Ethical Hacking: Social Engineering

Article Index


Skills Of A Social Engineer


Social Engineering can involve direct interaction with the victim or use technology. Either way, social engineers must have a variety of skills and tools that are used in order to obtain information. The key is knowing which method will work on the victim. Although there are different methods, the social engineer, many times will use Pretexting which is lying in order to obtain information. The social engineer will use different approaches depending on a situation and the victim.
With a direct approach the social engineer simply asks the target for the information. Most likely the social engineer may have taken the time to build a relationship with the victim, and then rehearsed possible arguments for his or her case in order to get the victim to act. With an indirect approach, the social engineer will concoct a believable story. They will try to trigger a reaction such as excitement or fear to fuel the con.
They may try impersonation of someone who needs help in another department. In this approach, it's important to have an understanding of the target's environment to have more credibility. For example, if the target is in a medical facility, some knowledge of medical terms might be helpful. The social engineer may call someone and pretend to be angry in order to get a response. No one likes dealing with someone who is upset, so the victim may give up the information in order to get someone off the phone.
The social engineer may play the nonchalant approach. For example, being dressed up as a janitor and casually ask if they can empty the trash or clean the desk's surface. Many employees will say sure, and get out of the way, in order to get out of their office for a few minutes. The social engineer may play the authority figure, or reference someone who gave them authority to act. For example, they may call someone and say, "Before Mr. Smith left for the conference, he said I should call you in order to get the latest stats for the third quarter." Now, the social engineer will have checked with Mr. Smith's office to establish that he is going to be out in order to validate the request.
In addition to having psychological skills, the social engineer must be able to read and convey nonverbal communication, and possibly generate emotional reactions. They'll need to understand proxemics, or how close do you stand to someone. Body posture, how you stand. Hactics, or the use of touch. Eye contact, or facial expression. The social engineer is aware of non verbal communication skills, and has most likely rehearsed his or her scam.
Possibly with another social engineer, or they may have done this before. They'll also need some theatrical skills such as, gesturing, or communication using the body or hands. Covering the mouth. For example, a full hand over the mouth will indicate shock or surprise, or something as simple as the head tilt, which is a sign of interest or curiosity. Social engineering has a strong overtone of psychology with a mix of theatrical skills, rehearsed and perfected to achieve a goal, and can be a valuable tool to obtain information in an organization.
Click Next Down For The Next Chapter
Leave a comment