Social Engineering Through Search Engines
In a recent red team assessment, we needed to get around the security controls and security awareness our client had already established. Roman Faynberg, Principal Consultant, shares how we social engineered our targets by hosting a phish on a fake company page. Then, we sent emails to our targets referencing the name of that fake company, excluding any links that might raise suspicion.
The targets took the bait, searching the name of the company and finding it on their browser. Since they found the page themselves, they implicitly trusted the site, and fell into the trap. This served as a perfect reminder that social engineering can take place in all kinds of ways, and to always remain alert.
