have. Tell him to go to his bank to straighten it all out. He'll go and find nothing wrong. Send him another letter and start the cycle all over. You'll be a pain in the ass. It doesn't really do much as far as computers are concerned. It's just a scam that's annoying.

Corporate Stuff

> I read your tutorial/essay on Social Engineering, thought it was pretty
> accurate and damn funny. I was curious - got any special advice on good
> approaches to engineering law firms, and/or other private companies
> that handle legal matters and information as opposed to a generic
> business or computer centre? I haven't got anything specific in mind,
> just curious what your thoughts might be on approaching that area of
> commerce.
> -j. [email protected]

i'd recommend the getting in by means of disguise (suit). Then ask the secretary something and take a peek at her computer. Look for what she types, look for post it notes. Try to get her to leave for a second so you can rifle through her stuff.

it depends what kind of building for a law firm. A garage entrance is good for letting you in. Just walk in and go up the garage elevator, bypassing security. Secretaries are not smart. That's why they are secretaries and not lawyers. Take advantage of that. Look clean shaven and respectable. It's an influence con game. Make them believe you are there for a reason and you're scott free. You can also tell them you're from some computer company so they give you run of the computer.

Another good thing is a very long term plan, but it works. If you know a bit of programming, alter your favorite office or internet program with vis C++. Put a bit of messed up code in it so it crashes. Go to kinkos or staples and make a nice little package for it for $5. It looks pro. Take it to the victim office and present it as a demo package. Make sure you put your phone # in there. Tell them to call in case anything goes wrong. Also tell them they get a full version for being beta testers. Make sure they take it and try it. they'll call you. go back in and fix the problem. this gives you full run of the computers. I know that this one is a longshot, but I've used it and to much success.

Payroll Scam

Security guards make only slightly more than McDonald's employees. At $6.50 they are not really willing to stop a bullet. They are hardly willing to stand. They are not smart, otherwise they'd be cops (which aren't too bright either). In other words, they are a push over.

You have the knowledge that you can manipulate security guards. That $6.50 matters to them more than anything and you know it. Let's say you need some access to their place. Call relatively late at night where there is the late shift guard. IT MUST BE A THURSDAY NIGHT. He should be the dumbest and the last thing he wants at four in the morning is to be bothered and deal with people. Give yourself a professional sounding name and speak gruffly and demandingly. This is part of the illusion. Tell him you're from accounting and you're working on tomorrow's payroll. You're computer went down and you need some access or else "There will be no paychecks tomorrow" or something like that. That's a nightmare to this guy. He will do anything he can to get his $200 bucks for his hard work. He will help you in any way possible. Walk him through his system and things like that. Ask him to tell you what's around. You control him. Be creative.

Garage Break-In

Getting into a computer is hard. So is getting into a corporate or large building. Walking past a security guard isn't great for keeping a low profile. Underground garages stay open almost all the time. This is a good thing for you. No one pays attention to someone walking into a garage beacuse they could hypothetically be getting their car. Makes sense. Garages also have elevators that go into buildings. Some have keys to prevent awful people from getting in. Be patient, someone will come down and just hop in. You can bypass the lobby through the elevator and go right to the place you want. If you're wearing a suit (which you should be), scam the janitor into letting you into a place. Look hurried and pat yourself for keys. Tell him you left them in your car and you just have to grab something really quickly. He's not smart. He's a janitor. If he was smart, he'd be in your place. Think on your feet if anything comes up.

More to come!
Send me more