Social Engineering - Christopher Hadnagy [193]
Use those situations as teaching tools. Analyze the methods that marketers, psychologists, counselors, teachers, and even coworkers use to try to manipulate you. Pick out points that you think you can learn from and put them into your arsenal.
Remember that persuasion is not always negative: It doesn’t always have to mean getting someone to do something they don’t want. Persuasion can have very positive effects, and many times, positive persuasion is much more difficult. If you can master those skills and use them to help people stay secure, you will be more readily able to identify when someone is using persuasion tactics in a negative sense.
Be Alert to Malicious Tactics
Being aware of what tactics attackers use will surely keep you from falling victim to them. The professional auditors can use these tactics to educate their customers on what to look for in a possible attack. Be alert to pick out instances of how these are being used.
For example, one tactic the “bad guys” use is to strike during times of trouble. When the planes hit the Twin Towers, the earthquakes hit Haiti, and the tsunami hit Asia, the devastation upon the human population and their lives, psyche, and emotions was insurmountable. During times of people’s vulnerability and weakness is exactly when the bad guys strike.
Let me illustrate it this way: I once read an article that spoke about how lions hunt in the wild. It said that a lion, when it wants to confuse and disjoint a group of prey to choose a victim, will roar towards the ground—not toward the prey or sky, but the ground. Why? It’s because the massive, fear-inspiring roar will reverb off the ground and surround the prey. They become confused by not knowing which direction the lion is coming from. Some will scatter left, some will scatter right, but they will leave their young, old, infirm, and immature herd members open.
The preceding is not too far off from how professional malicious social engineers operate. They “roar” in such a way as to cause or add to the confusion. They use websites that help find dead loved ones after a natural disaster, or claim themselves to have lost family and friends in the carnage. When the emotions of the “targets” are so involved they can’t see straight is when an attack occurs.
The inexperienced and immature (technologically speaking) fall victim first by giving out little bits of information until the attacker has enough to build a profile. That profile helps launch further attacks, and those attacks get more vicious and heartless.
Be alert to these instances, and you will keep your clients and yourself protected from falling victim to them. Also, use these situations as a learning lesson, analyze the methods used, and see whether they worked or failed. Doing so will enhance your ability to be more alert to potential threats.
The unfortunate difference in between a lion and a social engineer (besides the obvious) is that a social engineer gives no audible roar. He is not out there yelling, “I want prey, now run!” Instead malicious social engineers’ sly, subtle attacks trick thousands into their traps each year.
Use Your Fear
Now if this chapter has built any kind of fear in you all I can say is, “good.” You need it. Because healthy fear can save your life, or at least in this case your identity and your business.
Use that fear to motivate change. Don’t get angry and upset. Make a decision to change and to educate yourself, your families, and your companies how to observe, notice, and defend against these attacks. Make a decision to not allow your identities and your companies to be hacked, and then do something