Forum Thread: How Can I Be Better at Social Engineering?

How Can I Be Better at Social Engineering?

I am learning ethical hacking and i have just started social engineering part. As practice I was able to social engineered a girl and hacker her facebook account. Now to be better at social engineering what you guyz would suggest me any step? (I am beginner)

15 Responses

First I would suggest that you don't do anything illegal ;)
Then check out master OTW's social engineering tutorials on the How To section.

Thanks bro. Sorry for late reply

Step 1: Don't do anything illegal.
Step 2: If you do, don't brag about.
Step 3: ???
Step 4: Profit

Can't understand your 3rd step

Link.

It's all about manipulation and taking advantage of base instincts. Figure out subtle ways that you can generate trust and work with it. Learn how and when to put pressure on the target. It's a lot to do with feeling the situation out and less to do with "to get x result, do y". One big thing that you should work on if you plan on using social engineering through text on English speaking targets, is to get your English up to scratch. Having spelling errors and general non-native flaws in your English will make your attempts much more difficult. Don't get me wrong, your English is great. But it doesn't hurt to refine it.

As for the legality of your motives, I would rather not know.

ghost_

Adding to this, I'd also like to point out that having confidence plays a key role in social engineering. Some of the most famous social engineers (like Kevin Mitnick) thank their success mostly because they walked in like they own the place. To develop confidence, here is a training I developed myself:

Next time you're outside, try to stare at a random person for 2 minutes, preferably eye contact. This will feel very uncomfortable, but it is that feeling that you need to get rid of. At this stage, you're developing confidence. The uncomfortable feeling will eventually go away. Result: you'll be more confident. If the person you've been keeping eye contact with comes up to you and asks why you're staring at him/her, just ask: "are you insert random name here, my old friend from elementary school?". Most likely they'll say that isn't their name. Then you should just apologize and say that you mistook him for your old friend.

Another thing I'd like to point out is the "Benjamin Franklin effect". When you ask people a favor, they're more likely to trust you.

But keep in mind that we are a white hat site! Your morals at the moment seem a little bit against ours, so please change your path, or you'll get in jail (or worse).

-Phoenix750

Thats a nice tip to score with chicks too :D

I might lock myself up behind my computer screen most of the time, but I do know how to approach women ;).

Though staring at a women may cause an unpleasant reaction cough you're staring at me you pervert cough.

-Phoenix750

Yeah i too had this problem.

I'd apologize her and she understood it. Thanks bro for this great kind of tips.

Confidence is key in social engineering, so it is very important to train it well.

-Phoenix750

While we're a white hat site; I don't feel like we should be guessing at his motives. We are not liable for what he does with the information we give him and policing the information we do share under the guise of "it's immoral" isn't right.

That's just me, of course.

All we can do is warn him that hacking can and will carry criminal penalties with it if it's not executed in a safe environment like a virtual lab. What he does with the information is, again, up to him.

ghost_

True, it is up to him. But I'd rather not see him/her getting in jail.

-Phoenix750

Thanks bro for this explanation. And again thanks.

Just as there is no silver bullet in hacking there is no silver bullet in social engineering. The experience varies from person to person, you will find a person who will throw a million questions your way seeing if you're legit or not. You will also have people who will not question you, or very little, which will make the social engineering alot easier.

This all depends on how you're doing your social engineering as well, if it's in person or if it's not in person. Whether it be through email, messages or over phone.

Each situation will be different, but you will have a similar aproach to each situation.

You say you social engineered a girl on facebook, I wouldn't post about that. Unless permission was given of course.

Share Your Thoughts

  • Hot
  • Active