Be The Change – Education, is it working?
An article from Dark Reading came out earlier this month that is still getting a lot of traction in the news. What’s the big band wagon that everyone is scrambling to jump on? It’s simple. Train employees on social engineering tactics. The article points out that more than half of security professionals say that social engineering tactics work so well because employees are not educated enough to…
Victory Nonverbal
Social engineers and psychologists may specialize in recognizing nonverbal cues but they have never won a Super Bowl with their skills. Richard Sherman and the Seattle Seahawks secondary did exactly that. By decoding some of the hand signals Peyton Manning used in Super Bowl XLVIII to communicate with his receivers, the Seahawks gained an advantage over the Bronco's offense. Sherman admitted he…
Maltego
Maltego is an open source intelligence and forensics application. Some consider Maltego an open source intelligence (OSINT) tool. It offers an interface for mining and gathering of information in a easy to understand format. Coupled with its graphing libraries, Maltego allows you to identify key relationships between information and identify previously unknown relationships between them.
What…
Cameras
Cameras can be a useful tool for social engineers when it is necessary to capture information quickly. Often it is faster to take a simple picture of information then it would be to write it down. The ability of most cameras to record video is also useful for this purpose. Items to look for in a social engineering camera are the ability to take photographs in a non-obvious manner. This requires…
Commitment and Consistency
Commitment and Consistency has potential implications of use for both the attacker and victim in scenarios regarding Social Engineering.
Definition
“People have a general desire to appear consistent in their behavior. People generally also value consistency in others. Compliance professionals can exploit the desire to be consistent by having someone make an initial, often small, commitment.…
Instant Rapport
Instant rapport is important because sometimes a social engineer’s success hinges on quickly developing a positive bond, so that the person will feel comfortable sharing information. Indeed, a big part of the social engineer’s job is obtaining information needed to compromise their target. This frequently means interacting with people. Therefore, the ability to create rapport, or in other words,…
Interview and Interrogation
These two areas are jumbled together more in real life than on TV. In spite of what people do, here are some basic facts to remember during an interview or interrogation session.
You can’t really tell if someone is lying, all you can do is note the topics that the subject shows stress during and investigate those areas further.
All subjects have stress during this process so baselining…
Successful Pretexting
A solid pretext can be the difference between success and failure to a social engineer. Research, information gathering and planning are all key parts of successful pretexting.
Looking the Part
Again simple is better. But, never-the-less, it's important to look the part. For example, if pretexting as a sales person, it's important to dress the part, and even have a sales contract or two.…