Social Engineering Big Security Problem

5 replies [Last post]
supergate's picture
Joined: 2008/07/20

Some people get the wrong impression of social engineering. They say that it is lying. Yes it is pretty much lying, however I would like to try to distinguish the difference between lying and social enginieering. Which means that we get to learn something new today! how about that?

For the most part, when someone lies, they tipically do what? LIE from the top of their head without putting thought into it. Most of the time when they do that, the person they are lying to will either know that they are being lied to. Or will eventually find out that they were lied to. Most of the time someone who lies to someone will make up stupid non-intellectual comment or thought that majority of the time, will be picked up right off of the bat, kind of like trying to use the new sub7's now. So as for lying, it never requires much thought.

On social engineering on the other hand, requires much more thought then just flat out lying. When you social engineer someone, you have to tipically put a lot of thinking into how you can go about it with out being caught. Most social engineers ALWAYS do their research on the person they plan to social engineer. One of the reasons that I think people should do this would be this: They will not studer like a lier because all of there thoughts have been previously planned out. They can also retaliate with answers and questions much faster and with ease.

Some things to research on while trying to social engineer somebody would be the following:
1. learn how their business operates.
2. learn a little bit about the person you are engineering.
3. learn what correct answers and questions are to say or ask.
4. plan what you are going to say and also plan a back up statement or question to save your ass.
5. learn what is apropriate and what is not. (e.x. learn what would be the best clothing to wear, or what kind of accent you will need, ect).
Also note that sometimes being in person while engineering isn't the best of things to do at certain times. Sometimes it is best to just lay off or to do things by phone or threw internet where they can't see your facial expressions.

I hope that this has cleared the differences between the two subjects. If not please feel free to messange me and I can throw in some examples.

There is are always a way around a problem, the true problem however is that you have to find it