Having discussed in general the overall philosophy of the social engineer, this section provides tips and hints for social engineers. It looks at the specific tactics that can be employed within conversations to achieve your goals (or at least speed up the process). After reading each section, think about people you know and how you think they would respond to each approach. This is actually a lot easier than you might imagine. For example, acting belligerent and imperious with middle management is going to get you nowhere fast (unless you can convince your victim you are upper management), similarly don't expect to carry out a successful IT-based attack against IT staff. You will find this kind of mental templating very useful.
Acting Impatient
Acting with
impatience when someone is moving too slowly or appears to be considering
verifying your story can be effective in derailing some people's adherence to
accepted security protocols. Usually you can expect one of three responses:
This chapter has necessarily been a
little different from the others in this book. Although it is easy to show
someone how to pick a lock or hack a wireless network, social engineering is a
far more subjective topic and must therefore be described in more abstract
terms. The bottom line is that you can read a great deal on the subject and,
indeed, on psychology in general but your success in this field will depend
largely on your own personality and people skills. You may feel that you don't
possess the requisite nature – very few people do and this problem is
exacerbated by the fact that such skills are impossible to practice – at least
in the way that you can practice hacking or lock picking. In any case, you are
likely to have one person on your team who can competently execute the
social-engineering aspect of a test. If not, I suggest you look to your sales
staff. After all, a lot of techniques discussed in this chapter are similar to
those used by sales staff.
No comments:
Post a Comment