July Newsletter 

Volume 03 Issue 34  

In this issue

  • Enclothed Cognition
  • Social-Engineer News
  • Upcoming Classes
  • What's coming...
  • Social Engineering Penetration Tests

Social-Engineer News

Vegas is only a week and some change away.  The first ever Black Hat Social Engineering Class is about to kick off!

Many are asking how they can get some awesome Social-Engineer Schwag... we have opened up a new SCHWAG Store for those of your coming to Defcon 20!


Join Chris at Hack France for a couple speeches and some good ol'fashion french hacking fun!


Social-Engineer.Com has launched their Social Engineer Penetration Testers course. It is literally the first of it's kind. As a subscriber to the newsletter you are getting first dibs on knowing where and what is happening.

REGISTER NOW!

Nov 2012 Bristol UK - Some Seats Still Available

Detroit MI - March 4-8, 2013

We are limiting the number of attendees in each class to 22 and under, so first come first serve.

  • 5 days of ground breaking training
  • The Social Engineering Penetration Testing Course guide
  • Special tools to enhance your SE practice
  • A Chance to take the first ever Social Engineering Pentesting Certification
  • Lots more

If you want to ensure your spot on the list register now - Classes are filling up fast and early!


Do you like FREE Stuff?

How about the first chapter of Chris Hadnagy's Best Selling Book:  Social Engineering: The Art of Human Hacking?

If you do, you can register to get the first chapter completely free just go over to http://www.social-engineer.com to download now! 
 


UNSUBSCRIBE by sending an email to [email protected]




Check out the awesome music of Dual Core - IT geek, Rapper and all around awesome guy...


To contribute your ideas or writing send an email to [email protected]





What's coming up..

If you want to listen to our past podcasts hit up our Podcasts Page and download the latest episodes.

Want to say thank you to our sponsors this month

- Spy Associates for continually giving us some awesome products to test out.


- The EFF for supporting freedom of Speech

- Want a very cool website? Check out Social-Engineer.Org's graphic and web dev at Tick Tock Computers.



A special thanks to our Editor:

John 'J' Trinckes, Jr

Check out Robin Dreeke's amazing book called "Its Not All About Me" packed with the top 10 techniques to building rapport fast. It is an awesome book!

 

 


 

Enclothed Cognition - We Are What We Wear

One aspect of social engineering that we have not discussed much in the annals of this journal is how clothing affects us as social engineers.  Some of the questions that might come up are:
1.              Is clothing really that important?
2.              What affect can clothing have on the target?
3.              What affect can clothing have on the social engineer?

Is Clothing Really That Important?
Now of course clothing in itself is important, but what role does it play for you as a social engineer?  Imagine this scene… A young man approaches the front desk and identifies himself as a tech support representative called to fix a server issue.

What did that young man look like?  What was he wearing?  In your mind, you probably pictured his outfit based on what you have seen with support reps in the past.  Was he wearing khaki’s?  A Polo shirt?  Did he have a small bag with some tools and laptop in it?

How about this scene?  You are sitting on a bench like table in your doctors office waiting to be seen by your doc… you are trying to figure out how to describe the problem you are having and your doctor comes in and greets you.

What did your doctor look like?  Was the doctor wearing a white coat?  Did the doc have pens or other utensils in his pocket?

This is important to ponder as if your doctor walks in the office with jeans and t-shirt on, you may wonder about his credentials.  You may even feel inclined to view him as less knowledgeable and not trustworthy.  This leads us to the next question….

What Affect Can Clothing Have on the Target?
Picturing that scene above shows that we have some expectation for the clothing to match the job.  If we went to the mechanic and he was wearing a 3-piece suit we would be leery to leave our car with him.  If we went to a restaurant and the chef was dressed like the plumber… would you eat there?

It is obvious that we have these expectations rooted in us.  We want, maybe even as far as we need the person to match our expectation in dress in order to make the whole package acceptable.

How do we use this as a social engineer?  If we are going to be doing any onsite social engineering endeavors it is vital that we research what the local people expect your pretext to be wearing.  It is important to be aware of the little nuiances that your target expects.

In our podcast with Ellen Langer, a noted doctor and psychologist, she spoke about what she calls mindlessness.   Mindlessness is the state most people operate in, if we remove a person from that state of mind we make them think about their jobs.  As social engineers we do not want people to be removed from their mindless state and notice us… our dress, if fitting their expectations, can kept that mindless and us happy.

But what about us…..

How Can Clothing Affect the Social Engineer?
This is where things get really interesting.  A group of scientist got together in Northern University and did an amazing piece of research.  Hajo Adam & Galinsky collected willing participants and showed them two white coats.

The first white coat was one commonly worn by a doctor and then another one that a painter would wear.  The first control was to find out how this group viewed the two different coats.

Most participants felt that the white coat worn by a doctor showed focus, attentiveness, carefulness and responsibility.   Where as a painters coat did not resemble these traits.

They ran three experiments:  1.  They tested if there was a difference in whether the participants wore a lab coat or not or 2 & 3. The tested not only if they wore a lab coat but changing the frame of what it stood for.

To quote the study: “Overall, we hypothesize that wearing a piece of clothing and embodying its symbolic meaning will trigger associated psychological processes. “

It appears their hypothesize is correct.  Again to quote this study on the term they coined, “Enclothed  Cognition”:

“The current research provides initial support for our enclothed cognition perspective that clothes can have profound and systematic psychological and behavioral consequences for their wearers. In Experiment 1, participants who wore a lab coat displayed in- creased selective attention compared to participants who wore their regular clothes. In Experiments 2 and 3, we found robust evidence that this influence of clothing depends on both whether the clothes are worn and the symbolic meaning of the clothes. When the coat was associated with a doctor but not worn, there was no increase in sustained attention. When the coat was worn but not associated with a doctor, there was no increase in sustained attention. Only when a) participants were wearing the coat and b) it was associated with a doctor did sustained attention increase. These results suggest a basic principle of enclothed cognition: It involves the co-occurrence of two independent factors—the symbolic meaning of the clothes and the physical experience of wearing them. “ - Adam, H., & Galinsky, A.D., Enclothed cognition, Journal of Experimental Social Psychology (2012), doi:10.1016/ j.jesp.2012.02.008


Do you need to re-read that?  This is a very important study for social engineers.  When the participants wore a coat that they felt or were convinced was a doctors coat it increased their ability to “pretext”, act or be like a doctor.

This study shows us that what we wear can and does affect our actions when we are in an engagement.  But does this just apply for onsite social engineering?

For decades sales professionals have talked and written books on concepts like  “Dress for Success” and shows like “What Not To Wear”.  The concepts promote that what we wear affects or nonverbal and verbal communications.  Yes, even when we are on the phone it can have an affect.  Many telesales agencies will make their employees dress professional when they will never meet their customers face to face because it has been proven to help promote a professional atmosphere.

What Can You Do?
As a social engineer, take this research seriously.  Are you planning a phone elicitation gig for a client next week, try dressing the part of your pretext on the phone.  Notice how it makes you feel and act.

Each day as we begin to understand the human psyche more deeply we are able to see where and how people are so easily tricked, influenced and duped.  Understanding this helps us to plan and educate ourselves, our families and our companies to be able to escape from mindlessness and become critical thinkers.

Till Next Month….

written by:  Chris "loganWHD" Hadnagy


 

As part of the newsletter group, you will be the first to receive special offers to services and products by Social-Engineer.Com.


 

Gold Sponsor for The Social Engineer CTF at Defcon 20:

Sponsoring our Kids SE CTF at Defcon 20:

qualys sponsor Sponsors

Also check out our website sponsor: