Social Engineering

Social engineering is a very uncommon term, as I bring it up with people, it's interesting to see their reaction, as most people think that it's a term that I have created, so they just play along. The truth is, social engineering is a hacker's most valuable tool. It can be used to gain anything that a hacker wants, as long as it is executed properly.

As I stated in my last post. if you can get your opponent to believe that you should know, or no harm will come from you knowing, you have essentially won. Now, this mainly consists of false trust. This is developed by you making your opponent think that you are close and honest to him/her. The more trust he/she has for you, the better. This is a very complicated topic, so I will provide an example.

• If you call an ISP claiming to be the CEO for a corporation that receives internet services from them, you must be friendly, make the operator think that you care about them. This is for two reasons, this is not normal for them, being that they low status, they expect to be treated as such, also, if you do specific things, such as remember their name, and ask them how their day is, they feel important. The human psyche can be manipulated by simply doing something out of the ordinary. Of course, you need a reason to be calling them. I would suggest "the internet is going slow." If you seem dumb, it can be useful for when you claim that you forgot some information.
  
• Now, being "the CEO" if you call back at a later day and ask to speak with them, and greet them by their name, this is also out of the ordinary. Already they are willing to be more open with you regarding information. After you do this a few times, you can attack.
• So now that you are friends with the operator, and have called them a few times, been friendly, found out a little about them. You can simply tell them something to the effect of "I'm sorry to bother you about this, but I seem to have forgotten my login and password, could you refresh my memory?" At this state, he/she will probably respond with "yeah, sure, one moment please." Because he/she is talking to a "CEO" they should be more than happy to help. The only trick is making sure that he/she knows you well enough at that point where he/she doesn't need to ask for verification. If he/she asks you for the last four digits of your SSN, then you hang up, and you've lost.

Now, if your opponent is too smart for their position, then you can run into problems. Such as if they decide to test you early into the conversations.