Social Engineering - Christopher Hadnagy [75]
What it boils down to simply is that as a social engineer auditor you must learn to use a person’s microexpressions to determine whether he is presenting the truth or a lie and to determine whether you are affecting the target the way you want. In some cases you can even use certain expressions to manipulate the target into a certain state of mind.
Remember, microexpressions alone are not enough to determine why an emotion is occurring. Determining that someone is angry or sad, for instance, doesn’t tell you why that person is angry or sad. Be cautious when using microexpressions to take into consideration all factors to determine, as closely as possible, the reason for the emotion.
Malicious social engineers employ these tactics of using microexpressions discussed in this section but their goals are completely different from those of a social engineer doing an audit. They often don’t care about the residual effect on the target. If damaging a person’s belief system, psychological stability, or even job stability can lead the malicious social engineer to a payday he will take that path.
Earlier in this book you read about some scams that came up during the attacks in New York City after 9/11. People who saw an opportunity to cash in on people’s sympathy and the tragedy that occurred didn’t seem to care whether their actions hurt others. Many came out of the shadows claiming to have family who were lost in those attacks. Some of these malicious people received money, gifts, sympathy, and even media attention only for it to be discovered down the road that the stories were all false accounts.
The malicious social engineer spends a lot of time learning about people and what makes them tick. This knowledge makes locating an acceptable target to attack easier.
This section just scratched the surface of microexpressions; the work of many professionals in the field has filled volumes. Seek out training, become proficient in reading and using microexpressions, and you will see an increase in your communication abilities with others. In addition, this proficiency will enhance your ability to have success in your audits.
Neurolinguistic Programming (NLP)
Neurolinguistic programming (NLP) studies the structure of how humans think and experience the world. It is very controversial in itself because the structure of NLP does not lend itself to precise, statistical formulas. Many scientists will argue or debate the principles of NLP due to this fact, but the structure does lead to models of how the principles work. From these models, techniques for quickly and effectively changing thoughts, behaviors, and beliefs that limit people have been developed.
As stated in Wikipedia (source: Oxford English Dictionary), neurolinguistic programming is “a model of interpersonal communication chiefly concerned with the relationship between successful patterns of behavior and the subjective experiences (esp. patterns of thought) underlying them,” and “a system of alternative therapy based on this which seeks to educate people in self-awareness and effective communication, and to change their patterns of mental and emotional behavior.”
This book is far from a self-help book, so although the principles in it can assist in changing deep-seated thought patterns and habits in yourself, its focus is on how you can use NLP to understand and then manipulate those around you.
If you are unfamiliar with NLP your first instinct may be to run to a computer and type the term into Google. I want to ask you not to do that just yet. You will find that similar to social engineering, what you will often find first are many videos and demonstrations that just seem very unrealistic, such as videos of someone touching