The Top 10 Social Engineering Tips We Learn From Con Men
Victor Lustig is, perhaps, one of the greatest known con-men of our time. Born January 4, 1890 in, what is now known as the Czech Republic, Victor was best known for trying to sell the Eiffel Tower, not once, but twice. His scams were widely varied, but always highly successful. Extremely charming and fluent in multiple languages, Victor employed a lot of similar tactics as social engineers do today. What we know about rapport, thanks to folks such as Robin Dreeke, was used masterfully by Victor throughout his illustrious career.
In 1925, Victor traveled to Paris to achieve, what some call, his best scam.The Eiffel Tower, during this time, was in disrepair and needed some serious attention. Victor forged credentials and posed as the Deputy Director General of the Ministère de Postes et Télégraphes. He then arranged meetings with French scrap dealers and pitched the idea that the city was looking to sell the tower for scraps. One of the dealers bought the scam hook, line, and sinker. The dealer put down a deposit to be the one who tears down the tower. When the scrap dealer went to the city to claim his bounty, he quickly realized he had been duped. By this point, Victor was long gone. Having a love for the con, Victor couldn’t help himself and returned to Paris one month later, gathered another group of scrap dealers, and tried the scam again! This time, the dealers were suspicious and went to the police. Victor narrowly escaped the country.
One of Victor’s trademark scams is a scam known as the money box scheme. Victor prepared a box which he claimed would copy and print $100 bills every six hours. He would demonstrate the box’s ability to his targets showing them that, indeed, the box would spit out $100 bills every six hours. Realizing the monumental profits possible with such a machine, greedy marks happily handed over as much as $30,000 per machine. As it turned out, the machine was preloaded with a couple real $100 bills which it would spit out on the designated interval. The only problem was, after producing two bills after twelve hours, the machine ran out of the real money and only produced blank paper. By the time his targets realized they had been scammed, Victor was long gone.
Victor Lustig used his charm and charisma to brazenly extract $5,000 from Al Capone. He first convinced Capone to invest $50,000. Instead of investing, Victor placed Capone’s money in a safe for two months. After the two month period, Victor returned the money to Capone claiming the deal had fallen through. Capone was pleased with Victor’s integrity and awarded him $5,000 which is all Victor wanted in the first place. Victor did not steal from Al Capone, but by convincing Capone that he was a stand-up guy, he was rewarded for his character. Brilliant.
We can learn a lot from Victor Lustig and men like him. Victor passed away in 1947, but left a list of ten instructions on how to be a con-man dubbed, the “Ten Commandments for Con Men”.
Here are Victor’s Ten Commandments with some social engineering twist for each one.
-
- Be a patient listener (it is this, not fast talking, that gets a con man his coups). This ties in well with the idea of active listening. A social engineer who is too quick to want to get to the goal will leave the target feeling used or cheap… never a good idea if you need them. Building rapport takes time and showing care and concern.
- Never look bored. This ties in well with the first point. If we are actively listening then we don’t look bored. This means we avoid looking at our watch, looking through or past the target and especially we watch our body language. We want to make sure our hips and feet face the target. If we don’t, it can give the impression that we are not interested.
- Wait for the other person to reveal any political opinions, then agree with them. This is a good point, once we say something, taking it back is very hard to darn near impossible to do. If we wait for the target to reveal their belief system then agree, we build rapport and join their frame. Doing so can make a world of difference in building that ever needed rapport.
- Let the other person reveal religious views, then have the same ones. Basically the same point as above… wait and then make them similar, not exactly alike. Be cautious to not be so similar it is as if you are parroting them, that can turn some people off.
- Hint at sex talk, but don’t follow it up unless the other person shows a strong interest. Personally, I do not subscribe to this method in social engineering engagements. If we think about the goal of an SE Engagement is to educate, protect and secure… leaving a target feeling cheap and worthless does more damage than good. That is my personal view, but I can also see how in a con, this would be very effective.
- Never discuss illness, unless some special concern is shown.You never know a person’s disgust factor. Describing some illness you have, or are feigning, could work (if it is a disability), but sickness will, at times, make a person not want to be near you for fear of “catching it”.
- Never pry into a person’s personal circumstances (they’ll tell you all eventually). Getting too personal before rapport is built can sever any chance you have at building rapport.
- Never boast – just let your importance be quietly obvious.This point is amazing – Robin Dreeke puts it like this, “Ego Suspension”. If we can suspend our ego’s, we attract people to us. We appear more open and pliable. Arrogance closes doors and irritates people. If this was a pie chart, I would say that there is a 1% to 3% period of time that the angry, upset, and arrogance pretext works. More often than not, it is better to be the humble, friendly rapport builder.
- Never be untidy. Back in Victor’s time, styles were more neat and tidy. This meant that someone who looked unitdy was obviously a vagabond (or vagrant). Well, that is not the case anymore, but this is still a great point. Sloppy, messy clothes or hair, or even bad breath, can throw a person off to the extent that they will not work with you or comply with your requests. Dangerous.
- Never get drunk. Chris actually talks about this in his book. Alcohol lowers inhibition and makes people less likely to think appropiately. As a target, this is good for the social engineer, but as the social engineer, it is never good to lose control of your thought process. Maintaining that control and balance can make the difference between success and failure.
As social engineers, we often play the role of a con man and what better way to learn than from one of the greats! For a modern day example, check out the latest blog post on Social-Engineer.org about modern day con man, Steve Comisar.
Written by: Eric Maxwell & Chris Hadnagy