Sales people are every where and arguably everyone is a salesman. These people have a product or a service that they want you to buy.
Sales People will often use pretexting to gain information about your company and what they are looking for. It is very common for sales people to do competitive research to find correct price points, or what competitors are doing. These tactics can also be used in an example such as, posing as a sales person offering security cameras. You can ask some questions about their current systems and gain some information about them. If they have some then you can pose as a customer to the vendor of those cameras to find out some of their capabilities and limitations. This role can be played like many of the other impersonation roles. You play a part and take advantage of someones need.
Sales people are very good about elicitation. Good sales people earn a living by trying to find out as quickly as possible if they have what you are looking for. Sales people will ask leading questions to try and persuade you to buy what they have to offer and limit the items that you may have to look through in order to find what you want. It is common for Sales People to listen to your wants and address the good points about their product or service that matches your needs. They will use this technique to get a better understanding of what a customer may have or what they do not have. If you are in the market for certain items this could be an especially dangerous interchange especially when your are talking about security items such as home security systems, auto security systems, or computer/network security systems.
Passive Information Gathering
Sales people have other methods for gathering information about potential customers that involve aspects of Social Engineering. They will engage in forms of passive information gathering techniques such as, looking at potential customer websites, performing Google searches on sales people, or looking at local news papers or press releases. This is a great way for them to find a target market for their products, or to to meet a potential customer’s needs. Some major companies will solicit for sales of products or services through a Request for Proposal (RFP). RFP’s can provide very specific information about a service or product that they need. These are very useful things and can even help sales people possibly frame a new service or find out what competitors are doing in their field. However, this process can reveal sensitive information about the company putting out the RFP.
Sales people or even sales engineers are given unusual access to sensitive areas while performing pre-sales work or network evaluations. They need to set things up for presentations or other “work” that needs to be done to accomplish their tasks. While some smaller companies may have a more difficult time with this, the strategy is the same. Once the sales person has gained entry to the building on officially sound business, they are granted access to inside resources enabling them to carry on further information gathering.
Sales people can be aggressive and persistent with their questioning. “Don’t take no for an answer” is sometimes their motto. Most sales people are not malicious but you can never be too careful when you are dealing with sensitive topics. To protect yourself from some questionable tactics, your should follow a few simple rules.
- Never disclose sensitive information about yourself or your company to sales people.
- Do your homework on what you are really looking for and write down specific questions that you have for the sales person. You control the conversation.
- If you are a company providing a Request for Proposal, have a non-disclosure agreement signed by prospective companies prior to giving out information about your project