Wednesday, December 2, 2015

Using famous fake names

A while ago I was at a stl2600 meeting and the topic was using fake identities of famous people for online services and events IRL as a way to protect your real identity and be easy to remember for you. They gave a number of great examples and even links to sites to help come up with the fake ID.

To expand on that idea I suggested there might be a social engineering impact if you choose your alias wisely. Like using the name from a positive supporting character in a movie, people might be more likely not to question you, and even allow you privileges they might not other wise presumably because they associate you with this character subconsciously.

The reason I suggest using a support character and not a main one is because people are more likely to have better recall of a leading character, the idea is to use a name that is linked to positive feelings that someone cant quite put their finger on, hopefully allowing that feeling of trust to be lent to anyone with that name or ones that sound similar.

Under a more targeted social engineering attack you might use the name of a favorite sibling, or relative. Yes the target will pick up on this right away but hopefully the years of trust the target associates with the ID you choose will be lent to you with out the target knowing they are doing so. Results will vary of course. What are your thoughts? Have you done something like this and it worked? Tells us about it.

No comments: