Useful Social Engineering at Sympatico Yeah yeah, I'm the king of 902 specific information *sigh* Ok, so say you want to do something besides simply deleting an email message to someone blind. Say you want to read the emails. Say you live in Nova Scotia. Because sympatico here is slightly less intelligently run. The people who work on the 24 hour help desk have little to no training, and are easily confused. I have no idea about the other provinces, and how strict they are about enforcing the "make sure you verify the user before doing anything" rule. But if they are anything like here, and being human they should be, they are lazy and stupid. Example one. Call up and say; "My computer keeps freezing when I am trying to get my email. I need to get my email." They will ask you for your username, to enter into their computer. If they're doing support for MPOWERED they'll ask your number. It's best to have both of em handy. then they'll want to walk you through some trouble shooting. Do everything they tell you to do, then say it doesn't work. If they say "ok, we'll hang up and you try it again" say that you have a separate phone line and can try it right now. Tell him it doesn't work. at this point they'll try a few other things. Blah blah fucking blah. Just tell them you're in a hurry and need to know what mail is there waiting for you. They have access to your mail via a webmail interface. They cannot get in with out your password. they can, however, change your password FOR you. when they ask you for your password, tell them that you'd feel moe comfortable if they changed your password to something else with their system, and then used that one. Say that the password is personal, and that you know they can't see it because it's encrypted, and that you'd rather not tell them it. this should work. Get him/her to read you the sender/subject of the mails, and if any look intresting, get them to read you the message. Tell them it's important. Example two: Call up and say "I want to set up my personal webspace" listen to what he says, he'll say, ok it's set up after he sets it up... or he may say it's already st up. In which case say "I know... but I can't get in" leave your story open to that. People say stupid things like that all the time. If he believes you are stupid he'll be more willing to bend the rules to get you off the phone. Get him to change the password on your webspace, which will change the password on the email... thusly allowing you to pop the mail from, say, a hotmail account. or log into it via the sympatico webmail program. I don't advise popping from home. The key thing to remember in any situation is that most customers DON'T remember their password. They never have to type it. Dial up networking has a remember password option which allows it to be typed in once and only once. You just click connect. Netscape has a remember password option. TA-DA other intresting things of note. If you're an mpowered customer, when your email accounts are set up, you get the password mpowered1 on your accounts, unless you request otherwise. People are idiots, remember this. This password will work on the primary account as a dialup, (whole email as username) and it will work on any acct as pop3. sympatico and mpowered are run in NS by MTT (an aliant company... whatever) which means that if you use the dialup for any illegal purposes they can trace it back to which username had which IP if the police ask them to, but it is also really likely that they can trace it to the telephone number which dialed in and logged in with that account. untoward 10/06/00