Social-Engineer Newsletter Vol 06 – Issue 79

 

 

Vol 06 Issue 79
April 2016

In This Issue

  • Playing Well With Others: Human Interaction 101, “The Bump”
  • Social-Engineer News
  • Upcoming classes

THE NEWS


As a member of the newsletter you have the option to OPT-IN for special offers.  You can click here to do that.


Check out the schedule of upcoming training on Social-Engineer.com

2016 Schedule

If you want to ensure your spot on the list register now – Classes are filling up fast and early!


Do you like FREE Stuff?

How about the first chapter of ALL OF Chris Hadnagy’s Best Selling Books
       

If you do, you can register to get the first chapter completely free just go over to http://www.social-engineer.com to download now!   


To contribute your ideas or writing send an email to [email protected] 


 Special Thanks and Notices:

If you want to listen to our past podcasts hit up our Podcasts Page and download the latest episodes.

A Special Thanks to:

Ace Hackware for their support in very cool schwag and hacker tools

The EFF for supporting freedom of Speech

Check out Robin Dreeke’s amazing book called “Its Not All About Me” packed with the top 10 techniques to building rapport fast. It is an awesome book!


We are adding pages to the framework every day… check out our informational resources like the SE Infographic below.


Chris Hadnagy’s & Michele Fincher’s new book is out and available – Phishing Dark Waters:

Unmasking The Social Engineer:  The Human Side of Security
is an effort that took over 2 years to write with help from Dr. Paul Ekman and Paul Kelly.


Keep Up With Us

Friend on Facebook Facebook
Follow on Twitter Twitter

Playing Well With Others: Human Interaction 101, “The Bump”

Are you a social engineer? Regardless of your profession, the answer is yes! Because we are social creatures living and interacting with others, chances are that you will engage in a number of activities that in one way or another facilitates your existence within human society. Even those of us who prefer the relative interpersonal safety of online interactions will, at some point, emerge to buy a cup of coffee (or horrors!) say hello to the neighbor.  

One of the topics that Chris and I talk about in the  APSE is the importance of the approach, or “bump” in the development of rapport with an individual. How well (or poorly) you execute this can set the tone for the entire interaction, and ultimately, determine its success.

Think about the last time you were approached by a stranger. In all likelihood, a number of questions popped immediately into your head:

  • Who is this person?

  • Are they a threat?

  • What do they want?

  • How much time is this going to take?

If the stranger was able to answer these questions, you probably allowed the interaction to proceed. These questions don’t have to be answered explicitly, but if they’re not addressed to a level of comfort determined by the target, chances of getting one’s way get pretty slim.

866758946ce46f5cadba074a5d8d1e38.jpg

An example of a group who answers ALL of these questions to stunning effect are those little girls you’re probably seeing sitting at tables right now inside your local supermarket. With their sashes, beanies, bright smiles and tempting displays, they answer all of those questions without uttering a single word. In fact, the last time I was approached by one of these demon children I found myself shoving money at her before she even opened her mouth.

But I digress.

Whether in the context of a social engineering engagement or an everyday interaction, the key here is that there is generally a purpose – it could be as simple as getting to know someone, all the way up to and including attempting to influence a decision. But you’re never going to reach that point until you answer those four questions in the mind of your target.

Who are you?

It’s a simple enough question. The answer doesn’t have to be a mechanical, “Hello, I am Doug, your friendly technical support person.” Who you are is communicated in all kinds of ways without you ever saying a word. We people-watch (and more often in the age of technology, eavesdrop) all the time, and often come to conclusions about who we observe. Are they married? Educated? Nice or mean? In a social engineering engagement, the keys are congruence and playing to stereotypes, as painful as that may be. Everything about you (attitude, appearance, language, etc.) should confirm your pretext, and most importantly, not cause any additional questions in the mind of the target.

Are you a threat?

IMG_30032016_231956.png

This is really a sub-question under “Who are you?” If the answer is, “I’m a creepy stalker,” then you’ve pretty much answered this question as well. This is reasonable for anyone to ask, and one that you as a social engineer must address immediately. You can’t develop rapport if your target has their shields up. This requires some self-awareness on your part. What messages do you communicate non-verbally? Again, this goes back to congruence. If you’re trying to act in a friendly fashion but your face or body conveys something else, your target will notice….something. That something may be enough reason to shut you down.

We once had a young lady take our APSE. She was a delightful and engaging individual, so we were a bit mystified when she reported some difficulties with her “bumps” during homework. What we eventually discovered was that whenever she was nervous or thinking intently, she made what appeared to be a very angry face, which was making her targets uneasy. Once she became aware of this tendency, she was able to change it and experienced great success in both her approach and rapport-building.

Humans are generally excellent at detecting what appears to be anger or aggression, for obvious and adaptive reasons. Recent research indicates this is something that happens in babies as young as 15 months old. If you have some time, watch the video in the linked article – the baby not only quickly identifies angry behavior, but takes action to make sure he’s not a possible target. Proper threat assessment and response, in the wild.

What do you want?

You’re asking for something, whether that’s basic information or compliance. But the true nature of the question has more to do with the level of the request. In other words, someone you just met will probably not agree to help move you and your family across country. But they may be willing to engage in some light chit chat, provided you answered questions 1 and 2 above.  The level of request should be consistent with the level of relationship you have established at that point. So in the chit chat scenario if you continue to ask personal questions of your target without offering anything in return (which starts to feel less like a relationship and more like a creepy interrogation), you’ll rapidly exceed what’s appropriate and comfortable for the target.

How much time is this going to take?

Most of us have places to go and things to do. So letting the target know you are mindful and respectful of their time makes it much easier and less risky to engage with you. It provides structure (albeit usually artificial) to the situation, which will also increase comfort. We often talk about the artificial time constraint as an invaluable tool in the development of quick rapport. This is another one of those questions that doesn’t have to be answered explicitly. There are lots of ways to indicate that you don’t plan on monopolizing your target all day.

So you now have all you need to know about making a “bump”, which is the gateway to building rapport and creating influence. In a nutshell, it’s all about making your target feel as comfortable as possible by taking any sort of risk you pose out of the situation.  Although it’s taken me almost three pages to describe what has to happen, keep in mind, these four questions need to be answered almost immediately upon approach or you will be shut down.

One last thing

My final piece of advice is something you’ve heard us say time and again. Regardless of your purpose, leave people feeling better for having met you. It doesn’t cost you a thing and the return on investment can be enormous. Until next time!


Written By: Michele Fincher

As part of the newsletter group, you will be the first to receive special offers to services and products by Social-Engineer.Com.


 

 

 

 

 

Leave A Reply