Social Engineering - Christopher Hadnagy [37]
Suppose then you bring home the paper and as you’re going through it you see an ad with a coupon for the restaurant you want to go to. You simply leave that page folded on the table. Again, maybe your wife sees it or maybe she doesn’t, but chances are that because you left it with the mail, because you mentioned steak, and because she loves coupons she will see the coupon left on the table.
Now later on she comes to you and says, “What do you want for dinner tonight?” Here is where all your preloading comes in—you mentioned the smell, sight, and desire for steak. You left an easy-to-find coupon on the table for the steak restaurant of choice and now it is dinner discussion time. You answer her with, “Instead of making you cook and having a mess to clean up tonight, we haven’t been to XYZ Steaks in a while. What if we just hit that place tonight?”
Knowing she doesn’t like that place all you can hope is the preloading is working. She responds, “I saw a coupon for that place in the newspaper. It had a buy one meal get a second half off. But you know I don’t like….”
As she is speaking you can jump in and offer praise: “Ha! Coupon queen strikes again. Heck, I know you don’t like steak too much but I hear from Sally that they have awesome chicken meals there, too.”
A few minutes later you are on the way to steak heaven. Whereas a frontal assault stating your desire to go to XYZ would have most likely met with a resounding “No!” preloading helped set her mind up to accept your input and it worked.
One other really simplistic example before moving on: A friend walks up and says, “I have to tell you a really funny story.” What happens to you? You might even start smiling before the story starts and your anticipation is to hear something funny, so you look and wait for opportunities to laugh. He preloaded you and you anticipated the humor.
How do these principles work within the social engineering world?
Preloading is a skill in itself. Being able to plant ideas or thoughts in a way that is not obvious or overbearing sometimes takes more skill than the elicitation itself. Other times, depending on the goal, preloading can be quite complex. The earlier steak scenario is a complex problem. The preload took some time and energy, where a simplistic preload might be something as simple as finding out what kind of car they drive or some other innocuous piece of information. In a very casual conversation where you “happen” to be in the same deli at the same time as your target you start a casual conversation with something like, “Man, I love my Toyota. This guy in a Chevy just backed into me in the parking lot, not even a scratch.” With any luck as you engage the target in conversation, your exclamation about your car might warm him up to the questions that you can then place about types of cars or other topics you want to gather intel on.
The topic of preloading makes more sense as you start to analyze how you can utilize elicitation. Social engineers have been mastering this skill for as long as social engineering has been around. Many times the social engineer realizes he has this skill way before he turns to a life of social engineering. As a youth or a young adult he finds interacting with people easy, and later finds that he gravitates toward employment that uses these skills. Maybe he is the center of his group of friends and people seem to tell him all their problems and have no problem talking to him about everything. He realizes later that these skills are what gets him through doors that might be closed otherwise.
When I was young I always had this talent. My parents would tell me stories of how I at five or six years old would strike up conversations with complete strangers, sometimes even walking into the kitchen of busy restaurants to ask questions about our order or inquire how things were being done. Somehow I got away with it—why? Probably because I didn’t know this behavior