Social Engineering is a term used to describe the process of socially manipulating someone into providing information or access to a variety of physical and digital assets. There are a variety of techniques that can be leveraged to be able to successfully perform social engineering. This article is broken into two parts, with the first focusing on the background of social engineering and how to use your skills to manipulate others.
There are a number of categories for the social engineering methodology. We will primarily focus on techniques used when you are directly conversing with others (i.e. over the phone or in person). We will cover three critical exploitation methods in this article; exploiting desire to be liked, exploiting helpfulness and exploiting trust.
By exploiting a desire to be liked, the social engineer will change their behaviour and attitude to become friendly with the target. Much like a car salesperson, this technique relies solely on charisma and a strong ability to hold conversation and be charming. The aim of this technique is to dupe the target into feeling as though they are building a relationship with you, ultimately gaining trust.
The second technique exploits helpfulness and involves targeting newer employees who are generally new to their role and are desperate to make a good impression. These employees are keen to give out information and can be deceived into helping a ‘potential’ or ‘existing’ customer with ease.
Finally, the last method is to exploit trust. Your target will often naturally, and subconsciously gain trust of you if you have a small amount of information specific to your request. Insider knowledge (gained from your research) can have a significant impact on your engagement. This information should not be publicly available and should be semi-secret to the company (e.g. reference numbers etc.). By using these as part of your conversation, the victim will automatically assume that you are legitimate and be willing to help.