Key Elements Of SE'ing



The Attributes That Every Social Engineer Must Have.

There's no doubt that social engineering has expanded over the last decade or so, whereby as It stands at the time of writing, It Involves a lot more than just SEing someone for their personal Information, or Infecting their PC with malware by tricking them Into clicking on an Innocent-looking link. A new and sophisticated breed of SEing has evolved over time, namely exploiting companies on every scale- be It online or physically In person, Is of equal significance. Whether It's a huge organization such as Logitech or the small health food store at your local mall, makes no difference whatsoever.

How It generally works, Is like this. The social engineer will purchase an Item with the Intention to obtain a refund or replacement, without sending his Item back. He'll then research their terms and conditions to Identify any loopholes, as well as gather Information about their warranty, replacement and return policy. Once that's done, he will prepare his method based on his (researched) findings, execute his attack and manipulate the representative Into Issuing a replacement Item, or crediting his account for a full refund. Evidently there's a lot more to It, but for the purpose of this article, I've provided a simple example of how the SE operates.

This may seem like an easy task with minimal hassle but believe me, It takes an exceptional set of skills to get the job done without fail- particularly when dealing with Investigations, police reports requested, or the rep continues to try and decline the claim. As a result, the social engineer must have certain attributes to ensure the SE results In a successful outcome. Such attributes Include: "confidence", "being In control" and "decision-making".

All these elements run In order of priority. For example, when you have "confidence" you'll "be In control" of the SE. Once that's established, It will help your "decision-making" to finalize the SE In your favor. Makes perfect sense, yes? Good. As an SE'er yourself, It's of paramount Importance to have these because without any or all of them, It's not possible for the SE to run smoothly from start to finish. So let's have a look at these attributes In detail, starting off with "confidence".

Must Have Confidence When SEing:

Without a shadow of a doubt, this Is the most crucial commodity In the world of social engineering, and those who've been In the scene for many years, will know exactly why It's an Integral part of every SE'er. If you have a very low level of confidence or lack It In Its entirety, you may as well forget about social engineering altogether and pursue another form of Interest. You see, In order to SE a given person Into doing something that they're not supposed to do, It requires a high degree of manipulative skills to get them to perform their actions successfully. If you don't have the confidence to do this, "your train of thought will be Interrupted", thus cause you to "lose direction" and totally mess up the task your aiming to achieve.

For Instance, have you ever physically attended a job Interview and upon exiting the building, you thought to yourself: "I should've answered his questions differently" or perhaps you were quite nervous resulting In taking a number deep breaths along the way?  I'd say your answer Is "Yes" to either or both of these! "Confidence Is all about believing In yourself" and as such, you would've responded to all questions accordingly, and your anxiety level would have been down to a minimum. Social engineering Is no different- "If you have faith In yourself and believe In your abilities, then failure Is not an option". The SE will go your way on every occasion.

So how do you develop confidence, to the point of feeling secure In knowing that you're well and truly able to social engineer anyone on any scale? Well, there are no hard and fast rules and to be honest, It all comes down to personal experience. There Is however, one very Important factor that I'd like you to take on board with every SE, and that Is: "Never go In with a negative attitude"- period! The moment you do, your SE has failed before It had the chance to begin. Always, and I mean "always" have a positive outlook and never think that the entity you're planning to SE Is difficult- because they're not. Everyone can be SEd, It's just a matter of how confident you are In your abilities as an SE'er.

Being In Control Of The SE:

Generally speaking, when you social engineer a huge company to the likes of Amazon or Logitech with the Intention of getting a refund, every representative you speak to or get In contact with, will call the shots by telling you how your claim will be handed. Because they have certain protocols to follow, this Is standard practice, but this means that you're dancing to their tune (so to speak) and "allowing them to dictate the progression of your claim". In other words, "the representative has the upper hand with your entire SE" and as a result, determines whether your refund Is approved. If you sit back and let this happen (and suspicion Is detected), then your SE Is destined to fail. It's Imperative that you "reverse the role by being In control right from the get-go".

As you're well aware, SEing Is all about "manipulation" and to execute this effectively and also maintain It throughout your attack, "you MUST be In control", there's no Ifs or buts about It. To this day, I come across so many SE'ers who research their target constructively, formulate their method flawlessly, and execute the attack perfectly- only to find themselves requesting assistance on an Internet forum for days on end. If they took command of the SE Immediately after the execution, and dominated the conversation all the way through to the end, there's no reason to ask for help at any point In time. The SE would've succeeded before they had the chance to hit the send button when creating a thread. The message Is pretty clear-  "be In control and don't take 'no' for an answer". It's as simple as that.

The Vital Role Of Decision-Making:

Once you have all the "confidence" In the world, thereby you "take control" of your SE by manipulating a given representative to comply with your requests, you'll find that your "decision-making" will be second nature. You will no longer be In a scenario of thinking about what to say, and how to say It. That's because everything will be based on your terms and not the company's rep and as such, you'll react Instinctively to all events during the course of your SE. This Is due to being "confident" and "In control" of all circumstances surrounding your claim. But what happens If you lack In confidence and you're not In control?  Allow me to provide a simple example as follows.

It's all good when you're communicating via email- you have ample time to read & respond to messages, hence can think of the most appropriate reply at your leisure, but the same can't be said when chatting over the phone. This Is real-time conversation, whereby all discussions between yourself and the rep are Instant and anything you say, cannot be taken back. If you're hesitant and Indecisive about how to respond, It will lead your SE In a different direction, and that's most likely heading towards a negative outcome. All It takes Is a single error In judgment, and you may find that you'll terminate your SE way before It was due to finalize. Thankfully, and given that you're at the final stage of this article, this Is not part of who you are!

In Conclusion:

I've personally experienced all types of social engineering attack vectors, as well as having to (Initially) deal with the most stubborn representatives who refused to hear me out and If I didn't have the "confidence" to begin with, nor took "control" at the start of the SE, then without question, It would have ultimately failed. As already stated, always social engineer with a positive attitude by dismissing all negativity, and through experience of SEing companies of all shapes and sizes, you will formulate the perfect Ingredients to ensure that "confidence", "being In control" and the "correct decision-making" will be a part of your social engineering toolkit. As a result, failure Is not In your vocabulary.







Comments


Popular Social Engineering Posts