It would've given me away. I wasn't super concerned that it would be looked up though. If this was a real attack and not just a demo for class, it would've been a better idea to fake the whois info.

I just posted the targets response when he found out. He was very gracious.

What a fantastic course, and a great show of character from Mr. Target. Hat tips all round.

The other student was an international student, his English overall was quite formal. Really lovely guy though :)

I suspect the other student was more susceptible to this sort of thing since he was a non native speaker. I'd be curious to see if it would've worked on an American.

Speaking as an Indian who's had the opportunity to try this sort of thing on various Americans (and a lone Australian), it would've worked. The success of the attack probably has more to do with the susceptibility of each individual victim than their specific native language, though (and this is a sweeping generalization) many Indians do tend to have greater deference to authority (real or imagined) than their American counterparts.

thanks!

That's very true, but it was just a class project, and wouldn't have been the end of the world.

it's a redacted version of the full link.

But did you purposely misspell "recruiting" or was that just a typo.

typo in the redacted version.

could you link me to where the original is?

I meant that with that level of trust it wouldn't be too hard to adapt the attack to shift to gaining that sort of information. ie; We are adding you to our employee database but we need your SSN last 4.