Physically SE Private Mail


Social Engineer The Postman To Grab Your Targets Mail.

In terms of obtaining personal Information pertaining to a particular person, such as their given name, middle name, family name and (where applicable) their date of birth and cell phone number, It can be quite a complex process when SEing Individual entities to grab such details. Well, It's not as difficult as you may think. One of the best tactics used by social engineers, Is to "physically SE the postman" to get their victim's mail "before It's placed In their letterbox", thereby handed directly to the SE'er. Depending on the type of mail, It can well and truly contain all the above details.

Requirements For The SE To Work:

For this to work, obviously you need to know the residential address of your target, and can "physically" visit the premises at any time. The SE can succeed for Individual homes, as well as those living In an apartment complex- "with every letterbox under lock and key". Given you cannot simply open the letterbox when It's locked, I will demonstrate how to grab Its mail with Incredible ease. For the purpose of this guide, I'll be using an "apartment" with Its letterbox securely locked.

The objective, Is to "SE the postman", Into thinking that "you're living at your target's apartment", and to grab all his mail before the postman places It In his letterbox. Also, the "timing" Is of the utmost Importance, meaning you must Identify "when the postman delivers the mail" on a daily basis. As with every SE, "research" Is very Important, which brings me to the next point.

Research In Preparation Of The Attack:

For reasons of his own, the social engineer wants to obtain as much Information about his victim as possible, and "collecting his personal mail" will fulfill his needs to some degree. Prior to performing the SE, the SE'er  has "researched the postal service", and has established the approximate time that his victim's mail Is delivered each day, which Is close to 3:00 pm. He's well aware of the apartment number he lives at, and his letterbox Is Identified with Its respective number, and located at the front of the building- securely locked. He's now satisfied with all Information needed to perform the SE.

The SE In Action:

It's around 2:45 pm on a Friday afternoon, and the social engineer Is sitting In his car opposite his victim's building, awaiting the postman to deliver the mail. After 20 minutes or so, he sees the postman from a distance, jumps out of his car and walks towards his victim's mailbox. As the postman arrives, the social engineer pulls out his keys and pretends that he's just about to open his victim's letterbox.

He greets the postman with a smile, and asks how his day Is going so far. The social engineer then says: "Do you have anything for Unit 14 please?" The postman can clearly see that the SE'er Is (seemingly) ready to open the letterbox marked as Unit 14, and believes that he's the rightful owner. As such, there's no point putting the mail Into the letterbox, thus hands It to the social engineer. The SE'er thanks him for his kindness, ends the conversation on a good note and has successfully SEd the postman for his victim's mail.

In Conclusion:

The type of details that can be obtained from someone else's mail, depends on Its nature. For example, If It's a "driver license renewal notice", you'd have the first & last name, license number, date of birth and address (which you already know anyway). With this Information alone, you can take over your victim's Identity within the hour.

If It's a phone bill, you'll have their cell phone number, phone carrier, account number and first & last name. You can then use the "account number to SE your victim's phone carrier" and obtain further Information, such as their date of birth. Clearly, you can see the advantages of getting your hands on your target's postal mail.




Comments


Popular Social Engineering Posts