Social Engineering - Christopher Hadnagy [192]
Learning the methods and process used to come up with questions that can be used in normal conversation will not only enhance your skills as a social engineer but also as a communicator. People enjoy when they feel others are interested in their lives and their work. Using this skill for the good can enhance your ability as a social engineer.
I have a good friend that gets people to tell her anything. It is uncanny. Complete strangers will, at the end of a conversation, say things like, “I just don’t know why I am telling you all these things...” She is not a social engineer or even in security, but she is a great elicitor.
Mastering preloading and elicitation can enhance your ability to also plan out what you will say. These skills can put your mind in the frame of seeking and gathering information in a more intelligent and less intrusive way.
Have a Good Pretext
Remember that a good pretext is not a lie or a story. Instead you become and live your pretext for a short time. Every fiber of your being—your thoughts, actions, speech, and motivation—should reflect what the pretext would do. If you can accomplish this then your pretext will be believable to the target.
The other thing to remember is that pretexting is used in everyday life, not just in social engineering. Imagine this scenario: You just had an argument with your mate. Now it is time for work. You don’t want everyone to know that things at home aren’t that good this day, so when you go to work and meet your coworkers who say, “Hey Jim how’s it going?” Your reply is, “Awesome. Couldn’t be better.”
That is the opposite of the truth but what do you do to make that believable? Shoot someone a smile, or project confidence via your posture or body language. Depending on how private you are and how much you don’t want to share with your co-workers you might even have a “cover story” to prove how great life is.
This is just one scenario, but people use pretexting all the time. Whenever you are trying to portray a difference from what is reality to people the “cover story” to make it believable is a pretext. Of course, most people aren’t really good at it and are easily detected, but noticing these situations in your life and work will give you a good basis of pretexting to analyze.
Analyzing these scenarios can help you identify areas you want to improve in your pretexts and help you master this very useful skill.
Practice Reading Expressions
I think I can talk for weeks about microexpressions. The topic just fascinates me, and it intrigues me to think that people have built-in mechanisms for displaying our deepest darkest feelings, and most of us will have no control over it. How our emotions cause certain muscles to contract and display a certain expression for milliseconds is just an amazing aspect of creation. But learning how to notice them, read them, and use those very same expressions to manipulate others is something that truly astounds me.
Practice how to recreate the microexpressions discussed in Chapter 5. As you do, notice the emotions the microexpressions conjure up in you. Practicing these expressions will also help you read them when others express them.
As you practice, do not focus just on what it takes to read microexpressions in others but on how to control your own microexpressions and prevent someone using their facial-reading reading skills on you. Remember that reading others is a good skill, but having control over your own microexpressions, body language, and vocal tones is far better. This skill can enhance your security practice as well as your personal relationships. After you master many of those skills, you will begin to see how you can utilize one of the main concepts Chapter 5, the human buffer overflow (HBO). The human mind works much like software, just on a higher level. But it can be fuzzed, examined, and overthrown like software. Re-read that section to make sure you fully understand the principles presented.
Manipulation and Influence
Manipulation and influence are two aspects of social interaction that