Social-Engineer Newsletter Vol 08 – Issue 112

Social Engineering Can Make You a Better Person

When social engineering makes the headlines, it is generally as a negative term where S.E. principles are used to initiate, perpetuate, or assist a large hack that exfiltrates data or distributes ransomware. With headlines like “Social engineering at the heart of critical infrastructure attack” and “Iranian phishers bypass 2fa protection offered by Yahoo Mail and Gmail,” it is easy to see how the term has developed negative connotation . However, here at SECOM and SEORG we utilize social engineering with the goal to “leave others better for having met [us]” while employing, practicing, and curating strong social engineering skillsets. Here, we discussed whether all social engineers are bad people and, though people rarely fall cleanly into the category of “good” or “bad,” this conversation is constantly being debated.

Almost a year ago, I made my newsletter debut examining how SE skills could be used in everyday life. Since then, I look for opportunities to practice my craft, improve my abilities, and be a stronger SE whenever I can. After reflecting on this last year, I can absolutely say that social engineering makes me a better person, and if you choose to social engineer as a white hat, it can make you one too.

How Social Engineering Can Make You a Better Person

As social engineers, we must quickly build rapport with our targets, maintain that rapport, and accomplish our goals without being burnt. We do this via email through phishing, phone calls through vishing, and in person via impersonation. As white hat social engineers, the skills needed to accomplish these goals effectively range from utilizing Dr. Robert Cialdini’s influence principles to awareness of vocal tone, body language, and facial expressions. Let’s examine some of the positive skills social engineering can foster:

  • Reciprocity – the reciprocity principle indicates that people will want to return something, a gift, favor, information, etc., that they are given in equal or greater value. However, it is important to remember that the recipient determines the value of what they have received. To effectively use this, an SE must remember that the target needs to value whatever they are given. In personal life, this causes us to think more about what others value over what we may value. This makes us more conscientious and encourages us to prioritize the other person.
  • Awareness of others – in the field, SEs are constantly looking to pick up queues from their targets. What internal jargon do they use? How do they speak? What is their body during the interaction? Do they seem like they want to get away? Are they in a rush? This has caused me, when meeting new people, to study how they are speaking and attempt neutrality until I understand how to communicate most effectively to the person I am speaking with. Additionally, I pay attention to how they are behaving, whether they seem like they need to go, and respect their boundaries. This creates a safe space for the people you interact with.
  • Speaking less and listening more – As an SE, we are usually on the hunt for information. It is challenging to get information out of someone if you’re the one doing all the talking. At home, I employ reflective questioning and allow my friends and family to get more speaking time and work to truly listen to the information they are sharing. People appreciate when they feel heard. This will strengthen your interpersonal relationships and improve your conversation skills.
  • Empathy – you never know where the other person in the conversation is coming from. They could have just gotten rough news, missed breakfast, or not had enough sleep the night before. While listening, really work to understand the perspective the individual is coming from and assume positive intent. Figuring out where a person is coming from and how they may feel connects you more closely to others.
  • Patience – Jumping into an engagement too hard too fast throws your targets off. In my day-to-day life, I have a tendency to want answers RIGHT NOW. However, the value of waiting for others to get on the same page cannot be stressed enough. I am now far more inclined to lay the foundations of a conversation and then wait for the other party to address topics when they are ready.
Social Engineering can make you a Better Person

Great resources to build social engineering and life skills

If you want to practice these skills in your daily life, as well as your career, here are some great resources to start with:

  • The Social-Engineer Podcast hosts great guests who explain unique skill sets and tools that are used in both life and social engineering.

The intention with which you take an action can determine the quality of that action and, broadly, whether it is “good” or “bad.” Should you use your social engineering skills to exploit individuals for your own personal gain, that action is not good. However, by practicing the skillsets of strong social engineers while attempting to leave others better for having met you, you may inadvertently realize you have grown into a better version of yourself. Social engineering can make you a better person, and I challenge you to look for opportunities to practice these skills for the benefit of others in this new year. If you are curious about how to S.E. for good, check out the Social Engineering Code of Ethics. I hope you see yourself grow in the process!

Be secure and be kind,

Written By: Cat Murdock
Twitter: @catmurd0ck

Sources:

https://www.social-engineer.com/are-all-social-engineers-bad/
https://www.computerweekly.com/news/252454369/Social-engineering-at-the-heart-of-critical-infrastructure-attack

https://arstechnica.com/information-technology/2018/12/iranian-phishers-bypass-2fa-protections-offered-by-yahoo-mail-and-gmail/
https://www.influenceatwork.com/principles-of-persuasion/
https://www.social-engineer.org/newsletter/social-engineer-newsletter-vol-08-issue-101/
https://www.social-engineer.org/newsletter/social-engineer-newsletter-vol-08-issue-103/
https://www.social-engineer.org/framework/general-discussion/code-of-ethics/

Image: https://twitter.com/tim_fargo/status/628552609360683008

The post Social-Engineer Newsletter Vol 08 – Issue 112 appeared first on Security Through Education.



*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by SEORG. Read the original post at: https://www.social-engineer.org/newsletter/social-engineer-newsletter-vol-08-issue-112/