Social Engineering

Question 1

Elicitation

Answer 1

To draw out or arrive at a conclusion. The subtle extraction of info from people

Question 2

Why elicitation works

Answer 2

• Most people want to be polite esp to strangers
• Professionals want to appear will informed and intelligent
• People who are praised will talk more and reveal more
• Most people won’t lie for the sake of lying
• Most people respond kindly to people who seem concerned about them

Question 3

Three steps for successful elitication

Answer 3

1. Be natural. talk about what you know a lot about. confidence naturalness.
2. educate your self, know what you are talking about “IT IS imperative that you not pretend you are more than you can reasonably be believe you are.”
3. Don’t be greedy (pigs get fed hogs get slaughtered).

Question 4

Preloading

Answer 4

Preload targets with info or ideas on how you want them to react to certain info. plant a seed. know your goal an plant it early. (steak example)

Question 5

key components to successful elicitor

Answer 5

• a lack of fear to talk to people and be in a situation that is not normal
• truly do care for people, even if you don’t know them
• offer advice or help only when You have a real solution
• offer non-judgmental ear for people to talk about their problems

Question 6

Appeal to someone’s ego

Answer 6

(don’t over do it), subtle is good

Question 7

*express a mutual interest

Answer 7

(warning it puts you in complete control) That mean you are controlling what information is being sent.
Get yu into longer relationship.

Question 8

*making a deliberate false statement

Answer 8

the target then corrects, it makes target feel in control and knowledgeable. Also helps in group settings highlight who in particular has this knowledge. Then you can pull full details from that person

Question 9

Volunteering information

Answer 9

this produces obligation. compels target to reply with equally useful information

Question 10

Assuming knowledge

Answer 10

if you have assumed knowledge then people will find it more acceptable to discuss the topic with you. you can present info you know and build a conversation around it. Then build the illusion you have inimate knowledge of the topic.

Question 11

alcohol

Answer 11

use alcohol. it loosens more lips. can magnify the effects. of the preceding ploys

Question 12

Use intelligent questions (types)

Answer 12

• open-ended questions
• closed-ended questions
• leading questions
• assumptive questions

Question 13

Open-ended questions

Answer 13

not yes or no questions (watch reporters) what’s wrong, the how or why questions.

Question 14

closed-ended questions

Answer 14

looking for the yes or no ( did you? is it good? What time? Where?)

Question 15

leading questions

Answer 15

often can be closed or open but are lead. the answer has been planted. lcould get people to say what you want them to say

Question 16

assumptive questions

Answer 16

where you assume that certain knowledge is already in the possession of the target. You can determine whether or not a target possesses the info that you are after by asking assumptive questions. (e.g. asking where someone lives shows how much a target knows about a person). DON”T ACCUSE of wrongdoing or use bogus info it can raise suspicion

Question 17

pitfalls to avoid with elicitation

Answer 17

• Too many questions can shut down the target, keep the targe at ease
• too few questions will make the target feel uncomfortable. make the conversation enjoyable
• ask only one question at a time. do not overflow.

Question 18

Pretextng

Answer 18

becoming someone else. getting into character

Question 19

principles for pretexting

Answer 19

• the more research the better chance of success
• involving your own personal interest will increase success
• practice dialects or expressions
• many times social engineering effort can be reduced if the phone is viewed as less important. but phone should not reduce the effort put into the social engineering gig
• the simpler the pretext the better chance of success
• the pretext should appear spontaneous
• provide a logical conclusion or follow through for the target.

Question 20

involve personal interest

Answer 20

self confidence comes from consistency. eliminate dissonance

• reduce the importance of the dissonant believes
• add mor consonant beliefs that outweight the dissonant ones
• change the dissonant belifes so they are no loner dissonant ones.

Question 21

dialects and expressions

Answer 21

practice your accents

• find native examples to learn (books like dialects for the stage)
• try speaking along with the recording you have to practice sounding like that person
• after you feel somewhat confident, record yourself speaking in that accent so you can listen to it later on and correct errors
• create a scenario and practice with you new accent with a partner
• apply your accent in public to see if people find it believable.

Question 22

keep it simple

Answer 22

more simple more success. complex lies fall apart

Question 23

looking spontaneous

Answer 23

• don’t think about how you feel
• don’t take yourself too seriously
• learn to identify what is relevant
• seek to gain experience

Question 24

Provide logical conclusion or follow-through for the target

Answer 24

people want to be told what to do.

Question 25

Legal pretexting

Answer 25

FTC limits

• pretexting in obtaining any info from bank or for bank or consumers not just financial using fraud deception ro misleading questions is illegal
• using already obtained info to verify that a target is a targe, even with false pretenses is legal, unless to get info from financial institution
• acquiring toll phone or cellular records through deceptive business practices is illegal
• it is illegal to use false statement or document to get customer info from financial institution or directly from the customer
• it is illegal to use forged counterfeit lost or stolen docst to get customer info from (financial or customer)
• it is illegal fro anyone to ask person to get someone elses customer info using fas document or statements.