Dec 2012 Newsletter 

Volume 03 Issue 39  

In this issue

  • Give To Receive
  • Social-Engineer News
  • Upcoming Classes
  • What's coming...
  • Social Engineering Penetration Tests

Social-Engineer News 

The team at Social-Engineer is really excited to announce our brand new service - The Social-Engineer Mastermind Group.  For more info click below:


As a member of the newsletter you have the option to OPT-IN for special offers.  You can click here to do that.


Check out the schedule of upcoming training on Social-Engineer.com

REGISTER NOW!

Ireland, April 2013

Detroit MI - June, 2013

We are limiting the number of attendees in each class to 22 and under, so first come first serve.

  • 5 days of ground breaking training
  • The Social Engineering Penetration Testing Course guide
  • Special tools to enhance your SE practice
  • A Chance to take the first ever Social Engineering Pentesting Certification
  • Lots more

If you want to ensure your spot on the list register now - Classes are filling up fast and early!


Do you like FREE Stuff?

How about the first chapter of Chris Hadnagy's Best Selling Book:  Social Engineering: The Art of Human Hacking?

If you do, you can register to get the first chapter completely free just go over to http://www.social-engineer.com to download now! 
 


UNSUBSCRIBE by sending an email to [email protected]




Check out the awesome music of Dual Core - IT geek, Rapper and all around awesome guy...


To contribute your ideas or writing send an email to [email protected]



 



What's coming up..

If you want to listen to our past podcasts hit up our Podcasts Page and download the latest episodes.

Want to say thank you to our sponsors this month

- Spy Associates for continually giving us some awesome products to test out.


- The EFF for supporting freedom of Speech

- Want a very cool website? Check out Social-Engineer.Org's graphic and web dev at Tick Tock Computers.



A special thanks to our Editor:

John 'J' Trinckes, Jr

Check out Robin Dreeke's amazing book called "Its Not All About Me" packed with the top 10 techniques to building rapport fast. It is an awesome book!

 

 


 

Giving To Receive

It’s that time of year again here in the United States of America, a time to be thankful for what we have. A time of giving thanks, sharing food, and coming together with friends and family. The beginning of Thanksgiving is also the start of our Holiday Season, a season of giving. This season of giving is heavily steeped in altruism. As a social engineer, giving is one of the best things you can do... not for karma, but to purposely receive! Reciprocity, in short, is the societal norm that creates the golden rule. When someone does something for us, we feel indebted to them and feel a great desire to reciprocate the gesture in some way [1]. So much so that this feeling overrides most other thoughts. As humans, we will do things for other people, regardless of how we actually feel about them, as long as they have created a situation where we feel we owe them something... even if we did not want the thing or favor the person extended to us in the first place [2]!

As a social engineer, it behooves us to give because it triggers the principle of reciprocation. People become obligated to respond positively to whatever it is you’re trying to get them to do whether it is letting you use the restroom (to deposit a usb key marked “Employee Bonus Schedule”) or purchasing tickets to your child’s bake-a-thon. Robert Cialdini describes reciprocity as “one of the most potent of the weapons of influence around us”, which is quite a statement coming from the guy who literally wrote the book on influence.

Why do we feel such necessity to reciprocate? Reciprocation is hard-wired into us as humans. As we evolved as humans, reciprocity became paramount to our advancement. In tribes and societies, no one person could possess everything necessary for survival so the exchange of goods allowed people to exchange things they had for things they needed. It also allowed for specialization in individuals because it freed the individual from having to rely on obtaining all pieces necessary to survival and, instead, focus on a subset to become an expert. “We are human because our ancestors learned to share their food and their skills in an honored network of obligation”, notes archaeologist Richard Leakey [3]. Further analyzing our societal norm s, what is thought of the person who takes and does not give back? That person is looked at as a moocher. No one wants to be looked at as a moocher and people will go to great lengths to not be seen in that type of way.

Perhaps one of the most illustrative examples of the reciprocity rule in action can be seen in the 1971 experiments conducted by Dennis Regan of Cornell University. Regan’s experiments were conducted on unknowing subjects during what the subjects thought was an experiment on “art appreciation”. The subject was paired with what they thought was another subject taking part in the art experiment. In fact, this person was actually an assistant to Regan. The assistant left the room at one point and returned in two different ways depending on the group the subject was assigned to. For group one, the assistant returned with two Cokes, one for himself and one as an unrequested gift given to the test subject. For group two, the assistant returned empty handed. Every other interaction the assistant had with the subj ect was the same, except the giving of the gift of soda. At the end of the “art experiment”, the subject was approached by the assistant and asked to do a favor. The assistant explained that he was selling raffle tickets at $0.25 each and asked the subject to purchase raffle tickets. Feeling a sense of indebtedness because of the soda given previously, subjects who had received the soda purchased twice as many raffle tickets as those subjects not given a soda! While this is amazing, the second part of Regan’s study really highlights how powerful this principle is.

At the end, Regan asked the subjects a series of rating scale questions to determine how much the subjects liked the assistant. That data was then compared to the data showing the amount of tickets purchased. As you would expect, the more liked the assistant was, the more tickets were purchased in the group that received no gift of soda. Astonishingly, in the group that received the gift, the subject’s feelings about the assistant  made no difference in the amount of tickets purchased! It made no difference that the subject didn't like the assistant, they still purchased the same amount of tickets as the subjects who liked the assistant [2]!

We see reciprocity used almost every day in our normal daily lives. Think about the free address labels you receive in the mail. You know, the cool little sticky labels with the dog picture on it that makes sending letters a breeze because all you do is peel off your address and *viola*, your return address is done. Why do people send you those? Well, they’re always asking you to donate money for something and since they gave you a gift, even unsolicited, their donation rates increase. Or how about the free sample? This can be s een in supermarkets and especially in the big warehouse clubs such as Costco. Obviously, letting a customer ‘try before they buy’ is a good thing and a good way to expose the potential customer to a new product, but this action also triggers the reciprocity rule. You are given a gift and then feel obligated to purchase some product to rid yourself of the indebtedness. [4]

Fans of social psychology (you!) may be familiar with the ‘foot-in-the-door’ technique. This technique is used to generate compliance by first getting a “yes” answer for a small, simple request. We talk extensively about this in our 5-day course called, Social Engineering for Penetration Testers.  In addition, in 1966, Freedman and Frasier showed that getting an initial “yes” greatly increased the chances of getting a “yes” for follow-up requests that are larger in scope [5]. Reciprocal concession is the opposite, but produces the same results. Known also as the ‘door-in-the-face’ technique, reciprocal concession works like this:

Person A: “Hey, will you sponsor me in the walk-a-thon? It’s $1000 to sponsor my walk.”
Person B: “$1000? That’s a lot of money, I can’t do that.”
Person A: “No problem, how about just a one-time charity donation of $20?”
Person B: “$20? Sure.”

What just happened is by Person A lowering his request, he made a concession to Person B. That triggers the social obligation of reciprocation and Person B feels that Person A, by lowering his initial request, gifted Person B, therefore Person B feels indebted to Person A. Pretty cool, eh? In 1975, Cialdini and his colleagues conducted experiments and produced research titled Reciprocal Concessions Procedure for Inducing Compliance which illustrates reciprocal concession and how powerful it can be in gaining compliance. By first aski ng for an extreme favor, compliance for a second (less intrusive favor) was greatly increased. [6]

The easiest and cheapest gift you can give someone is the gift of validation. Robin Dreeke, author of It’s Not All About “Me” and co-trainer of our Social Engineering for Penetration Testers course said, “Being interested in someone and who they are at their core non-judgmentally is the truest form of gift giving and validation." Robin defines three forms of validation: Listening to others, thoughtfulness, and validating thoughts and opinions. Listening means just what it says, the opposite of talking. Everybody’s favorite topic is themselves.

Let people talk about themselves, encourage them even. Ask open ended questions as opposed to questions that elicit a “yes” or a “no” answer. A great example of showing thoughtfulness is to simply carry around hand sanitizer and gum and offer these in appropriate situations to people. In the arena of physical gift giving, choosing just the right gift is extremely powerful. Hand written thank you cards are also very powerful. Validating people’s thoughts and ideas is also extremely powerful. Suspend your ego, ignore your need to be right and simply give validation to people’s thoughts and ideas [7]. See how easy gift giving can be?

Let’s see an example from the trenches where gift giving was paramount to the success of a social engineering engagement. Chris Hadnagy recalls one penetration test, in particular, where giving the gift of information to a secretary allowed him the access he was seeking.

“One time, I was preparing mentally for my approach in the parking lot.  As I walked towards the front, I heard the VP talking on his cell phone.  He was very stressed and emotional and was saying something like, ‘I really dont like today and it just started’....


I walked in to the office door and the secretary's screen was facing just enough towards me that I could see she was playing minesweeper.  I approached, she asked what I needed, and then I said, ‘You don't know me, but the boss is outside and he is ticked about something, you might not want him to see that on the screen when he comes in...’


I then started to tell her what I wanted (to meet HR with a ‘resume’ on a usb key) when he stormed in the front door and said, ‘Lisa, grab my messages and in my office now!’  She ran to his call and in about 5 mins she came out.  Putting her hand on my arm, she said, ‘thank you.  Let me take you right to HR’.”


In a normal situation, Chris would have had to work hard and cleverly to get the secretary to bring him to HR, but the gift made it simple. The secretary felt indebted to Chris and, in turn, extended a favor to him by complying with his request.

As you have seen, the power of reciprocation is a very powerful tool in your arsenal. So powerful, that people will reciprocate and shed themselves of the indebtedness you placed on them even if they don’t like you and even if they never requested the gift in the first place! One caveat to be aware of, there does seem to be a shelf-life on the indebtedness. It’s different in every situation, but does diminish over time. Be careful not to follow the gift up with a request so quickly that it appears obvious. Remember, during this season of giving, the more you give, the more you’ll get.

 

written by:  Eric "urbal" Maxwell 


 

As part of the newsletter group, you will be the first to receive special offers to services and products by Social-Engineer.Com.


 

Also check out our website sponsor: