Re: Reverse Social Engineering

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[MODERATOR COMMENT: Below is a message originally posted by
Christopher Meyer. I 'accept'ed it a while back but
apparently
something went wrong and it never appeared on the list. So
I'm
reposting it on his behalf, hopefully it works this time.]

==============[BEGIN ORIGINAL MESSAGE]=============

On 3/9/07, Snoopy Brown <freefalledgmail.com> wrote:
>  I might be very wrong, but wasn't hp's recent fiasco
prime
> for your paper?
>
> As I understand it, they did all sorts of illegal
stuff.
> Amongst them (useful to you), they portrayed themselves
(the
> "investigators") as other people to get
information from the
> company employees/executives.

That's normal social engineering, not reverse.  Reverse is
pretending to be the authority and getting someone to
contact
you for help.
For example, you trick people into calling your number for
Help Desk password resets instead of calling the actual
number.

To answer the original poster... I don't know if this one
technically fits the definition but maybe if you stretch it
a bit- Kevin Poulsen's redirecting old or shut down escort
service phone numbers (google it if you aren't familiar).
I'm not sure if that is more of a hack than reverse social
engineering, it has elements of both.  It does have
sabotage, advertising, and assisting - all considered
elements of reverse social engineering.

I think you could also include some phishing scams in
reverse social engineering.

I'm trying to rack my brain for better examples, because
I could swear I've heard of some, but none are popping to
mind at the moment.

Christopher Meyer - CISSP, GCIH


==============[END OF ORIGINAL MESSAGE]============

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtool
s.com/verify
Version: Hush 2.5

wkYEARECAAYFAkZSd9QACgkQiokir2ZPLvWKbQCgpnFlorixkv2QsHHSru93
QF6+JosA
n1CpR7yML5WgCmojhzv4kR4FCuPg
=NlYr
-----END PGP SIGNATURE-----