Social Engineering - Christopher Hadnagy [88]
Being a good listener might sound easy, but when you are in the heat of the moment, your end goal is to gain access to the server room, and you are listening to a story by a few employees out for a smoke break who you plan on following into the building, truly listening can be hard.
Yet it is during these times you might want to really listen. Maybe Susan starts to complain about her manager in HR, Mr. Jones. She tells a story about how short he has been with her lately and how she is fed up with it. Then her fellow smoker, Beth, says, “Well you should come over to the paradise of accounting. It is filled with jerks there, too.”
Maybe this just sounds like the complaining chatter of two tired and ticked-off employees. Or is it more? You have both of their names, the name of a manager, the names of their departments, and some idea of the general demeanor of some of the employees. This information can be very valuable later on if you need to provide proof of your validity for being inside the building.
Often the way someone says something can tell you a lot about the person, but applying this will require a lot of listening. Is the person angry, sad, or happy? Did she speed up or slow down in her delivery? Did he get emotional or did his emotion trail off? Paying attention to these types of things can tell you a lot more than the words at times.
So how can you become a great listener?
The following steps can help you perfect your listening skills. These tips can assist you not only in social engineering but also in life, and when applied to a social engineering audit can make a world of difference.
1. Pay attention. Give your target your undue attention. Do not fiddle with your phone or other gadget. Do not drum or tap your fingers. Try to focus intently on what is being said, looking at the person speaking. Do this in a very inquisitive way, not in a scary, “I want to stalk you” way.
Try hard not to think ahead and plan your next response. If you are planning your next response or rebuttal you will not be focused, and you may miss something important or give the target the impression you don’t really care. This can be very hard to control, so perfecting this tendency will take some serious work for most people.
Also try to not be distracted by environmental factors. Noise in the background or a small group laughing about something can shift your focus; do not allow that to happen.
Finally, pay close attention to what the speaker is not saying, too. The body language, facial cues, and other aspects of communication should be “listened” to intently.
2. Provide proof that you are listening. Be open and inviting with your body language and facial expressions. Nod once in a while, not too often, but often enough to let the target know you are there. You don’t want to look like a bobble head doll, but you want to let the target know you are “with him.”
Don’t forget the all-important smile. Smiling can tell the target you are with him mentally and you understand what he’s saying. As with paying attention mentioned earlier, add small smiles when appropriate. If the person is telling you her dog just died, nodding and smiling will most likely get you nowhere.
3. Provide valuable feedback. Letting your personal beliefs and experiences filter the message coming your way is all too common. If you do that you may not truly “hear” what the speaker is saying.
Be sure to ask relevant questions. If she is telling you about the blue sky then you say, “So how blue was the sky?” will not be effective. Your questions must show you have been actively listening and have the desire to gain a deeper understanding.
Every now and then mirroring or summarizing what you have heard can work well, too. Don’t recite the conversation like a book report, but recapping some of the main thoughts can help the target see you are in tune with the message.
4. Do not