What is Social Engineering?
Social Engineering is a scam artist’s best trick. It’s pretty much as it sounds, you engineer society in order to do things you shouldn’t. A few common examples would be wearing a safety vest and hardhat to sneak onto construction sites for urban exploration, wearing a lanyard and carrying a clipboard to get backstage of a concert without being asked uncomfortable questions, etc. These are just simple examples, you dress the part of someone who belongs where you’re going, and you just walk in. It can get a lot more complicated than that, with benefits to match.
Ok, how is it useful for me?
Social engineering more than just playing dress up to get behind the scenes of some concert. You can use these tricks to get ahead in life. Getting the upperhand in a job interview or promotion. Maybe making yourself appear more desirable to a romantic interest. Or some more nefarious means such as scamming, corporate espionage, etc. In every single encounter with another human being, there is an opportunity for social engineering to be used for your benefit. It’s about looking for the chance and taking it without any hesitation.
You have me hooked, *how* can I use this?
Let’s get into the nitty gritty, what the actual *actions* that you can do? One simple trick is reciprocation. It’s one of the most basic concepts but can take you far. Do a small action for someone and they will do something for you in return. The opposite is true too. If you want to build rapport with someone, ask them to do something small for you. They view you as more likeable. Other things to build rapport would be copying mannerisms and body language in a way that is natural. Think of when someone is in a foreign place and meets someone from the same place as them. Instant friends! That’s what you’re going for. You want to seem familiar. Life is about socialness. If you can make people feel comfortable with you, that’s an open door that might’ve been closed otherwise. Many job interviews have been aced not by what’s on the resume but by how the interviewer feels about the interviewee.
How social engineering can help with illicit gains
Reciprocation is a huge tool and is widely used. Simple things such as holding the door for somebody makes them feel as if they have to hold the next door for you. Useful if the first door can be opened by anyone and the second requires a cardkey, which they have and you don’t. Maybe you lost yours and don’t want to tell your boss or maybe you’re trying to get your hands on some vital information from a competitor. And getting past that receptionist that has never seen your face before? Pretend to be mildly annoyed at someone on the phone. People are less likely to go up to someone if they are on the phone and not being in a good mood helps to deter them more.
Anywhere that you can perform some small service to someone is an opportunity to get them to unknowingly give you something you shouldn’t be having. Whether that be information or access to somewhere, both physical and cyber. These small acts can be everyday occurances such as the previous example of holding a door, or it can be created on the spot by you. For example, you’re pretending to be the new IT guy at a company. You have the outfit, you’re in an area accessible only to staff, etc. You know that everyone does non work related things at work so you go up to someone as say their computer will be remotely accessed for diagnostics, but to not worry as they can keep working during this time. While explaining this you mention that you don’t tell your superior about any non work related sites they may have visited. And right there you just created a situation where you are doing them a small favor. Because of that obligation to reciprocate, they may log in somewhere for you (or even outright give you the credentials). Or show you the way to the server room because you’re new and “forgot”. Point is, these opportunities are everywhere and ripe for the picking.