Google Voice (was Grand Central) is a pentester’s best friend

Google Voice turns out to be really handy for phishing attacks. When you send out a phishing email, it’s useful to include a phone number, in case of any issues with the attachment, link or other payload.

Google voice gives you a (new, anonymous) number which you can route wherever you’d like (cell, office, etc). Additionally, you can configure your voicemail to quickly impersonate the local admin, or security officer.

The killer feature, however, is the voicemail recording and transcription. Never again do you have to wade through a voice-driven mail system. Now, it simply dumps into your inbox for easy inclusion into a report. Additionally, you can download, email and share (via unique URI) voice messages.

Good for demonstrating that you can’t trust links AND phone numbers.

1 Comment

  1. jcran says:

    oh yeah. you can listen in as people leave voicemails & bust in as they’re about to hang up. very unnerving for them 🙂

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s