Hello, hackers and engineers! Today we are going to dive a tiny bit deeper into the secrets of psychology, and how we can use them with hacking and social engineering attacks.
For those of you that haven't looked at any of my other social engineering tutorials, I always tell people the same thing about it. The goal is to make the other person think that you can be trusted, and that you have more power than them. From that position you can gain access to unauthorized information easier than if you were to hack the system technically.
In this tutorial I am going to show you a few tips and tricks to gain a bit more trust from your target. We all know that going in and asking someone for their social security number won't work, so we must carve a path for ourselves.
Step 1: Key Words
In this first step we are going to discuss some key words to help you get past a basic authorization. I am going to use examples from my previous knowledge, and research from experiments. Below I am going to list some key words and how they are used in social engineering attacks.
- "Because" rule
A lot of people don't know about this rule, or underestimate it's power. I have used this rule countless times to cut down questioning, and skip lines. This rule means that if we use the word "because" after a statement with a meaningless reason, we can allow our target to assume we have a reason for doing things. Here is an example of the rule being used to cut in front of a Burger King line.
Without the "because" rule:
(Person standing in line)
"Excuse me can I please get to the front of the line real fast?"
"No, you gotta wait like everyone else."
As you can see here, the employee sees our attempt to cut the line and refuses. However, if we add the "because" rule, there is a good chance that the employee will allow us to skip.
With the "because rule:
(Person standing in line)
"Excuse me can I please get to the front of the line real fast because I am in a rush and i'm going to a meeting?"
It is likely that from here the employee will understand our position and let us get to the front of the line.
As you can see in this example, using key words is extremely important in pulling off a social engineering attack. In the next step we are going to talk about confidence and how you can practice gaining it during attacks.
Step 2: Confidence
The key to any social engineering attack is confidence. Professional social engineers will even say that the key to their success was walking into a place like they owned it. In this section I am going to show you ways to practice your confidence and how you can use it in your attacks.
Practicing is key. You should be comfortable looking into the eyes of other people, not squirmy or unconfident. We can practice this on our local train station platform or any other crowded area.
I practice by looking into the eyes of a stranger for as long as possible. This is usually very uncomfortable, and it should be. The goal of this practice is to be more comfortable with strangers. If the stranger you are staring at confronts you just tell them you thought you knew them.
You must be comfortable and confident in all of your attacks. Practice this a lot. You can also practice through phone calls and face to face conversations with strangers. In this next step we are going to talk about resources to learn more about social engineering.
Step 3: Best Resources
Personally I know how hard it is to find useful and productive resources. Below I am going to link my favorite books, tutorials, etc. that will help you through your social engineering struggles.
Favorite book:
Social Engineering, The Art of Human Hacking by Christopher Hadnagy & Paul Wilson
This book is fantastic in my opinion. It shows you examples, practices, and walks you through everything you need to be a professional social engineer. It's around 30 bucks and in my opinion it's worth all of the money.
Favorite Website:
My favorite website by far is http://www.social-engineer.org. This website was designed as a catalog for professionals to kickstart their career with resources, tutorials, and info.
Some other useful websites are:
http://www.socialengineered.net
Step 4: Conclusion
So you've learned some useful tips and tricks on social engineering and psychology. I encourage my readers to take this information and do something amazing with it. Build up your security but never let your trust lose you. If you have any suggestions or concerns, feel free to put them down in the comment section. Thanks again, Cameron.
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
11 Comments
Richard Wiseman has once conducted a show about Social Engineering. I found it pretty amazing, he also pushes the "Because" to the limits.
wow! Sounds very interesting...do you have a link?
It's called "People Watchers", I found most of the series on YT, can't look for it right now. He's also written many books, wikipedia says all about him.
nice one once again sir
Thanks for the post! I recently got a book 'Influence: the psychology of persuasion' by Robert B. Cialdini. The author discusses influencing people in the context of six core principles that he decided upon after, seemingly, years of research, and experimentation. Those being: consistency, reciprocation, social proof, authority, liking and scarcity. It's well worth a read.
Indeed. Here's a cool fact I didn't include in the article but it might interest you:
When you ask somebody for a favor, they will actually end up liking you more.
nice! I see what you mean. It shows a level of dependence and trust aye?
That reminds me of something from that book. According to it, if you pay someone a compliment, it doesn't matter whether you mean it or not, and it doesn't even matter if the person knows you don't mean it, they can't help but feel complimented and supposedly like you more also. I have no personal experience of this working, however, and I can't remember if it's had this affect on me in the past, but this stuff is fascinating! Cheers for the links also.
I read that too. It's a very useful book.
That technique you said actually works everyday: in a work or school experience so many people compliment without meaning it, with their first reason being making you feel better.
Indeed. Studies have shown that if you give someone a small gesture before asking them a favor, they are more likely to accept your favor, therefore giving you what you want. Pretty cool, huh.
amazing post :D thanks!
Share Your Thoughts