Real Cases
Re: Reverse Social Engineering May 22 2007 04:55AM
Topi Ylinen (topi ylinen hushmail com)
Hash: SHA1

[MODERATOR COMMENT: Below is a message originally posted by
Christopher Meyer. I 'accept'ed it a while back but apparently
something went wrong and it never appeared on the list. So I'm
reposting it on his behalf, hopefully it works this time.]

==============[BEGIN ORIGINAL MESSAGE]=============

On 3/9/07, Snoopy Brown <freefalled (at) gmail (dot) com [email concealed]> wrote:
> I might be very wrong, but wasn't hp's recent fiasco prime
> for your paper?
> As I understand it, they did all sorts of illegal stuff.
> Amongst them (useful to you), they portrayed themselves (the
> "investigators") as other people to get information from the
> company employees/executives.

That's normal social engineering, not reverse. Reverse is
pretending to be the authority and getting someone to contact
you for help.
For example, you trick people into calling your number for
Help Desk password resets instead of calling the actual number.

To answer the original poster... I don't know if this one
technically fits the definition but maybe if you stretch it
a bit- Kevin Poulsen's redirecting old or shut down escort
service phone numbers (google it if you aren't familiar).
I'm not sure if that is more of a hack than reverse social
engineering, it has elements of both. It does have
sabotage, advertising, and assisting - all considered
elements of reverse social engineering.

I think you could also include some phishing scams in
reverse social engineering.

I'm trying to rack my brain for better examples, because
I could swear I've heard of some, but none are popping to
mind at the moment.

Christopher Meyer - CISSP, GCIH

==============[END OF ORIGINAL MESSAGE]============

Note: This signature can be verified at
Version: Hush 2.5


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus