0 Social Engineering via Phone to get Admin.

Phone Verify / Social Engineering via Phone to get Admin.
----------------------------------------------

Ok.. Simple tutorial..its hardly a tutorial.

This is just to people that don't understand what a Phone Verify is.

When you card a shop they sometimes call to verify the order and ask some details about the order and maybe some card details.


How do we do this..

Well there are 2 ways..1 easier then the other.

1. Skype or any other VOIP Provider thats cardable. - Easy
2. Card a Pre-paid Sim and phone. - Hard

We will use 1.

Ok it's pretty easy to card skype just goto it, make an account use socks for the country your going to be using.. so USA = USA socks.

Once you buy $20 credit they will give you a phone number.

Example number 800-675-8734

Now we have a number..all you need now is skype installed on your computer and a mic/headset.

When you card the store try do it in business hours that way the call will come asap and you will get it confirmed and shipped the same day.

So say we carded apple.com for a ipad.

We would get a fresh USA sock and put into the connection settings of skype.

When the order goes through make sure your on skype..leave it on your speakers or headset if your going to be on the computer for a while.

When the call comes through they will ask if your are the card holder, your address etc..and what did you order and what total $$.

Once it's verified they will put the order through.

This is also good for Social Engineering..

If you got information from a server like the admin's user and server information but can't get the password you can whois the site and get the Webserver provider info and then call the admin of the site and say your the tech team and you found out someone has been attacking customer's websites and would like to validate the admin's info..etc..

Then ask for them to change there password and it would be quicker for me to do it on the phone now and more secure just incase someone has put a virus on there site or computer.

When they give you the old password and a new one..login to there server via the web host and change the old to the new so looks legit and like the call was legit.

To make it look even more legit you could send a fake email to there email account under the webservers name and say that there password was changed and thank you for your service and help in the matter.

That's one the easiest ways to root a server

Hope this helps.

Written by Syncorion
Date: 11/06/2010