- Deception in Social Engineering
- Social-Engineer News
- Upcoming Classes
- What's coming...
- Social Engineering Penetration Tests
We feel like we have been run over by a bus, hit by a truck then
dragged through some tar pits... Ah, yes Def Con must be over. What
an amazing show. The brand new Social-Engineer Village was a huge
hit. Apollo Robbins anyone? Kevin Mitnick? Dave Kennedy? Jordan
Harbinger? umm Will Smith???? The SECTF and the SECTF4KIDS... what
the heck just happened? Stay tuned for more news. We just need to
get through recovery and rehab.
The team at Social-Engineer is really excited to announce our
brand new service - The Social-Engineer Mastermind Group. For
more info click below:
As a member of the newsletter
you have the option to OPT-IN for special offers. You can
Check out the schedule of upcoming
training on Social-Engineer.com
Schedule Coming Soon
We are limiting the number of
attendees in each class to 22 and under, so first come first
- 5 days of ground breaking training (4 Days for Black Hat)
- The Social Engineering Penetration Testing Course guide
- Special tools to enhance your SE practice
- A Chance to take the first ever Social Engineering Pentesting
- Lots more
If you want to ensure your spot on the list register
now - Classes are filling up fast and early!
Do you like FREE Stuff?
How about the first chapter of Chris
Hadnagy's Best Selling Book: Social Engineering: The Art of
If you do, you can register to get the
first chapter completely free just go over to http://www.social-engineer.com
to download now!
If you no longer want awesome social
engineering information you can Unsubscribe
from this Newsletter
Check out the awesome music of Dual Core - IT geek, Rapper
and all around awesome guy...
To contribute your ideas
or writing send an email to [email protected]
What's coming up..
want to listen to our past podcasts hit up our Podcasts Page and
download the latest episodes.
Want to say thank you to our
sponsors this month
Spy Associates for continually giving us some awesome products
to test out.
- The EFF for supporting freedom of Speech
A special thanks to our
John 'J' Trinckes,
Check out Robin Dreeke's amazing book called "Its
Not All About Me" packed with the top 10 techniques to building
rapport fast. It is an awesome book!
Your Web: Deception and the Social Engineer
A tiny arachnid that is a master of deception has
been discovered by naturalist Phil Torres at the Tambopata Research Center in
Peru. The spider, most likely a new species, builds a larger decoy
in its web using pieces of leaves and debris. It then shakes the
arranged bits to possibly discourage and defend against predators.
Although other spiders in the Cyclosa genus have been documented
displaying less complex decoy-building behavior, this deceptive
creature's ploy is unique. This i s an exotic example of animal
behavior, but it is an interesting place to begin a discussion about
the use of deception.
What is deception?
Making something (a situation, a person, etc.) appear to be what
it’s not is a useful and necessary tool for social engineers. From
the telling of outright falsehoods to the more subtle use of
omissions or even props to communicate a specific message, deception
can come in many forms. It is the responsibility of the social
engineer to manage that communication, keeping in mind the overall
goal of influencing the target. Intent plays a major role in how and
when we employ deception. At Social-Engineer, Inc., we always stress the
importance of making sure your target feels better for having met
you. This tends to be a wise business decision and good rule of
thumb in human relationships. Clearly, the method you choose for
deception can make a huge difference in how the target feels once
the engagement is complete.
Deception For Sale
Paladin Deception Services is a Minnesota-based
company that promotes it services to lie and deceive others for
their customer's gain. Timothy Green is the founder and a former
private detective who believes that people benefit greatly from
having an ally; not only to lie for them, but to corroborate
falsehoods that may help others achieve some desired goal. False job
references, vacations disguised as sick days, and lies about skills
and aptitude are some of Green's previous work. Although the
legitimacy of such a company will always be called into question by
some, Green does appear to offer these services to those willing to
pay the fees.
In another example of a blatant lie, two Connecticut men claiming to have a gun, kidnapped
another man demanding that he accompany them to a bank and open his
safety deposit box to repay a debt. The assailant that had claimed
to have a gun was caught as the robbery was underway. He did not
have a weapon.
In an amusing (and less malicious illustration), young women in
China are apparently advised to wear stockings that are designed to
appear as if the wearer has incredibly hairy, unshaven legs.
‘Anti-pervert’ hairy stockings are apparently popular in China
according to the NY Daily News. As you can imagine, this is
definitely a nicer way of rejecting unwanted advances than a swift
kick to the face.
Deception as a Social Engineer
Assuming one of our priorities as social engineers is to be able
to continue a relationship with our target despite the use of
deception, here are some things to understand about human
- People can and do deceive themselves. A recent study concluded that people’s
expectations about cause and effect are so strong it can overcome
what their eyes tell them. In another fascinating study, researchers
were able to get half of their participants to falsely recall a hot
air balloon ride from childhood by exposing them to faked pictures
(Wade, K.A., Garry, M., Read, J.D., Lindsay, D.S. (2002) A picture
is worth a thousand lies: Using false photographs to create false
childhood memories. Psychonomic Bulletin & Review, 9 (3),
597-603). Research has proven time and again that people often
change their perception of reality based on a number of factors,
often as a response to external influence.
Once people step over the behavioral barrier and commit an action
however small (for example, help you pick up dropped documents or
provide a small piece of information), they will be more likely to
continue down that path. This was demonstrated in an interesting
study in which it was discovered that people are significantly more
likely to allow strangers intrusive access to their homes after they
had already answered some simple questions on the phone (Freedman,
J.L., Fraser, S.C., (1966) Compliance without pressure: The
foot-in-the-door technique. The Journal of Personality and Social
Psychology, 4 (2), 195-202).
Interesting research, but how does this translate to something
you can use? Consider that knowledge about these two small aspects
of human behavior can dramatically affect your choices for how you
employ deceptive techniques. Understand that it rarely takes more
than a nudge with a good pretext to obtain your goal; the blatant
telling of falsehoods can be unnecessary. This, in turn, will affect
how the target feels both during and after an engagement, and their
willingness to continue a relationship with you. If you become a
master of human behavior, you will become a master of deception and
through time and effort the ultimate social engineer…like our friend
spinning his web in the Peruvian jungle.
Written by: Michele "sn8kebyte" Fincher
We want to thank the sponsors for the
Defcon 21 SECTF
of the newsletter group, you will be the first to receive special
offers to services and products by Social-Engineer.Com.
Also check out our friends at: