Social Engineering - Christopher Hadnagy [127]
Whether or not you are a pasta fan, you are picturing a restaurant-quality dish. This is how you should plan your words with your targets. They should be descriptive, robust, and full of pictures. Yet the caution is not to be overly theatrical as a social engineer. Your goal should be to build a picture with your words, not to draw attention to yourself or your delivery.
Rule 2: Words That Are Defined Within a Frame Evoke the Mental Frame
You don’t have to use the exact words to make a person picture the frame you want. For example, what do you think of when you read the following sentence?
“I saw the insect struggle to get free from the web, but he could not. Moments later he was wrapped up in a cocoon and saved for dinner.”
Notice, I didn’t have to mention a spider to make you think of a spider. If I want to frame you into thinking about a spider, I can do it without having to mention the word spider. This powerful rule of influence and framing gives a social engineer the ability to control the target’s thoughts using indirect speech.
Toastmasters, the international organization focused on people’s speaking abilities, teaches its members to move people with their speech by getting their audience’s emotions involved. Delivering a story that causes the target to picture the frame you want while involving them emotionally will solidify your standing in leading that conversation.
Again, using this method of framing will take planning. A powerful aspect to this frame rule is that while a target’s brain is processing the information you are feeding it and generating the mental pictures you are painting, there is a time when you can plant thoughts or ideas. Unlike where I painted a direct picture of a beautiful pasta dish, this rule allows the target the freedom to picture something else.
I could have ended my earlier spaghetti dinner story with, “My wife then served it on a plate of perfectly cooked pasta. What kind of pasta? I am not telling you, you have to picture it,” and when your brain starts to picture it then I can say, “As I twirled it on my fork, the sauce was so thick and perfect it clung to each noodle.”
This description paints the mental picture of spaghetti. What other pasta do you twirl? (I know there are others, but you get the point.)
Rule 3: Negating the Frame
If I tell you to not picture a spider in a web, your brain has to picture the spider first to tell yourself to not picture it.
This technique of negating the frame is powerful. Telling a target to be careful, watch out, or be cautious about something automatically puts them in the frame you may want. This technique is often used by professional social engineers. In one interview I did with a panel of social engineers, everyone agreed that this technique works great.
During one audit, I dropped a few USB keys that were laden with malicious code that I wanted someone in the company to run without thinking. I approached one of the employees who I had gained the trust of and said, “John, I heard a memo was issued to be on the lookout for a few USB keys that have been dropped. They are looking for them now.”
It just so happens that you are in there as a janitor and you dropped the USB keys laden with malicious files, and now by telling people to look out for them, you are in essence planting the seed for them to do your bidding. This kind of a phrase negates the worry they may feel when finding a rogue USB key and cause them to plug it in to see whose it is.
Rule 4: Causing the Target to Think About the Frame Reinforces That Frame
Every time the brain focuses or thinks about something it is reinforced. The more you can make the target think about or picture the frame you want him in, the easier it will be to reinforce and move him to that frame.
Look back at Chapter 2 on communication modeling and analyze how the messages a social engineer will develop can have amazing effects on your targets.
I was once traveling in India. I don’t remember the