|Richard Freeman on 14 Jul 2010 08:26:45 -0700|
On 07/13/2010 10:10 PM, Randall A Sindlinger wrote:
If you make a honeypot "banking" encrypted directory, you'll probably be more likely to get a bite. Why reformat when you can copy it off, crack it, and get account numbers, etc?
You could mix in some social engineering. Include the "bank's" phone number and instructions for resetting your credentials, address, etc. Make it look like you copy/pasted them out of some email/etc. Something like:
If you lose your PIN and need to update your trust fund payment information please contact <phone-number-you-control> and ask for customer service. Please provide them with your account number 4837284, and the PIN recovery code 152875-43XB. They will issue you a new PIN number, and work with you to update the contact information on your account. Be sure to save these instructions in a safe place, as you will need to have this information to access the $27,245,873.23 that currently resides in your account.
Then when you get a phone call you can carefully "authenticate" them, and be sure to get the correct mailing address and bank account details so that they can try to drain your account. And no, I didn't write that email you just got from your long-lost cousin in Nigeria... Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug