After social engineering my way into the inboxes of White House staff and Banking CEOs I then went to work in email security — it was very much the fairy tail ending. For 3 years I manipulated BEC (Business Email Compromise) cyber-criminals into revealing specific intelligence which was then passed on to global financial institutions… Continue reading Social Engineering Speaker: Tales from my time as a email prankster, and protector.
Fast trying to rationalise my targetting of Barclays Bank and the Bank of England I felt a trip across the pond was in order – let the dust settle. It brought with it more challenges: time zone differences, subtle language variations etc. But I was very keen to see how the US stacked up against… Continue reading My Wall Street phishing trip
To me it seemed the most natural thing in the world. That once I’d concluded my pranking spree on Wall Street, and in lieu of a reply from Fort Knox (seriously) I would turn my sights towards email’s golden goose egg; the White House. An iconic symbol of global dominance and security, I reasoned that… Continue reading Spear phishing the White House. Twice.
Whilst I knew I had put a lot of thought into my pranks, as I edged closer to the infosec industry I did think the ‘prank’ label might not be doing me any favors. I’d gone with ‘EMAIL PRANKSTER’ as it was literally descriptive and added a clown horn to what I was doing, which… Continue reading I socially engineered a social engineer. Here’s how.
It was back in 2017; whilst I was co-writing an article with Dr Ian Levy, the Technical Director at the NCSC, that I first used the term ‘inbox hypnotism’. It seemed to perfectly describe the symbiotic state someone lost within their emails slips into, as their subconscious takes greater responsibility for peripheral processes. Being ‘In… Continue reading Inbox Hypnotism™