PLA Forums
Other Stuff That Has Little To Do With PLA => Techinical Shit => Phreaking, Hacking, Social Engineering, Lock Picking => Topic started by: Derek Xero on April 10, 2009, 07:30:54 PM
-
In my recent attempts to social engineer information from wireless companies, I've been asked to supply a 4 digit account password. According to a verizon/page plus customer service representative, the FCC is requiring this code to be supplied before any account information is given whatsoever. This doesn't make social engineering impossible, just harder and incredibly tedious for those like me who are relatively new to it. The passcode is even required for supposed employees from other departments. Can anyone offer insight into this?
-
It's harder now than it was just a couple years ago, but it's still relatively easy as long as you're pretending to be an employee. Just keep trying and you'll end up with one who doesn't ask for their password. Pretending to be the customer sucks, especially compared to 10 years ago. Customers are stupid, though, and will forget their passwords so they'll need another way to verify themselves. A lot of times it's a personal question, like "What was your favorite teacher." But what do they do if that's wrong too? Seems like they'd be forced to revert back to asking you for your SSN or DOB or other things.
Guess they could offer to send the secret code to their phone's handset, but you could counter that with something like, "I lost my phone's handset and that's the reason I'm calling in." You could even add to that, that that's where you store your secret codes and passwords on your phone. Why don't you know who your favorite teacher was? Because you're an avid blogger and all your readers know who your favorite teacher was.
Did you see how I used 3 that's in a row in that one sentence? Holy crap, I am awesome!
-
It's harder now than it was just a couple years ago, but it's still relatively easy as long as you're pretending to be an employee. Just keep trying and you'll end up with one who doesn't ask for their password. Pretending to be the customer sucks, especially compared to 10 years ago. Customers are stupid, though, and will forget their passwords so they'll need another way to verify themselves. A lot of times it's a personal question, like "What was your favorite teacher." But what do they do if that's wrong too? Seems like they'd be forced to revert back to asking you for your SSN or DOB or other things.
Guess they could offer to send the secret code to their phone's handset, but you could counter that with something like, "I lost my phone's handset and that's the reason I'm calling in." You could even add to that, that that's where you store your secret codes and passwords on your phone. Why don't you know who your favorite teacher was? Because you're an avid blogger and all your readers know who your favorite teacher was.
Did you see how I used 3 that's in a row in that one sentence? Holy crap, I am awesome!
Thanks man.