• Choose a category
• All
• Classic-Fiction

Security training and corporate security policies need to strengthen that link.

chapter 4

Building Trust

Some of these stories might lead you to think that I believe every one in business is a complete idiot, ready, even eager, to give away every secret in his or her possession. The social engineer knows that isn’t true. Why are social engineering attacks so successful? It isn’t because people are stupid or lack common sense. But we, as human beings, are all vulnerable to being deceived because people can misplace their trust if manipulated in certain ways.

The social engineer anticipates suspicion and resistance, and he’s always prepared to turn distrust into trust. A good social engineer plans his attack like a chess game, anticipating the questions his target might ask so he can be ready with the proper answers.

One of his common techniques involves building a sense of trust on the part of his victim. How does a con man make you trust him? Trust me, he can.

TRUST: THE KEY TO DECEPTION

The more a social engineer can make his contact seem like business as usual, the more he allays suspicion. When people don’t have a reason to be suspicious, it’s easy for a social engineer to gain their trust.

Once he’s got your trust, the drawbridge is lowered and the castle door thrown open so he can enter and take whatever information he wants.

note

You may notice I refer to social engineers, phone phreaks, and con-game operators as “he” through most of these stories. This is not chauvinism; it simply reflects the truth that most practitioners in these fields are male. But though there aren’t many women social engineers, the number is growing. There are enough female social engineers out there that you shouldn’t let your guard down just because you hear a woman’s voice. In fact, female social engineers have a distinct advantage because they can use their sexuality to obtain cooperation. You’ll find a small number of the so-called gen tler sex represented in these pages.

The First Call: Andrea Lopez

Andrea Lopez answered the phone at the video rental store where she worked, and in a moment was smiling: It’s always a pleasure when a customer takes the trouble to say he’s happy about the service. This caller said he had had a very good experience dealing with the store, and he wanted to send the manager a letter about it.

He asked for the manager’s name and the mailing address, and she told him it was Tommy Allison, and gave him the address. As he was about to hang up, he had another idea and said, “I might want to write to your company headquarters, too. What’s your store number?” She gave him that information, as well. He said thanks, added something pleasant about how helpful she had been, and said good-bye.

“A call like that,” she thought, “always seems to make the shift go by faster. How nice it would be if people did that more often.”

The Second Call: Ginny

“Thanks for calling Studio Video. This is Ginny, how can I help you?”

“Hi, Ginny,” the caller said enthusiastically, sounding as if he talked to Ginny every week or so. “It’s Tommy Allison, manager at Forest Park, Store 863. We have a customer in here who wants to rent Rocky 5 and we’re all out of copies. Can you check on what you’ve got?”

She came back on the line after a few moments and said, “Yeah, we’ve got three copies.”

“Okay, I’ll see if he wants to drive over there. Listen, thanks. If you ever need any help from our store, just call and ask for Tommy. I’ll be glad to do whatever I can for you.” Three or four times over the next couple of weeks, Ginny got calls from Tommy for help with one thing or another. They were seemingly legitimate requests, and he was always very friendly without sounding like he was trying to come on to her. He was a little chatty along the way, as well—“Did you hear about the big fire in Oak Park? Bunch of streets closed over there,” and the like. The calls were a little break from the routine