Social Media Week Berlin talk from Sept. 23, 2013.
Want to learn more about the dark art of social engineering? Wish you could peek behind the curtain and get a look at how hackers and mentalists seem to be one step ahead of the rest of us? Wondering how you could be like them?
This talk dispels the myth and mystery of social engineering and explains how you can actually start doing it yourself. We start by looking at its history and building a basic knowledge of the core principles of this sly art. Then, we explore the social engineer’s toolkit and walk through a concrete example to unpack the 5 steps to engineering a tricky situation we all encounter at work. Finally, we wrap up by pinpointing what it takes to succeed as a social engineer and reviewing some take-home assignments everyone can try. And for those who know that you’re either playing the game or being played, I welcomed challenges during the Q&A.
If you've avoided created social media profiles because you were hoping it was a passing fad or if you created them but have no idea what to do now, this presentation is for you. You'll learn the essentials you need to optimize social media for business and personal use and control the digital fingerprints you leave behind.
Learner objectives:
- Understand the difference between different social media platforms.
- Learn what content is best to post and share on each platform.
- Identify best practices for professional and personal use.
For more business-friendly advice, especially for admins and event planners, visit http://planyourmeetings.com. Like what you see? Subscriptions are free!
Social Media: Your Secret Weapon in Combating Negative FeedbackBonnie Southcott
Wondering how to combat negative feedback online? Here's a look at what happens when a company learns the hard way. It's the story of United Airlines Dave Carroll's "United Breaks Guitars." Presented at Social Media Conference Northwest in March, 2010. (Statistics included in presentation notes.)
Congrats! You're being social. Now what?Managing multiple profiles can be overwhelming and more than a little intimidating. If you're not seeing any return on the time you're spending on social platforms or if you're not sure of next steps, this session is for you. You'll learn about tools that will help you minimize the amount of time you're spending on social media, while maximizing the size and engagement level of your audience.
This presentation was originally created for the 2015 IAAP Georgia-Alabama Branch Event.
For more business advice, best practices and time-managment tips, visit http://planyourmeetings.com. Like what you see? Subscriptions are free.
If you've avoided created social media profiles because you were hoping it was a passing fad or if you created them but have no idea what to do now, this presentation is for you. You'll learn the essentials you need to optimize social media for business and personal use and control the digital fingerprints you leave behind.
Learner objectives:
- Understand the difference between different social media platforms.
- Learn what content is best to post and share on each platform.
- Identify best practices for professional and personal use.
For more business-friendly advice, especially for admins and event planners, visit http://planyourmeetings.com. Like what you see? Subscriptions are free!
Social Media: Your Secret Weapon in Combating Negative FeedbackBonnie Southcott
Wondering how to combat negative feedback online? Here's a look at what happens when a company learns the hard way. It's the story of United Airlines Dave Carroll's "United Breaks Guitars." Presented at Social Media Conference Northwest in March, 2010. (Statistics included in presentation notes.)
Congrats! You're being social. Now what?Managing multiple profiles can be overwhelming and more than a little intimidating. If you're not seeing any return on the time you're spending on social platforms or if you're not sure of next steps, this session is for you. You'll learn about tools that will help you minimize the amount of time you're spending on social media, while maximizing the size and engagement level of your audience.
This presentation was originally created for the 2015 IAAP Georgia-Alabama Branch Event.
For more business advice, best practices and time-managment tips, visit http://planyourmeetings.com. Like what you see? Subscriptions are free.
This slide gives a brief description of social engineering, its classcification, attack environment and various impersonation scenario which will give the audinece a sound knowledge on social engineering technique.
Insiders Guide to Social Engineering - End-Users are the Weakest LinkRichard Common
This book is your guide to helping you detect and prevent social engineering attacks, and to better understand how to defend your company from what has grown to become the dominant global cyber threat.
Social engineering 101 or The Art of How You Got Owned by That Random StrangerSteven Hatfield
This covers the basics of Social Engineering, different attack vectors that have worked with real world examples from friends currently conducting such tests, provide different sources to gather information on this topic, and present ways to prevent such attacks from happening in the future.
For years security professionals have been telling us not to follow links or open attachments from untrusted sources, not to click “Ignore” on your browser’s security pop-ups, and not to insert untrusted thumb drives into your USB ports. Do you want to see what can happen with your own eyes? This lunch hour session will show you how to download, install, configure, and use the basic features of Dave Kennedy’s open source hacker tool, the Social Engineering Toolkit.
CNIT 123: Ch 4: Footprinting and Social EngineeringSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Website: https://samsclass.info/123/123_F16.shtml
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
One of today's most challenging security issues is social engineering defense. Despite evidence proving the impact of a social engineering attack, we often see inadequate incident response plans in place. In this talk, we will share our experiences about what organizations are doing when (or, more commonly, if) they detect an attack, steps to strengthen the social engineering defensive strategy, and what best practices to enforce for the strongest possible security posture.
UW School of Medicine Social Engineering and Phishing AwarenessNicholas Davis
An IT Security presentation I created for faculty and staff of the UW-Madison, School of Medicine, about how to recognize and defend against the threats of complex Phishing and Social Engineering, to protect sensitive digital information.
Social Engineering is never considered as serious attack vector. This presentation will educate how to use it handy even to bypass 2 factor authentication.
Understand Social Engineering on a new perspective, beyond the conventional understanding that we have, learn how we use it on social development and securing the weakest link in cybersecurity
An introductory session about Social Engineering presented at ICT Nuggets Forum - Khartoum, organized by Duko team. We talked about what is social engineering? terms related to it? and how attacks can bee carried. We also told a lot of stories about successful social engineering attacks and how much damage they did. Finally we talked about how to protect yourself and your company social engineering attacks.
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
The weakest link in the security chain is often between the keyboard and the chair. People are a problem. We have a natural instinct as humans to trust someone's word. Although various technical means have been developed to cope with security threats, human factors have been comparatively neglected.
Once you put a human in a security chain, you have a weakness. That problem should be addressed by security practitioners, not every member of an organization. Very few would disagree that social engineering is the the most common and least challenging way to compromise an organization, but most accept the notion that there isn't much they can do about it. False!
This talk will focus on the psychological, technical, and physical involvement of social engineering, and also look at how we can remove the human element of the human problem. We will explore what organizations are doing wrong, also the processes and technical controls that can be put in place to achieve a strong social engineering defense.
We'll template a solution that can be customized. What will really help? What is the truth? What if we don't want to surrender our organization to social engineers?
presentation on law as an instrument of social engineering contains- WHAT IS LAW. Why Law Is Needed In Society. SOCIAL ENGINEERING. What Would Happen If There Are No Laws. ROSCOE POUND’S THEORY. Interests . • Law As Social Engineering Theory of Balancing of Interests. Law as Purposive Functional and Need- Based. Summary
What is Social Engineering? An illustrated presentation.Pratum
Social engineering relies profoundly on human interaction and often involves the misleading of employees into violating their organization’s security procedures. Humans are naturally helpful, but when it comes to protecting an organization’s security, being helpful to an outsider can do more harm than good.
These slides discuss social engineering, the most common attack methods, and the best means for defending against a social engineering attack.
For more helpful cyber security blog articles, visit www.integritysrc.com/blog.
You are a scientist. You are busy. You want to be on social media but don't know where to start. Then this presentation is for you. Three easy ways to start within 10 minutes.
“We Don’t Do That Here”: How Collaborative Editing with Mentors Improves Eng...Denae Ford
Slides from CHI 2018 paper presentation describing the pilot Stack Overflow just-in-time mentorship program.
Abstract:
Online question-and-answer (Q&A) communities like Stack
Overflow have norms that are not obvious to novice users.
Novices create and post programming questions without feedback, and the community enforces site norms through public
downvoting and commenting. This can leave novices discouraged
from further participation. We deployed a month long, just-in-time mentorship program to Stack Overflow in which we redirected novices in the process of asking a question to an on-site Help Room. There, novices received feedback on their question drafts from experienced Stack Overflow mentors. We present examples and discussion of various question improvements including: question context, code formatting, and wording that adheres to on-site cultural norms. We find that mentored questions are substantially improved over non-mentored questions, with average scores increasing by 50%. We provide design implications that challenge how socio-technical communities onboard novices across domains.
This slide gives a brief description of social engineering, its classcification, attack environment and various impersonation scenario which will give the audinece a sound knowledge on social engineering technique.
Insiders Guide to Social Engineering - End-Users are the Weakest LinkRichard Common
This book is your guide to helping you detect and prevent social engineering attacks, and to better understand how to defend your company from what has grown to become the dominant global cyber threat.
Social engineering 101 or The Art of How You Got Owned by That Random StrangerSteven Hatfield
This covers the basics of Social Engineering, different attack vectors that have worked with real world examples from friends currently conducting such tests, provide different sources to gather information on this topic, and present ways to prevent such attacks from happening in the future.
For years security professionals have been telling us not to follow links or open attachments from untrusted sources, not to click “Ignore” on your browser’s security pop-ups, and not to insert untrusted thumb drives into your USB ports. Do you want to see what can happen with your own eyes? This lunch hour session will show you how to download, install, configure, and use the basic features of Dave Kennedy’s open source hacker tool, the Social Engineering Toolkit.
CNIT 123: Ch 4: Footprinting and Social EngineeringSam Bowne
Slides for a college course based on "Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613
Teacher: Sam Bowne
Website: https://samsclass.info/123/123_F16.shtml
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
One of today's most challenging security issues is social engineering defense. Despite evidence proving the impact of a social engineering attack, we often see inadequate incident response plans in place. In this talk, we will share our experiences about what organizations are doing when (or, more commonly, if) they detect an attack, steps to strengthen the social engineering defensive strategy, and what best practices to enforce for the strongest possible security posture.
UW School of Medicine Social Engineering and Phishing AwarenessNicholas Davis
An IT Security presentation I created for faculty and staff of the UW-Madison, School of Medicine, about how to recognize and defend against the threats of complex Phishing and Social Engineering, to protect sensitive digital information.
Social Engineering is never considered as serious attack vector. This presentation will educate how to use it handy even to bypass 2 factor authentication.
Understand Social Engineering on a new perspective, beyond the conventional understanding that we have, learn how we use it on social development and securing the weakest link in cybersecurity
An introductory session about Social Engineering presented at ICT Nuggets Forum - Khartoum, organized by Duko team. We talked about what is social engineering? terms related to it? and how attacks can bee carried. We also told a lot of stories about successful social engineering attacks and how much damage they did. Finally we talked about how to protect yourself and your company social engineering attacks.
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
The weakest link in the security chain is often between the keyboard and the chair. People are a problem. We have a natural instinct as humans to trust someone's word. Although various technical means have been developed to cope with security threats, human factors have been comparatively neglected.
Once you put a human in a security chain, you have a weakness. That problem should be addressed by security practitioners, not every member of an organization. Very few would disagree that social engineering is the the most common and least challenging way to compromise an organization, but most accept the notion that there isn't much they can do about it. False!
This talk will focus on the psychological, technical, and physical involvement of social engineering, and also look at how we can remove the human element of the human problem. We will explore what organizations are doing wrong, also the processes and technical controls that can be put in place to achieve a strong social engineering defense.
We'll template a solution that can be customized. What will really help? What is the truth? What if we don't want to surrender our organization to social engineers?
presentation on law as an instrument of social engineering contains- WHAT IS LAW. Why Law Is Needed In Society. SOCIAL ENGINEERING. What Would Happen If There Are No Laws. ROSCOE POUND’S THEORY. Interests . • Law As Social Engineering Theory of Balancing of Interests. Law as Purposive Functional and Need- Based. Summary
What is Social Engineering? An illustrated presentation.Pratum
Social engineering relies profoundly on human interaction and often involves the misleading of employees into violating their organization’s security procedures. Humans are naturally helpful, but when it comes to protecting an organization’s security, being helpful to an outsider can do more harm than good.
These slides discuss social engineering, the most common attack methods, and the best means for defending against a social engineering attack.
For more helpful cyber security blog articles, visit www.integritysrc.com/blog.
You are a scientist. You are busy. You want to be on social media but don't know where to start. Then this presentation is for you. Three easy ways to start within 10 minutes.
“We Don’t Do That Here”: How Collaborative Editing with Mentors Improves Eng...Denae Ford
Slides from CHI 2018 paper presentation describing the pilot Stack Overflow just-in-time mentorship program.
Abstract:
Online question-and-answer (Q&A) communities like Stack
Overflow have norms that are not obvious to novice users.
Novices create and post programming questions without feedback, and the community enforces site norms through public
downvoting and commenting. This can leave novices discouraged
from further participation. We deployed a month long, just-in-time mentorship program to Stack Overflow in which we redirected novices in the process of asking a question to an on-site Help Room. There, novices received feedback on their question drafts from experienced Stack Overflow mentors. We present examples and discussion of various question improvements including: question context, code formatting, and wording that adheres to on-site cultural norms. We find that mentored questions are substantially improved over non-mentored questions, with average scores increasing by 50%. We provide design implications that challenge how socio-technical communities onboard novices across domains.
Creating solid, high-quality content is the cornerstone of any successful marketing strategy. From actually sitting down to write a post to making sure it gets shared on social, there are a lot of moving parts – which is why as much as 40% of brands end up failing. In this presentaion, Danielle gives tips and tricks to streamline the content creation process so you can do more with less.
Learn how teachers can blog and comment their way to a better classroom -- this is based on 10 Habits of Bloggers that Win and How to Comment Like a King or Queen from Cool Cat Teacher.
NOTE: Many of these slides include photos I purchased from Istock photo and the license terms do not allow me to give you a copy, although you CAN run this presentation full screen from slideshare.
Psychology for designers or 3 predictions from psychology for the future of ...Joe Leech
How can an understanding of psychology make your designs better? @mrjoe will make three predictions for the future of web design based on psychology.
We'll also cover
-Why Siri doesn't work very well and won't for a while
-Why right now, we are designing like Sheldon from the Big Bang Theory
-How we'll be designing in five years time
Lean Community Building: Getting the Most Bang for Your Time & MoneyJennifer Lopez
You want to grow your organization's community, but that simply takes more time, money, and general people power than you have access to. Jen walks you through some ways to grow and focus on your community while on a small budget, with limited resources. You'll walk away with tools and tips to help you on your way to community bliss.
Messaging looks like a saturated market for Mobile Network Operators.
Actually we should try to look at new messaging opportunities out there.
The internet of things is becoming a reality and the number of objects and applications that can send messages is definitely huge.
In this presentation I will show some of the thing that have attracted my attention recently.
The Sourcecon webinar slides delivered by Andy Headworth from http://sironaconsulting.com/ on 22nd October 2014. It is about using Twitter and Google Plus to source candidates.
It covers sourcing individuals on both Google+ and Twitter as well as sourcing candidates from Communities and Twitter Lists.
TWTRCON DC 09 case study presentation about how to use Twitter for recruitment and branding. Created by Jessica Lee, Senior Employment Manager, APCO Worldwide (@jessica_lee | @APCOjobs) and
Kerry Noone, Marketing Communications Manager, Sodexo USA, Talent Acquisition Group (@SodexoCareers)
LinkedIn for Business and Social SellingShane Gibson
LinkedIn for Business with Shane Gibson
- Social Selling Rules of Engagement
- Key components of a good LinkedIn profile
- How to get more connections
- Who do you connect with
- LinkedIn publisher
#SEJThinkTank: How to Use a Podcast to Build Your Email List by Jerod MorrisSearch Engine Journal
Email remains one of the most intimate online touchpoints you can have with your audience. But a solid email list needs a good content strategy for it to grow.
In this webinar, learn how podcasts can be used as an intimate platform to build an engaged, responsive email list.
Want to learn about more webinars with SEJ? Check out our other recaps:
www.searchenginejournal.com/category/marketing-thinktank-webinar/
Hello, everyone. I would like to introduce myself to this network and spread word about myself because you have seen my first PowerPoint upload.
I want to take the time to progress my public recognition even further, by showing off my own profile, as well as what I want to do.
I've split up the process of what I want to do into five very important stages that you can also use it for your advantage. I'm describing each stage and what I've done, what I'm doing, and what I want to do.
Please take the time to follow this as well as do what's at the end of this presentation, which is simply following me on some sites. Anyway, have fun and please leave comments!
SREE SREENIVASAN: Fostering Brand Loyalty Through High-Trust Social Media Eng...techsytalk
Social media is a mighty medium to connect and deepen your relationship with your audience, but ONLY if you learn the art of engagement. In this session we bring to you one of the most sought after social media authorities, the former Chief Digital Officer of NYC and The Metropolitan Museum of Art - Sree Sreenivasan - to give us an abridged blueprint on digital and social media strategy to implement immediately with your event teams.
Jennifer Sable Lopez - How To Make SEO An Integral Part Of Your Community Str...FeverBee Limited
Jenn Lopez, director of community at Moz, is one of the world's top experts in using SEO to improve an existing community. In this talk she will highlight specific steps you can take to increase the SEO ranking of your community and get a LOT more traffic.
23. @deadroxy
From: Megan (megan@frestyl.com)
To: Some Blog (blogger@someblog.com)
Subject: Correction to your blog post
You misspelled our company name in your blog post. The correct
spelling is: frestyl. Please update it.
24. @deadroxy
From: Megan (megan@frestyl.com)
To: Some Blog (blogger@someblog.com)
Subject:Thanks! (and small correction to your blog post)
Hi Blogger,
Thanks so much for the post!!
Just a quick favor... I noticed “frestyl” was spelled incorrectly. Do
you think you could update it? Thanks so much!
46. @deadroxy
1. Review Your Resources
2. Pick a Principle
3. Create a Context
4. Sign Post the Path
5. Press Play
47.
48.
49.
50. @deadroxy
1. Review Your Resources
2. Pick a Principle
3. Create a Context
4. Sign Post the Path
5. Press Play
51. @deadroxy
From: Megan (megan@frestyl.com)
To: Some Blog (blogger@someblog.com)
Subject:Thanks + BIG favor to ask
Hi Blogger,
Thanks so much for the post! I shared it on all our social media
channels and we are getting lots of likes + retweets!...
The set up.
52. @deadroxy
...
I have a real huge favor to ask though. I made a big mistake. I’m a
new communications intern at frestyl, and when I sent you our info
I must have spelled the company name wrong.
Totally not true.
53. @deadroxy
...
My boss made a big deal about getting our branding right when I
contact press, and I obviously screwed that up completely.
Everyone hates their boss.
54. @deadroxy
...
If there’s ANY way you could make the correction for me in your
post, it would be a HUGE help.
The effortless save.
55. @deadroxy
1. Review Your Resources
2. Pick a Principle
3. Create a Context
4. Sign Post the Path
5. Press Play
Hi Everybody, I’m Johanna - the co-founder of frestyl and I also have a PhD in Computer Science to show my nerd cred. For those of you who know frestyl, you usually hear me talking about live music discovery, but today I get to tell you about one of my biggest passions: social engineering. And I’m going to explain how you can actually use it.
So what is social engineering? Well despite the fact that it contains the word “engineering”...
It doesn’t necessarily have anything to do with computers. In fact, it often doesn’t.
That’s because social engineering is not the same thing as hacking. Hacking is about breaching digital systems that you don’t have access to (like picking a lock), but social engineering isn’t about breaking into anything. In fact, unlike most hacking, it’s complete legal. But it’s true that the best hackers often use social engineering techniques to breach systems. They’ve learned...
why break in when you can get someone to give you their keys? It’s true.. a big part of social engineering is about manipulating people into giving you what you want.
And recently, Shane MacDougall made big news at DEFCON (the hacking conference) by doing just that. He won the social engineering “capture the flag” contest by inception’ing a Wal-Mart executive to hand over his identity. That sounds like something from a movie right...
Like, something straight out of Hackers...
or Girl with a Dragon Tattoo.
Yeah so this is Shane. It took him 20 minutes sitting in a booth with his computer and a phone to get the information. So, first of all - even though in our minds, we hackers pretend we look really cool, we aren’t. But more importantly, this is just one kind of social engineering. The kind hackers practice. The kind that they made famous. So for those of you who have heard of social engineering, it’s probably because of this guy...
Kevin Mitnick. He was once the most wanted computer criminal in the US and was subsequently arrested and incarcerated. Kevin was released from prison in 2000 and eventually became a security consultant. But after his release he was barred from using technology for 3 years.
It was during that time he wrote and published The Art of Deception. He describes a series of exploits (tricks) in the book, none of which involved programming or hacking. Many people consider this book the bible of social engineering. So what’s in this bible?
Pizza! Well one of the most famous tricks is called “free pizza for life.” Basically, a way of tricking the people at a pizza shop into giving you a free pie. Of course, it only works once or twice before they catch on... so hopefully you live near 365 pizzerias.
So basically at this point it sounds like social engineering is about getting people to give you stuff they didn’t want to give you... identities... pizza... maybe some money... Social engineering sounds a lot like glorified stealing. Right? Well it’s a lot more than that.
Social Engineering is the art of crafting a social situation in which the actors are more likely to follow the engineer’s desired path. Of course that path could be “give me some pizza.” But there’s a lot of other things you might want people to do, that aren’t just about giving you free stuff. Though, that is still one of my favorite tricks. You might want and investor to give you a higher valuation, you might want a media partner to give you some special coverage, you might want your boss to give you a raise.
That all sounds too good to be true right? What is this magical cure for all my social problems? I want to make everyone do whatever I say, all the time - sign me up!
Well, social engineering is not magical.
It’s also not particularly easy.
But it is 100% real and you can learn how to do it.
But, like any art, it takes some practice. And for anything that requires practice, it’s important to be practical. So I’m going to walk you through a real example of how we do everyday social engineering at frestyl.
Our communications intern Megan came to me with a problem this summer. This by the way, is exactly how she presented it. So, Megan had recently worked with a blogger who wrote a post about frestyl. And after it was published - she noticed our product name was misspelled. This is pretty normal seeing as this is how we spell frestyl...
Hey, we are a cool live music startup. What do you want?
So a blogger misspells our name, and of course we want them to change it. So what are Megan’s options?
Well, she could tell the blogger they made a mistake and ask them to fix it. <read email> That’s pretty dry and robotic though. I’m pretty sure no one except bots send out emails like that. But okay, at least we are thinking now. Clearly, just telling a person to do what you want is not the way to go. And probably most of you would send something like this...
<read email> You’re probably thinking, yeah that sounds nice. What else can you do? I mean, asking nicely, throwing in a bunch of thank you’s, what more is there? The secret of social engineering, is that there is way more.
Social engineering techniques give us the tools to figure out how to write an email that this blogger just can’t refuse. I’m going to break it down into 5 easy steps.
When engineering anything, the first thing you need to do is take a look at what materials you have on hand. In a social situation this means understanding your leverage, disadvantages, value, drain, knowledge, ignorance, etc.
So in our example, what resources did Megan really have to work with?
Well not too much. She doesn’t have any particular leverage with this blogger since they had only just gotten in contact. Megan didn’t have much of value to give in exchange (it’s not like we are giving out fabulous perks to our media partners). She really didn’t have much power over this blogger at all. But what Megan did have going for her, where some useful “disadvantages”. She’s an intern. Sorry, it’s true... but everyone considers interns the lowest rung on the ladder. But sometimes when people perceive you to be at a disadvantage, you can use that in your favor.
If the owner of this SUV had a disability, and special parking permit, this would be fine. If however, this car belongs to a superstar athlete, parking in a handicapped spot is really not cool. But, I have to warn you we’re about to get into what for some people is a deep moral gray area.
No, I don’t think it’s cool to get a fake permit and park in a reserved space. But is it okay to limp into soccer practice and pretend you hurt your ankle because you don’t want to play? I’m pretty sure everyone here has called in sick once to take the day off. But, we’ll get back to these moral quandaries later... poor, disadvantaged Megan the intern has 4 more steps. Next, she needs to...
Picking a principle to work with. First off, what are these principles?
They are the 6 key principles of influence and they are the secret sauce of social engineering. They are brilliantly outlined in a book by Robert Cialdini called...
Influence: The Psychology of Persuasion. You should read it, but since you don’t have time now, let’s go through this Blinkist style. First principle:
People tend to return favors. If you give me some of your company schwag, I’m more likely to give you some of mine. And you might want that because I work somewhere with awesome schwag. Principle number 2...
People who say yes or write you a confirmation, anything that feels official, are much more likely to keep their word. Letters of Intent, Memorandums of Commitment, make up anything, just get customers to sign it and swear on something precious to them. Principle number 3...
People are lemmings. They copy each other. We all know about social proof. But standing next to the right person at a networking event can open big doors. Principle number 4...
But then there’s authority... people always listen to the man in the uniform (even if he’s not actually a police officer). If you’ve got a C in your title, use it. Principle number 5...
Of course we all know about liking... but it goes beyond Facebook friends. Even if I don’t know the person I’m in this super important meeting with, I can do my homework first. And if I can get them to like me quickly by connecting over some trivial shared passion (omg you love home brewing too?!?), I’m at an advantage. And finally, principle number 6...
Scarcity. Like coveted beta invites, we all know about trying to generate demand. But if I’m a successful investor, and I’ve cultivated a reputation for being short on time, when I give you half an hour, it seems like years.
But wait - there’s more. The 6 principles are great, but there’s actually two that I have given myself the authority to add (because I use them all the time). So, onto number 7...
People tend to take the path of least resistance. It’s true that people will often obey directions from authority figures, or copy what they see other people doing, but in a broader sense, as a species we generally avoid conflict of any kind. We don’t go against the grain. Most people drive within the lines. So when you sit down in a board room, and your team sits around one corner, there is no longer the classic “other side” of the table. Most investors will just follow your lead instead of forcing the seating arrangement that suits them. So you’ve just gained a big tactical advantage. But the 8th principle, is the most important. And it’s the most controversial when I talk about this...
People love to feel good about themselves. When given an opportunity, they will take it without hesitation. However, most normal people are lazy (as we saw with the last principle), so we don’t have billions of people running around handing each other flowers! So why is this principle so useful? Because if you can create a situation where a person can feel fantastic about themselves, feel like a hero, and make it be entirely effortless on their part - they will, almost invariably, take the bait.
So now that we all know the principles, let’s talk about what Megan should do. Since she’s at a general disadvantage in this situation, her best bet is going to be to use a cocktail of...
non-Authority, Reciprocity and Self-Satisfaction. This is basically the social engineering version
of pretending to fall on your own sword in front of another person. Basically, you’re making yourself appear to be in great danger, needing to be saved! But to be saved, we need to be saved from something. And that’s where this context comes in...
Creating a context is like setting the stage. When you walk up to an airport counter and say “I missed my flight because I was stuck in traffic” it sets a very different tone than “I missed my flight because I just performed CPR on a man who collapsed in the parking garage and saved his life”. Heroes get special treatment.
And so do cats. Cats are amazing at this. They can get out of trees...
but they are always convincing firefighters to save them. So what context can Megan create that will allow her to be rescued?
The evil boss! That’s me be the way before I have coffee.
So now all that’s left is to sign post the way for our blogger. We need to explain how easily Megan can be saved. So let us go back to our email...
Megan starts by setting up some reciprocity... <read email>
Then, she takes all the blame for something that is so not her fault. <read email> Man this girl must be clueless.
Then, Megan introduces the blogger to her world of the angry boss <read first line> and repeatedly falls on her sword <read second line>.
Then, she explains how she can be rescued from this hellish nightmare. <read email> All the blogger must do is simply make a quick change on Word Press. And with a few key strokes, he is going to save this poor little intern’s entire career. He could be a hero.
And to set everything in motion, Megan adds a final sense of urgency...
<read email> She is there, watching the minutes tick by until I wake up, check my Facebook, and have her executed. But this blogger can save her by essentially doing nothing. So this - ladies and gentlemen - is an email they basically can’t refuse. Because...
Everybody loves to be a hero. It feels so good to be a hero. But that is the true art of the game...
To craft a situation in which all the players feel like winners, because then they want to keep playing. Simple, right? Well, some of you might be thinking...
“ Hey, wait a second. Isn’t making everyone ‘feel’ like a winner, just a nicer way of saying that social engineering is about conning people?” The truth is, it’s up to you, but every social engineer needs to wade through the deep gray areas and develop their own style and limits.
It can be a little confusing to put on the “gray hat” at first but I’m going to leave you with the four rules I live by to get you started on your path.
I make it a practice to only use my powers for good, and when trying to engineer a situation, I make it a policy not to make anyone’s lives worse for my (or other people’s) benefit. But even if you’re not so pure at heart, it’s important to remember that the principle of reciprocity shows us we need to give something to get something back. And so doing something actually helpful to another person is often one of the best ways to start creating a context. The classic “Here, let me help you with that...” is a great way to open someone up. Being nice works. But more importantly, you need to stay grounded...
and remember that SE is just a game. When I work on engineering a situation I make sure never to risk too much. I treat every SE win as a bonus, but I always go in assuming I’m not going to be successful. That way, you never have too much on the line. If you lose, you should walk away no worse off than you were before. So giving your boss an ultimatum like “give me a raise or I’m quitting” is probably not a wise move. I wouldn’t gamble so recklessly, but when you do make your move...
You have to believe every word you are saying. In social engineering, confidence is king. If you aren’t buying what you are selling, nobody else will. You can tell yourself it’s like acting, pretend like you are a spy, but whatever you do, you need to commit 100% to the context you are creating and really live the whole moment like it’s real. So how do I manage to be so convincing? It’s not a gift...
It really comes down to practice. And I honestly practice every day. I look for trivial situations to challenge myself with: can I get to the front of this line? Can I get upgraded on my flight? Can I get into this event for free? Worst case scenario, I don’t and I’m right where I started. BUT I’ve improved my skills and I’m starting to feel more comfortable getting rejected. And to be honest, that does happen a lot especially when you are just starting out. But, it’s worth it. Because the ones who don’t give up become the true social engineers - and when you meet another one during your exploits you’ll be able to share the insider’s nod that says:
You’re either playing the game, or you’re being played. And that’s the secret of...