********************
NOTES FOR THIS GUIDE
********************
1. This guide is not about scamming. What you do with this information is up to you.
2. This guide is not meant to have you go around and start messing with people.
3. Social Engineering is an art. Treat it as such. You are not lying. The moment you decide to tell a little white lie, becomes the difference between social engineering and a liar.
What Social Engineering is and is not?
Social Engineering is a life skill that alot of people do not have. There also is a large misconception in facts for social engineering. When MMOwned had a scamming section I and a handful of others were the pro's when it came to social engineering. Its also come to my attention that alot of people here don't know the difference between social engineering and lying. There is a HUGE differance between them. I hope to eliminate some things, as well as maybe educate you all on some simplistic things to better your life.
Social Engineering is defined as follows:
Social engineering is the act of manipulating people into performing actions or divulging confidential information, personal information, trust, benifitting from human emotion, and cloak and dagger schemes, rather than by breaking in or using technical hacking techniques; essentially a fancier, more technical way of beating around the bush. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.
"Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick. The term had previously been associated with the social sciences, but its usage has caught on among computer professionals and is now a recognized term of art. Though it can be used to devious and be very... well unfortunate for some. You can use Social Engineering to your advantage. You can use it at your work center, you can use it with your friends.. and you can definatly use it on Blizzard.
How is it used to benifit, but not scam?
This is a grey area. It really depends on your definition as scamming. Since scamming usually means to benifit from ones undoing, and to gain XXX property through the use of mechanics in which you will benifit monetarily while tricking the other party into your lie. You have to be careful. Once again I reiterate, the art of Social Engineering is not lying.. but allowing the victim of the social engineer to follow with your plan. Thus you guide them to the end, rather than scam them.
Ok, so how does social engineering work exactly?
Once again, this depends on the method of Social Engineering. However since I am going to teach you White-Hat methods, here is how it runs down. The goal for this is to hold the persons hand and lead them to what you want. Here are the basic rules.
1. Never Lie ( DO NOT LIE ) the moment you lie, your scamming.
2. If your pushed into a lie or cornered, throw a "Curve". A curve is when you ask a question back, or make the other person uncomfortable.
3. Let the victim party do all the talking.
4. This is the same as 3, listen. LET THEM DO THE TALKING. The more you talk, the more you give yourself away.
5. Do not get frustrated. When you frustrate, you tend to say stupid things. If its not going the direction you wanted, try again when your calm.
6. Don't rush it. Hold there hand, and guide them to your answer
One of the popular examples of all these rules is getting an account unbanned that you are NOT the owner of. If you have great social engineering skills you can easily get an account that is not yours, unbanned without anything more than a Username and Password. You don't even need the email. Bending your words is not lying. Its the art of telling the truth, but changing the order of words to describe the truth.
Ok I think I got it.. give me some examples?
Here is an actual conversation of an account that I had unbanned. The Username was Hobgoblin900, the Password was JumpUp10. This was the only information I had on the account. *Note* This account is no longer used, which is why I do not mind sharing it.
Blizzard CS (CS): Thank you for calling Blizzard Billing Customer Support, My name is Megan, How can I help you?
Kookie(K): Hi Meg, I am having a little bit of a problem with my account and I am pretty sure I need to call you because I was looking on the forums for the site and they said to call billing tech when I need something with my account cause they cannot help me.
// Right there is the start. Start off by making it seem your desperate and looking for help. Megan now, has a little back story in her head. She is assuming I had a problem, and posted on the Customer Service Forums. Right there she also gets a little impression that someone has aided me towards CS. Note that I said, looking not posted.
CS: Sure thing lets take a look at your account. Can I have your first name?
K: Sure can, but I am more worried about some thing else with the account, my account Hobgoblin900 is having some billing issue and I am trying to figure whats going on about it.
// Thats known as a Curve right there. She asked for my First Name, but instead I guided her to account name. She will plug in the name immediatly. And pull up the account looking at the first name, waiting on my response.
CS: I have your account pulled up, can you please verify the First Name and the Last name on the account?
K: Sure my name is Mark *********.
CS: Thanks Mark, unfortuntly your not the account holder so theres nothing that I can do for you.
K: I know I am not the account holder, I am the person who pays for the account, the person on the account is someone I know.
CS: There is nothing that I can do for you at this time as you are not the account holder.
k: Ok, I only had a small question rather reguarding payment. Since I pay for the account I wanted to ensure that I could pay for it since the names do not match.
CS: Oh, are you the parent or guardian of Chris?
// Thats where you just guided them. Suprisingly she gave me the name. Yes I know, this does not always happen. But you are able to roll with it when you let others talk. If you do have the account First name and Last name, then it does go this smooth as you will see.
K: No I am not, I just pay for the account.
CS: I am sorry Mark, I cannot give anymore information about the account that is registered. If you can please have the account owner contact us.
K: Thank you Megan, sorry for your troubles.
CS: Not a problem, sorry I couldn't do anything. Thank you for calling Blizzard Customer Support, is there anything else I can help you with?
K: Not unless you can help me setup the parental controls on the account.
// Once again, this is a curve. She has the account open. She already is there, and she threw out the word Parental / Guardian.
CS: Actually you can do that by logging into the World of Warcraft account management, and selecting the option that says "Parental Controls".
K: I do this on the website?
CS: Yes, navigate to World of Warcraft Community Site, on the left select the option that says Mana...
K: Is there a way that I can do this over the phone? I am not to fancy with the computer thing, all the internet security and all.
CS: Yes we do offer the option of setting up the parental control from the phone. However, it seems the accounts been temporarily disabled.
K: Oh my, for what?
CS: I unfortunatly do not have any information as that is handled through our Account Admin section. If you have a disabled account and wish to dispute or inquire about it you may by emailing [email protected] or [email protected]. Please allow several days for them to respond.
Anything else I can help you with?
K: Nope that is just fine thank you.
CS: Your welcome, have a fantasic day, and thank you for playing World of Warcraft. Good bye.
K: bye.
// What just happened is known as a bread crumb trail. You see, our call that just happened set a staging area for notes. Now there is account history and a note that says that I called CS at XXX time.
Next I contact WoWAccountAdmin with the following email:
To whom it concerns,
My account name is Hobgoblin900 and my last rememberance of a password was JumpUp10. I think it still is the same password since I can access the control panel. I contacted Customer Support and had a few questions. I have been playing this game since 2005, and I remember having XXX character on the account. A little while back someone else was using the account I assume and it was banned. I am not sure how they had access to the account or why they had access but they seemed to be using something at somepoint which was a hack or modification the email said. I was wondering what needs to be done to look at it and see if this was my mistake coming from <insert your IP here>. I am the owner of the account and lost control of the account from XX to XX. What was it disabled
for?
//The email above does seem a little on the lie, however its not. I have been playing since 2005, thats when I started playing WoW. Not since I played the account. I remember having XXX character on the account acts as a guidance point. They will look for the player account name, and put a fictious thought in there head that you are the account owner. its logic. A little while back someone else was using the account, as in the original owner. When you insert your IP it really does nothing but put false logic in someones head. If you grew up calling a banana a yellow, then someone held it up and called it a banana you would call it a yellow. When someone sees that number you threw in, then looks at a log and sees that your number that you login with is not the same number that was banned on trend, it aids in human emotion of sympathy. I lost control from XXX (account creation + a couple months) to (XXX time you purchased or gained account). What was it disabled for.. another poor me call.
The email reply is as follows:
Hopefully you can all understand how Social Engineering works now. Its a great tool and something that would be a vital asset for everyone to learn at some point in there life. If you have any questions please let me know. I would be glad to help anyone learning this art, as long as its used for NON SCAMMING purposes."An investigation of the World of Warcraft account Hobgoblin900 has produced evidence that the computer(s) used to play the account were infected by a virus,
Trojan or keylogger.
To protect your privacy and security, we have temporarily disabled the account for a 24 hour period. During this time, we highly recommend that you follow
the below steps to protect yourself and the account from unauthorized third party access.
- Use up-to-date firewall, antivirus, and anti-spyware software to scan your system regularly for viruses, Trojans, and key-loggers.
- Keep your operating system and other software up-to-date and be careful when downloading new software.
- Be wary of "spoof" and scam websites and e-mails that pose as Blizzard Entertainment and request account or personal information. As a reminder, Blizzard
Entertainment representatives will *never* ask you for your password.
- Keep your login information confidential. Account access can only be shared with one minor of whom you are the parent or guardian. Sharing access with
anyone else is a violation of the game's Terms of Use. You are also responsible for every use of an account on which you are listed as the registered player,
whether the use was authorized or not.
- Use separate, unique passwords for your email, World of Warcraft, and any other online accounts.
- Change your passwords regularly and keep World of Warcraft account information updated using the Account Management page at
http://www.worldofwarcraft.com/account/.
For additional security tips and information, please visit the following sites:
- Account Security: Blizzard Support
- Unauthorized Account Access Policy: Blizzard Support
- World of Warcraft Account Security: Blizzard Support
If you are looking for an added layer of security, we currently offer the Blizzard Authenticator, an optional device that can help prevent unauthorized account access. For more information about how the Authenticator works or how to add one to a World of Warcraft account, please visit the Blizzard
Authenticator FAQ at Blizzard Support.
Please be aware that if viruses, Trojans or keyloggers are found again on computer(s) the account is played from, it may lead to the account being disabled again.
Please contact us at [email protected] if you have any questions or concerns. Thank you for your understanding and cooperation.
Regards,
Account Administration
Blizzard Entertainment
http://www.worldofwarcraft.com"
-------------------------
Happy Social Engineering
µKookie