Social Engineers: Sales People
From Learn to be a true Social Engineer
Sales People can often use pretexting to gain information about your company and what they are looking for. It is very common for sales people to do competitive research to find correct price points or what competitors are doing. These tactics can also be used in an example such as, posing as a sales person offering security cameras. You can ask some questions about their current systems and gain some information about them. If they have some then you can pose as a customer to the vendor of those cameras to find out some of their capabilities and limitations. This role can be played like many of the other impersonation roles. You play a part and take advantage of someones need.
Sales people are very good about elicitation. This is how good sales people earn a living, try to find out as quickly as possible if they have what you are looking for. Sales people will ask leading questions to try and persuade you to buy what they have to offer and limit the items that you may have to look through in order to find what you want. It is common for Sales People to listen to your wants and address the good points about their product or service that matches your needs. They will use this technique to get a better understanding of what a customer may have or what they do not have. If you are in the market for certain items this could be especially dangerous interchange especially when your are talking about security items such as home security systems, auto security systems, or computer/network security systems.
Passive Information Gathering
Sales people have other methods for gathering information about potential customer that involves aspects of Social Engineering. The will engage in forms of passive information gathering techniques such as look at potential customer websites, perform Google searches on sales people, or look at local news papers or press releases. This is a great way to find a target market for your products or to be able to meet a potential customers needs. Some major companies will solicit for sales of products or services through a Request for Proposal (RFP). RFP's can provide very specific information about a service or product that they need. These are very useful things and can even help sales people possible frame a new service or find out what competitors are doing in their field. However, this process can reveal sensitive information about the company putting out the RFP.
Sales people or even sales engineers are giving un-usual access to sensitive areas while performing pre-sales work or network evaluations. They need to set things up for presentations or other "work" that needs to be done to accomplish their tasks. While in some smaller companies you may have a more difficult time with this, the strategy is the same. Once you are in the building on official sounds business you are grant access or have inside resources available to you to carry further information gathering or exploits.
Sales people can be aggressive and persistent with their questioning. "Don't take no for an answer" is sometimes their moto. Most sales people are not malicious but you can never be too careful when you are dealing with sensitive topics. To protect yourself from some questionable tactics, your should follow a few simple rules.
- Never disclose sensitive information about yourself or your company to sales people.
- Do your homework on what you are really looking for and write down specific questions that you have for the sales person. You control the conversation.
- If you are a company providing a Request for Proposal, have a non-disclosure agreement signed by prospective companies prior to giving out information about your project
- ↑ http://en.wikipedia.org/wiki/Sales
- ↑ http://www.social-engineer.org/wiki/archives/Sales/Sales-Fundamentals.htm
- ↑ http://www.social-engineer.org/wiki/archives/Sales/Sales-Successful.htm
- ↑ http://www.social-engineer.org/wiki/archives/Sales/Sales-ColdCalling.htm
- ↑ http://www.social-engineer.org/wiki/archives/Sales/Sales-Consultant.htm