Social Engineering - Christopher Hadnagy [104]
What do I mean by not acting insane and being flexible? One definition of insanity that’s been floating around for years is “doing the same thing over and over and expecting different results.” Being willing and able to flex is one of the keys to persuasion.
You can think of this flexibility in terms of physical things. If you were tasked to persuade or bend something, would you rather it be a branch from a willow tree or a steel rod? Most people would say the willow branch because it is flexible, easier to bend, and makes the task accomplishable. Trying to persuade others while being unyielding and inflexible doesn’t work, and neither does persuasion if you are not flexible.
Many times, an audit will not go as planned. A good social engineer will be able to roll with the punches and adjust their goals and methods as needed. This does not go against the idea of planning ahead; instead, it bespeaks the point of not being so rigid that when things do not go as planned you can move and adapt so the goal is not lost.
The way a person would view an insane person is the way a target would view the inflexible social engineer. The social engineer would look unreasonable and you would most likely never reach endgame.
Get in Touch with Yourself
By getting in touch with yourself, I am not suggesting some Zen meditation avenue, just that you understand your emotions. Emotions control practically everything you do, as well as everything your target does. Knowing your emotions and being in touch with yourself can help you lay the groundwork for being an effective social engineer.
Going back to the earlier example of you and your smoking friend—approaching your friend if you have a deep-seated hatred for those who smoke affects your approach. It can make you act, express, say, or do something that will close the door to persuasion. You may never compromise on certain things, and being aware of those things and your emotions about them can help you to develop a clear path toward influencing a target.
These five fundamentals are key to understanding influence and persuasion. Being able to create an environment where a target wants to do what you are requesting is the goal of persuasion, and these five fundamentals will help you create that environment. The next section examines how social engineers use these fundamentals.
Influence Tactics
As mentioned, social engineers must practice the skill of persuasion until it becomes part of their everyday habits. This doesn’t mean that they must influence everyone in everything they do, but being able to turn this skill on and off at will is a powerful trait of a good social engineer.
Influence and persuasion have many aspects you can use and many that fit easily into an audit. Other aspects might not fit too easily, but hold a very powerful position in the world of influence. The following sections cover eight different techniques of influence that are used often by media, politicians, government, con men, scammers, and of course, social engineers.
Each section provides an analysis of each technique to see how it is used in other areas of influence besides social engineering, as well as takes a closer look at how it can apply to a social engineer.
Reciprocation
Reciprocity is the inherent expectation that when others treat you well you respond in kind. A simple example is when you are walking into a building—if someone holds a door open for you, he expects you to say thank you and then make sure that next door stays open for him as he comes in.
The rule of reciprocity is important because often the returned favor is done unconsciously. Knowing this means that you now have a step up on how you can use it as a social engineer. Before getting into that, though, here are a few examples where reciprocity is often used:
Pharmaceutical companies will spend $10,000–$15,000 per doctor (yes, per doctor) on “gifts” that might include dinners, books, computers, hats, clothing, or other items that have the drug company’s logo on it. When the time comes to choose a drug to support