Hello, hackers and engineers! Today we are going to dive a tiny bit deeper into the secrets of psychology, and how we can use them with hacking and social engineering attacks.
For those of you that haven't looked at any of my other social engineering tutorials, I always tell people the same thing about it. The goal is to make the other person think that you can be trusted, and that you have more power than them. From that position you can gain access to unauthorized information easier than if you were to hack the system technically.
In this tutorial I am going to show you a few tips and tricks to gain a bit more trust from your target. We all know that going in and asking someone for their social security number won't work, so we must carve a path for ourselves.
In this first step we are going to discuss some key words to help you get past a basic authorization. I am going to use examples from my previous knowledge, and research from experiments. Below I am going to list some key words and how they are used in social engineering attacks.
- "Because" rule
A lot of people don't know about this rule, or underestimate it's power. I have used this rule countless times to cut down questioning, and skip lines. This rule means that if we use the word "because" after a statement with a meaningless reason, we can allow our target to assume we have a reason for doing things. Here is an example of the rule being used to cut in front of a Burger King line.
Without the "because" rule:
(Person standing in line)
"Excuse me can I please get to the front of the line real fast?"
"No, you gotta wait like everyone else."
As you can see here, the employee sees our attempt to cut the line and refuses. However, if we add the "because" rule, there is a good chance that the employee will allow us to skip.
With the "because rule:
(Person standing in line)
"Excuse me can I please get to the front of the line real fast because I am in a rush and i'm going to a meeting?"
It is likely that from here the employee will understand our position and let us get to the front of the line.
As you can see in this example, using key words is extremely important in pulling off a social engineering attack. In the next step we are going to talk about confidence and how you can practice gaining it during attacks.
The key to any social engineering attack is confidence. Professional social engineers will even say that the key to their success was walking into a place like they owned it. In this section I am going to show you ways to practice your confidence and how you can use it in your attacks.
Practicing is key. You should be comfortable looking into the eyes of other people, not squirmy or unconfident. We can practice this on our local train station platform or any other crowded area.
I practice by looking into the eyes of a stranger for as long as possible. This is usually very uncomfortable, and it should be. The goal of this practice is to be more comfortable with strangers. If the stranger you are staring at confronts you just tell them you thought you knew them.
You must be comfortable and confident in all of your attacks. Practice this a lot. You can also practice through phone calls and face to face conversations with strangers. In this next step we are going to talk about resources to learn more about social engineering.
Personally I know how hard it is to find useful and productive resources. Below I am going to link my favorite books, tutorials, etc. that will help you through your social engineering struggles.
Social Engineering, The Art of Human Hacking by Christopher Hadnagy & Paul Wilson
This book is fantastic in my opinion. It shows you examples, practices, and walks you through everything you need to be a professional social engineer. It's around 30 bucks and in my opinion it's worth all of the money.
My favorite website by far is http://www.social-engineer.org. This website was designed as a catalog for professionals to kickstart their career with resources, tutorials, and info.
Some other useful websites are:
So you've learned some useful tips and tricks on social engineering and psychology. I encourage my readers to take this information and do something amazing with it. Build up your security but never let your trust lose you. If you have any suggestions or concerns, feel free to put them down in the comment section. Thanks again, Cameron.