Unmasking the Social Engineer: The Human Element of Security

Unmasking the Social Engineer: The Human Element of Security

English | 2014 | ISBN: 978-1118608579 | 256 Pages | PDF, EPUB | 56 MB

Learn to identify the social engineer by non-verbal behavior Unmasking the Social Engineer: The Human Element of Security focuses on combining the science of understanding non-verbal communications with the knowledge of how social engineers, scam artists and con men use these skills to build feelings of trust and rapport in their targets. The author helps readers understand how to identify and detect social engineers and scammers by analyzing their non-verbal behavior. Unmasking the Social Engineer shows how attacks work, explains nonverbal communications, and demonstrates with visuals the connection of non-verbal behavior to social engineering and scamming. Clearly combines both the practical and technical aspects of social engineering security Reveals the various dirty tricks that scammers use Pinpoints what to look for on the nonverbal side to detect the social engineer Sharing proven scientific methodology for reading, understanding, and deciphering non-verbal communications, Unmasking the Social Engineer arms readers with the knowledge needed to help protect their organizations.


Conversational Signals as a Social Engineer

There is probably no better way to summarize this section than with what Dr. Ekman said on page 202 of Human Ethology:

The student of emotional expression needs to understand the conversational signals as well. These actions occur often and if they are not recognized will confuse the study of emotional expression. The student of conversation must understand the emotional expressions if he is to disentangle them from actions that are directly guided by conversational process.

I couldn’t agree more. It is vitally important as a social engineer for you to understand these signals. These little clues can help you see if your subjects are getting the point, showing disbelief, or becoming bored. You can then adjust your approach, enhance your style, and communicate more efficiently when you see these signals.
Remember, you need to practice only three AUs: 1, 2, and 4. Make this your mantra for conversational signals: Eyebrows up, eyebrows down, nod to encourage. Practice these so that you understand how they feel and how they make you feel. Looking for these signals in others and recognizing them during conversation can help you decipher the emotions of the person you are speaking to.

Applying This Information as a Professional Social Engineer

My five-day “Social Engineering for Penetration Testers” class uses the motto “Leave them feeling better for having met you.” Our goal in the five days is to teach each student the skills to elicit personal details from someone without using manipulation tactics or making the subject feel bad. What is amazing to me are the results—not the information gathered, but the results with the students. I have had students tell me the class changed their life and taught them how to be a better husband, father, person. How is this possible? Social engineering basically means learning to be a good communicator. If you learn to be a good communicator, with a goal of leaving the people you meet and communicate with feeling better for having met you, the results can be life-altering.

But a different lesson in those five days sometimes doesn’t hit the students until the very end: Malicious social engineers employ the very same tactics.
I once interviewed Dr. Paul Zak for my podcast on … Dr. Zak does research on oxytocin, a molecule released in our brains when we feel trust, bonding, and closeness. It’s often related to breastfeeding, but Dr. Zak has found that all humans release it, often when they interact with those they love and trust.He told me a story from when he was a young man working at a gas station, and a couple of con men tricked him using a ruse called a “pigeon drop.” One day a man came into the office with a small box he said he found in the restroom that contained what appeared to be expensive jewels.

Just as Paul was deciding what to do, the phone rang. The man on the other end frantically described how he had left behind some jewels at the gas station. Paul told the man that an honest patron, standing right there, had just turned them in. The ecstatic man on the phone said he wanted to give the finder a $200 reward. Paul hung up and told the finder that the owner of the jewels wanted to give him a reward