Social Engineering: Captain Hindsight

“Do you have any idea what a curse it is to have perfect 20/20 hindsight? As soon as something bad happens, I immediately know how it could have been avoided. I can’t take it anymore!” ~ Captain Hindsight, South Park.

To me, humans fall into two categories: Those who want to help and those who don’t want to be bothered. Now, when I use the words “want to help,” that doesn’t mean they are good people. No, in fact, that could indicate the exact opposite.

Think of it in the context of a Zelda video game. In the game, Link, the protagonist, wants to save Zelda from the clutches of Ganon, the antagonist. Now, the perspective is forced in the game; we only view things from one side – that’s how we can identify who the protagonist is and who the antagonist is. It’s just one narrative.

Now, picture the game from the opposite viewpoint: Ganon, the protagonist, is trying to keep Zelda away from Link, the antagonist. Here, the labels (protagonist and antagonist) have switched; the story, and therefore the perspective, has as well.

Where does Zelda stand in all of this? She’s the one that doesn’t want to be bothered. From either perspective (Ganon’s or Link’s), Zelda is the one who is ultimately inconvenienced by the whole thing. She was trying to rule a kingdom and didn’t want to deal with any of this.

So why is this important? It’s important because to be good at social engineering, you need to be not only able to identify what type of person the target is, but also their motivation.

Social engineering works because people allow it to work. If everyone fell into the category of “doesn’t want to be bothered,” then all social engineering attempts would drop into (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Chris Stephen. Read the original post at: https://threatvector.cylance.com/en_us/home/social-engineering-captain-hindsight.html