An article on today's slasdot about how a penetration tester was able to break into a a bank's computer network caught my attention today. See First-Person Account of a Social Engineering Attack .
I have always been interested in social engineering attacks after reading the story of Kevin Mitnick . A lot of people are simply not aware of how simple it is to gather simple information by gaining thier trust of simply by snooping around.
I just thought of an attack on snooping someone's phone messages. This will only work on phones with an LCD display.
Me: Hi XXX, I left you a message but I did not hear back from you.
Him : Oh ok. I will check it now.
He then proceedes to check the messages. Of course, he will not have had a message from me.
Him : I did not get a message from you.
Me : Can I use your phone to make call mine and make sure that everything is ok. Hey can you grab me that pencil over there.
Once he is distracted, I hit redial and viola, his voice mail number and most probably his password will appear on the screen. However, tis attack did not work on my Samsung phone.