29、电话攻击向量：社交工程的策略与技巧

电话攻击向量：社交工程的策略与技巧

1. 利用办公室外自动回复信息

在社交工程攻击中，办公室外自动回复信息是一个宝贵的情报来源。通常可以获取到内部分机号码，这些号码一般是外部可用电话号码的最后三到四位。同时，还能知道谁不在办公室以及离开的时长。办公室外自动回复可能会包含同一团队其他成员的联系方式，这些人在不知情的情况下，很可能会毫不犹豫地提供帮助。

1.1 示例电话

以下是一个利用这种情报的示例电话：
| 角色 | 对话内容 |
| — | — |
| 我 | “Hi Sarah, It’s Bill Robson from zxycorp, I was talking to Rob last week about the audit we have been working on. He told me that you were the person to speak to in his absence?” |
| Sarah | “Hi Bill, yes, it seems that I have the honor of dealing with Rob’s work for the next couple of weeks!” |
| 我 | “I guess it’s ok for some, jetting out to the Caribbean while the rest of us stay here and slave away! Anyway, Rob said you would be able to help me get access to some documentation that wa