Explore a real-world social engineering engagement through a 48-minute Black Hat conference talk that combines actual audio recordings with valuable lessons for both social engineers and defenders. Gain insights into identifying and preventing attacks as Joshua Crumbaugh breaks down the techniques used in a bank robbery attempt conducted over the phone. Delve into topics such as reconnaissance, persistence, multiple call strategies, and the importance of sounding authoritative. Learn about the biggest risks in social engineering, including vulnerable user groups like sales and developers, and discover effective training methods to combat these threats. Understand the significance of high-frequency education, culturally-aware training, and integrating security awareness throughout an organization. Analyze the role of personal assistants and the importance of maintaining a vigilant attitude in preventing social engineering attacks.
How to Rob a Bank Over the Phone - Lessons Learned from an Actual Social Engineering Engagement
Overview
Syllabus
Introduction
Recon
Mistake
Never give up
Multiple calls
My boss rule
We do social engineering
Sound effects
Who hired me
Tips for social engineering
Giving instructions
Pre pretexting
Your Biggest Risk
Your Users
Sales and Developers
Attention Span
Social Media Rules
Short Touch Points
Boring Training
Training Video Example
High Frequency Education
Train According to Need
Integrate Everywhere
Timing
Cultural Differences
Personal Assistants
Guards Up
Social Engineering
Taught by
Black Hat
