A big part of the social engineer’s job is to obtain the information needed to compromise their target and that can frequently mean interacting with people. Rapport is the ability to build a relationship with someone and includes such elements as mutual liking and comfort. Instant rapport is important because sometimes a social engineer’s success hinges on quickly developing a positive bond with someone so that person will feel comfortable sharing information with them. Authority is one way to get someone to share information with you but creating rapport with an individual and getting them to like you is also a very effective method that has the added benefit of hopefully leaving your target in a better mood than you found them. This means they won’t question their actions later and your social engineering will stay undiscovered. Many of the below communication tips are just as effective on the phone or via email as they are in-person.
10 Steps to Developing Rapport
For the professional social engineer/pentester, quickly establishing rapport is essential. Listed below are 10 steps to develop rapport.
Establish Artificial Time Constraints
Time is valuable to us and as such, we respond positively when someone demonstrates a respect for the value of our time, often by promising not to take too much of it. Social engineers might state this explicitly, “This will only take a moment,” or they might do so with nonverbal cues such as angling their body towards the door instead of the person and glancing quickly at their watch before speaking.
Unless you approach and speak to the person’s back, your nonverbals are already communicating with the person before you open your mouth. Accommodating nonverbals communicate that you are friendly, relaxed and not a threat. Consider what message your body language is giving before you even speak.
Using the context of your pretext, your target, and the environment in which you will be interacting, it is important to consider RSVP (rhythm, speed, volume, and pitch) when talking with your target. Modulating the speed at which you speak is just as important as the tone and volume at which you are speaking.
Sympathy or Assistance Themes
Social engineers have found it is a reliable general rule that people like to be helpful. Using the other points listed here, such as artificial time constraints, asking someone to help you is a simple and effective way to elicit their assistance.
Another reliable human trait is that people like to be right. One technique for helping someone feel more open to your requests is to suspend your ego so the target does not view you as a threat to their own. This means not correcting them or sharing your “greater” knowledge but instead saying, “I don’t know” or just listening attentively to them when they talk.
One way to get people to like you is to make them feel that you liked them first. People respond well to others who demonstrate they value or respect the person by giving the person their time and attention. Two ways to do this are to compliment them or simply listen and then validate what they have said.
Ask … How? When? Why?
Asking How, When, or Why means you are encouraging your target to provide more information instead of giving you a shorter Yes or No answer. Open-ended questions and not immediately filling the silence by talking are two methods to increase a person’s communication with you.
Connect with Quid Pro Quo
Essentially, if you give a little information first or participant in an exchange of information, many people will give a little back. We say “little information” because your target isn’t likely to want to hear a perfect stranger’s life story. However, a normal conversation with a friend will include a back-and-forth exchange of bits of information and it is this element you want to mimic.
This technique is similar to the last point, in that you are giving something in order to get something back. Keep in mind the gift doesn’t have to be concrete but it does have to have value to the recipient.
It’s important to manage your expectations for any engagement. If you become too wrapped up in success you may not realize when to walk away, whether the reason is because something is working well or because it isn’t working at all. Social-Engineer.org believes in leaving our targets feeling better for having met us, so this is also our focus when we are developing rapport or eliciting information.