---------------------------------------------- a small but useful guide to social engineering ------------------ by mechanic --------------- Okay, there are many texts about social engineering out there in the vastness of the net, but I have done a little research on the topic, and decided to show you what I have learned. What is social engineering? The Hacker's Dictionary defines it as this: Social Engineering: n. Term used among crackers and samurai for cracking techniques that rely on weaknesses in wetware rather than software; the aim is to trick people into revealing passwords or other information that compromises a target system's security. Classic scams include phoning up a mark who has the required information and posing as a field service tech or a fellow employee with an urgent access problem. This is correct, the term wetware refers to your mind, meaning you have to use your brain actually for something. And social engineering cannot be based upon scripts, as all people are different from one another, you have to rely on what you know, what you know about the company/person, and your own spark of creativity. þÅþ A Few Tips To Social Engineer Your Way To Anything þÅþ -Find out everything you can about a person/company before trying to pry information out of them, the more you know, the more trustworthy you will seem, and this is one thing that you must be good at, getting people to feel they can trust you, and that you are really who you say you are. -A good way to get infomation on a company/person is to go trashing, meaning rummaging through their trash to find out personal things. Names, habits, kids, when they last went on vacation, bosses, love notes, etc. -BE CREATIVE! If you just follow examples and scripts, you will most likely not get what you are after. -Don't be afraid to engage in a little idle chit-chat here and there. It will make you seem more beliveable, talk about things that would interest the mark. -Remember this, giving people the opportunity to agree with you will make it easier for them to trust you. If you ask or say something that the mark will agree too, it will make you seem that you can be trusted. This may seem odd, but it works, no matter what the situation. Maybe even start off with questions and comments both parties can agree on. Information that you are both familliar with makes easier subjects to agree on, and makes it easier to find out what the person is like, thus giving you a chance to be even more creative. Helpful tips on a familliar subject to the mark will also increase trust and respect. -Showing some hint that you know what you are talking about, but not sounding too prude and arrogant will also help. -A kind, familliar, everyday-joe type voice is better to use, thus making the mark feel more comfortable talking to you, rather than speaking in a gruff, hard voice, that will be intimidating to the mark. -When acting as a supervisor, boos, or whoever, just someone that is supposed to have more senority within a comapny, be firm and sure of yourself when asking for some information, a timid boss is a bad boss. I mean have you ever heard a sweet, forgiving boss try to yell at someone? It just doesn't produce anything. And that is all, I hope you found this informative and helpful, scince you must be creative to social engineer something from someone, I will leave it to you, the possibilities that these tips can be used are limitless, unless you have an un-imaginative and limited mind, then social eningeering is not for you, and this file is worthless to you. ----------------------------------------------------------------------------- visit the DMS homepage at http://www.javanet.com/~mechanic grab some more of our files at www.javanet.com/~mechanic/dms/ mail us at mechanic.javanet.com þthis has been a txt from DMSþ