A brief look into social engineering and how it's performed against an unsuspecting computer user. This attempt was taken from a real conversation from a dating web site, sometime back in 2009 / 2010. This also provides a reverse tactic of obtaining the scammers information. Please take note that some instant messenger services are defunct (AOL, etc). This can be moved into the realm of FB and other social networks where direct messaging can be executed!
This document outlines some information that can be utilized for some information regarding the process of social engineering on the job, or targeting a company during the job process.
Job Interview Social Engineering
Considering that a target corporation is in the process to higher new candidates for a job in information technology, and information security; an attacker can view this as an opportunity in order to launch a social engineering attack. Although the attack will be viewed as benign an attacker can glean more information from a single interview process than over a phone.
The method in which this type of social engineering is performed is that when you are on the grounds of the corporation, you can then inquire about the information technology, and or the devices which are in use. Eager interviewers would jump at the opportunity to demonstrate and detail which technologies are in use at the corporation to see if you have the skill set, and level to operate in their environments. Considering that you do ask questions in regards to which technologies are utilized most, or new emerging technologies that they'd need to be proficient with. This could; in many instances allow the attacker information in gathering, tools, exploits and additional criteria to launch an attack.
As something as so benign as a hiring process can glean so much information that it, too can put the corporation at risk. Many times, landing a job within the company will allow the attacker to enter undetected. Thus allowing him or her to attack from within the networks.
Job interviewers and corporations need to understand the risks which revolve around the job hiring process. Seeking candidates which state their knowledge on the resumes first. Then, asking which they are apt to utilizing and which technologies they would like to work with. Never divulging the criteria on what it is they do need. Considering there is no solid method to protect against this, job sites such as monster, hotjobs, etc will allow an attacker to build a profile in the likes of a target and seek to exploit those core technologies without wasting much time.
This document describes how you can utilize services such as staples, and fedex kinkos in order to create a professional presence for social and reverse engineering.