Social engineers play to people’s wants and needs, focusing on the mental triggers that can make a person do something.
Human Needs
Appreciation
People with this need tend to behave in a way that benefits others and improves the well-being of those around them. Simple things such as giving a compliment or saying Thank You is enough to fuel their need temporarily. They also respond well to comments about how much they improve the lives of others.
Approval
We all seek approval, but some people have a stronger need than others. They change their positions to get approval when someone has a different opinion. They are less likely to complain when they receive poor service. You can notice their language patterns contain unnecessary apologies such as “I’m sorry, but…”
They also respond strongly to disapproving or indifferent attitudes of authority and work harder to gain approval from this behavior.
Acceptance
They are similar to those who constantly seek approval, but the difference is they change behavior to be accepted by a group or culture.
Protection
These people are in need to feel protected. They have an extra lock on their doors, look around before using ATMs, carry a gun, have long and confusing Wi-Fi passwords, and can be easily persuaded by anyone offering them information or products to increase their level of protection.
Strength
A need to be seen and feel as strong. It is driven mostly by a fear of harm, fear of being dominated or being publicly exposed as weak and insignificant. Any offerings of information to enhance their social standings and images of personal strength will open doors no one else has access to.
Intelligence
The need to be seen as intelligent. These people display books in visible places at their homes and do anything to show people how smart they are. They are willing to demonstrate their knowledge about subjects they are most familiar with. You should notice a visible change in their facial expressions when you elicit information about topics with which they are familiar.
Pity
These people want attention. You will hear them telling stories of their misfortunes, their bad luck, and how they have been victimized by people or organizations. You might have noticed when some people reply in a conversation with “related” stories of how they had it worse than you did. If you offer any sort of advice or guidance, you will break rapport. The solution to making them open up is by confirming their statuses as victims and offering condolences for their bad luck.
Success
They show that they have achieved something great. They are motivated by their definition of success and are less prone to seek confirmation outside themselves for their sense of status.
The Laws of Human Behavior
1. Every human being is suffering and insecure. The better you become at reading human behavior, the more you’ll see evidence of it.
2. Every human being wears a mask.
3. Everybody pretends they don’t wear a mask.
4. Every adult is a product of childhood suffering and reward. We are a product of what happened to us when we were kids.
The Principles of Pretexting
Pretexting is presenting yourself as someone else to get private information. It is more than creating a lie; sometimes, you need to create a whole new identity. It can also be used to do jobs you would never otherwise have done. Over your career as a social engineer, you will develop several pretexts, depending on the project you have taken on.
One tip that might help you is taking acting classes. Method acting can help you learn to step out of your comfort zone, get into character, and learn what’s needed to plan and execute the pretexts.
What are the principles?
Thinking through your goals – On the information gathering phase you look for relevant stories, news, hobbies, likes, dislikes, events… That information can tell you a lot about which pretext to choose.
Use pieces of information from your own life – Your pretext should be based on facts, emotions, and knowledge you already possess or can easily fake.
Knowing how far to go – In deciding how much detail to create, just remember the four important questions.
Who are you? I am a safety inspector sent by corporate to do a very quick audit to ensure all policies are being followed.
What do you want? I just need about 15 minutes of your time to do this quick audit.
Are you a threat? No one is in trouble at all.
How long will it take? Hopefully less than 15 minutes.
Execution – When you are out there, anything can happen. That’s why you need to analyze different scenarios where things aren’t going your way and figure out a solution.
Framing
Suppose that someone tells you “25% of people who trade Forex make profits.” The hidden fact is that 75% of traders do not make a profit. That person is framing the fact in a way that makes it more appealing.
Former US President Donald Trump used framing to discredit former US President Barack Obama. Instead of talking about the jobs created, he focused on the presumably high number of unemployed people while in fact, that number was higher before the election of Obama. Politicians present the facts in a way that is favorable to them.
Social engineers use framing by aligning the reality and expectations of their target. A social engineer needs only to fit the frame of the target.
For example, a guard is aware of the frame of securing the building. However, the guard will treat other people such as salespeople or any staff members differently.
You can match the clothing and communication of a new employee and it will go unnoticed because it fits the frame of the target.
In order to use framing right, you need to stick to 4 rules:
1. Say things that invoke a frame. Human brains typically picture things when they think about them. Great novel writers have an amazing ability of painting images in the minds of their readers.
Social engineers also strive to have this ability. They tend to be descriptive in their conversations. By doing so, they paint a picture in the target’s brain and this takes away attention from them to the mental picture being drawn.
The target is occupied with this picture and overlooks the details about the social engineer.
2. Use definitive words to evoke frames. It’s where you don’t mention something but imply it.
The target is given an additional task to find out what the social engineer is talking about whilst being bombarded with even more information.
While the target is focused on the mind puzzle, the social engineer can plant some ideas in his brain.
3. Negate a frame.
Frame negation can be used by social engineers to get people to do things they have prior information not to do.
If a social engineer under the pretext of a repairman walks into an organization and drops a thumb drive with malware, there is a slim chance that employees will insert it into their computers even if they have been informed not to.
The social engineer may talk with a couple of people and tell them he heard a senior staff member asking around for a thumb drive lost with some sensitive files.
The employee who finds the malicious drive will instinctively insert it into his computer to see if it is really that thumb drive.
The social engineer will have negated the frame in the organizational security policy that employees should not randomly pick up thumb drives and insert them into their computers.
4. One should lead a target to think about things that reinforce a frame.
The more a target thinks about something, the more it is reinforced in his brain. News media are the masters in manipulating people by the means of framing. The media can omit some details about a story to lead people to form a conclusion that would be quite different if all the details were given.
You Might Like Jordan Belfort – Straight Line Cert 4.0
