Social Engineering

Social engineering as defined by wikipedia is, “the art of manipulating people into performing actions or divulging confidential information.” In a nutshell social engineering can be equated to “people hacking.” Where as hackers find flaws in computer systems, networks, and programs and exploit those flaws in an attempt to gain access to restricted files, information, or otherwise confidential information, social engineers find flaws in the human psyche and exploit those flaws for many of the same reasons a “typical” hacker would.

When it comes to social engineering there are typically only a handful of “tools” at the disposal of the social engineer. Among these tools are a basic understanding of human nature, cognitive biases, and psychological fallacies. The following lists name, and explain, many of the common cognitive biases. While it is not important to commit each and every one of them to memory, it is important to learn which of the following you typically observe in everyday life and commit them to memory as you'll notice that they will turn up more and more as you continue your social engineering career.

List of cognitive biases

• Be Polite: I cannot tell you how many people hung up on me when I first started social engineering because I acted like an asshole. Act like you own the place but be polite at the same time. Saying, “I would like to speak with your manager” and “BITCH GET ME YOUR FUCKING MANAGER” both mean the same thing at their core but which one would you personally like to respond to?
• Be Knowledgeable: Different professions and companies have different technical jargon. If you can learn this jargon through means of the internet, go for it. If not, try calling a few times and asking tech specific questions which may unlock little nuggets of wisdom for you. Maybe they call a motherboard a MoBo (this is a poor example but whatever), make note of these words.
• Be Firm: People naturally want to help people but that doesn't mean you make yourself a wet noodle.
• Being passive-aggressive while asking for help makes people actually want to help you more. If you ever saw the movie Hackers you can remember the scene when Zero Cool/Crash Override/Dade Murphy called up the television company and told the guard that if he didn't get the work done the corporate big heads would have him commit huri kuri. By asking for help while still “pushing” the guard to help him, Dade Murphy was able to hack into the television network.
• Learn Basic Psychology: I've put up a list of certain things people take to be true even though they shouldn't but you shouldn't stop there. Learn the kinds of people that someone is more likely to help, to avoid, to hate. Knowing these things will help you become any type of person you want. If you think one of the CEO's is an asshole and you try to impersonate them but act nice, your cover is blown.

• if you need to lie (which you shouldn't because we seem to be 'in the clear') make sure your lies are around 90% truth and only 10% lie. This makes it much harder to disprove, and if the subject decides to research on their own, they will find the truth then see your argument as creditable. If they find anything disproving, also this adds reasoning that the person, merely miscommunicated rather then lie directly to the target.
• People generally will generally convince themselves when it comes to falshoods, the best thing to do is provide the groundwork and let their minds work against them. (someonewhat stated above)
• Details are the absolute most important thing there is. Several small things are infinitely more likely to pass you off as a true member of the community than a huge red fucking banner on your myspace proclaiming 'I HEART YIFF' or whatever applies. Once again, people generally convince themselves far more effectively than anyone else ever could. All you have to do is lay the path and put the rose petals down.
• At the same time, too much detail is a bad thing. If a new user demonstrates encyclopaedic knowledge of the target community, people will become suspicious.
• If you need a guide on how to troll through arguments, and need more help on the argument itself, see forum trolling.
• Learn the Rules of Inference, such a Modus Tollens. Learning basic propositional logic teaches how to dissect and build arguments mechanically. Eg: If A and B are true, then C must be true (each person CHOOSES what A and B are, so even if D is false, by only exposing A and B, the argument is true to the uninformed)

• Disinformation (False sources)
• Scapegoating (blame it on someone else)
• Proof by assertion (they love dis)
• Appeal to emotion (basic foundations for psyops)
• Straw man (Misrepresenting a position)
• Glittering generality (Pick your wordz wisely)

Also familiarize yourself with these methods and their consequences:

• Black propaganda
• Grey propaganda
• White propaganda (Do it for the lulz)

These are much longer and more difficult to understand. So make sure you re-read and master.

• Ad hominem (basic way they use to attack)
• False dilemma (limiting your choices)
• Red Herring (going off topic)
• Half-truth
• Reductio ad Hitlerum