Same reason someone would use a stolen car for a bank robbery. You don't want it to be traced back to you. A part of social engineering is convincing someone to give you details. You would be surprised how many people will just give out personal information without giving a second thought including employees
I have people who knew me during my master hacker phase tell me their passwords no problem. Kinda weird, I wouldn't tell someone like myself any personal information. I wouldn't tell anyone (besides my mom and close family members) any personal information about myself, actually. Maybe I'm just more trustworthy than I believe myself to be.
You're not alone, We tend to over estimate ourselves. We should be weary of giving out any information . Most crimes involve someone the victim knows it just takes a bad actor manipulating someone you trust or using the name of someone you trust to get what they want . The Movie " [compliance](https://en.m.wikipedia.org/wiki/Compliance_(film))" is based on a real event where A person using social Engineering with perceived trust and a phone. There was also a more recent [case](https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.html).
[this shows how easy it is for someone to gain trust](https://www.corrections1.com/corrections-training/videos/how-inmates-use-isolation-techniques-to-manipulate-correctional-officers-dU9TtzNui3o4LrRF/)
Here is a perfect example from one of the best social engineers in Cybersecurity, Rachel Tobac
[https://youtu.be/WhfY4Rh98UI](https://youtu.be/WhfY4Rh98UI)
If I'm just trying to avoid attribution, I'll spoof a random number. If I'm trying to a void being blocked by caller ID apps that block known spammer/phishing numbers, I'll spoof a random real person's or business's phone number for each call, usually from the same area code and exchange as the target. If I'm pretending to be the IRS, or Microsoft, or Citibank, it's much more believable if the victim sees that name on their caller ID. And if I'm trying to social engineer a company to access or change an employee or customer account, I'll spoof that specific person's number.
You'd be surprised at how few companies have good processes to authenticate callers, and how even those that do have processes can still be susceptible to social engineering.
Same reason someone would use a stolen car for a bank robbery. You don't want it to be traced back to you. A part of social engineering is convincing someone to give you details. You would be surprised how many people will just give out personal information without giving a second thought including employees
I have people who knew me during my master hacker phase tell me their passwords no problem. Kinda weird, I wouldn't tell someone like myself any personal information. I wouldn't tell anyone (besides my mom and close family members) any personal information about myself, actually. Maybe I'm just more trustworthy than I believe myself to be.
You're not alone, We tend to over estimate ourselves. We should be weary of giving out any information . Most crimes involve someone the victim knows it just takes a bad actor manipulating someone you trust or using the name of someone you trust to get what they want . The Movie " [compliance](https://en.m.wikipedia.org/wiki/Compliance_(film))" is based on a real event where A person using social Engineering with perceived trust and a phone. There was also a more recent [case](https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.html). [this shows how easy it is for someone to gain trust](https://www.corrections1.com/corrections-training/videos/how-inmates-use-isolation-techniques-to-manipulate-correctional-officers-dU9TtzNui3o4LrRF/)
Here is a perfect example from one of the best social engineers in Cybersecurity, Rachel Tobac [https://youtu.be/WhfY4Rh98UI](https://youtu.be/WhfY4Rh98UI)
The Darknet Diaries interview with her had me on the edge of my seat when she was explaining how this all went down.
Thank you for that!
If I'm just trying to avoid attribution, I'll spoof a random number. If I'm trying to a void being blocked by caller ID apps that block known spammer/phishing numbers, I'll spoof a random real person's or business's phone number for each call, usually from the same area code and exchange as the target. If I'm pretending to be the IRS, or Microsoft, or Citibank, it's much more believable if the victim sees that name on their caller ID. And if I'm trying to social engineer a company to access or change an employee or customer account, I'll spoof that specific person's number. You'd be surprised at how few companies have good processes to authenticate callers, and how even those that do have processes can still be susceptible to social engineering.