In the last post about social engineering I gave a bunch of basic information of how it can be put to work. In this post I’ll show how I used it lately by illustrating three recent examples: at an airport, bluffing to get into a club, and getting a much better phone subscription.

These examples are highly arbitrary really, what matters here is the underlying principles at play in each situation. You can easily apply the same methods I’m explaining here immediately in your own life.

Practical Examples of Social Engineering
1.      At the airport asking for a pencil.

Me (to middle-aged man in airport):  Hey could I borrow a pencil, I just got a great idea!

Man: Sure, what kind of idea?

Me: A chapter for my book!

Man: Wow. Here, let me give you this pencil!

Now, I didn’t deliberately use social engineering here. But I used it skillfully without thinking about it. Had I just asked randomly at a crowd of people for a pencil I doubt I would’ve gotten it; they would likely just have ignored me or thought I was annoying. When I said it I was very enthusiastic and the old man immediately felt it was something important and wanted to be of help.

2.      Bluffing to get into a Club.

I was standing in line for a club/venue and had stood there for about 15 minutes (so I had invested a bit into it) until I got to the front. Only then do I see a sign indicating that tonight only people with special invitations or reservations could get in.

Most people would just walk away at this point or figure that they give it a half-assed attempt.

But I quickly decided I was simply going to just go with it. I’m not going to let my 15 minutes go to waste. So when I got up to the guard and he asked me for reservations I simply stated my name and bluffed that I’d made a reservation two days ago; I did this in a business-as-usual kind of manner as explained in the previous post.

When he said he couldn’t find my name I acted as if I was angry and outraged. The guard got a bit uncomfortable and explained that they had had issues with their website’s booking system lately and that that was probably the issue here. He then let me in.

I win.

Key point – decisiveness matters. Companies want happy customers. Clearly indicate that you are unhappy, even if bluffing.

Had I taken the half-assed approach of trying to act “nice” and told him:

I didn’t know about the reservation rule this night, please let me in anyway because I have waited for 15 minutes!

It is highly unlikely that he would have let me in. The reason for this is twofold:

Firstly because I am showing that the fault is on my side and that I am the one who made the mistake and not them. The guard thinks he is doing his job by disallowing me entry – those were his basic orders tonight.  By admitting to know about this rule and breaking it, even if just now, I am asking the guard to take a risk on my behalf. He has little to gain, but a lot to lose from doing this. On the other hand, by taking the bluff approach I am framing the situation in a way that tips these scales in my favor; now he has more to lose than he has to gain from letting me in.
Secondly I am making it very easy for him to say no to me. I am basically asking his permission to get in, coming from a place of low value. People instinctively dislike people of low status and are inclined to say “no” on autopilot – and I am eliciting this type of behavior from him by acting in this manner. It is way easier for the guard to say no to me if he knows there won’t be any bad consequences (which is what I am indicating by admitting that I know I messed up) than it is if I am upset and may potentially file a complaint against him or the club.

So, in theory it seems like a nice thing to be honest, but in practice it only proves that you are ignorant about human social psychology.

3.      Getting myself a much Better Phone Subscription

The dynamics of this one is very similar to that of the club example.

I called up customer service of my phone company and threatened that I would go to one of their main competitors. I then gave the customer service guy a detailed description of how much better the other company’s subscription was than theirs and why I liked it. I provided a seriously valid reason WHY I would leave. “Because” being the magic word.

Well, lo and behold, suddenly the guy presents me with a secret subscription deal that is HALF the price I currently have, and I get free unlimited Internet. That’s almost a third of the price I paid before. It’s incredible how these phone companies play us for suckers.

Obviously they only pull out this sort of deal to the customers they want to keep the most, and when they are sure that they will lose them otherwise.  There is no way the phone provider companies could get away with charging such over prices unless everyone else wasn’t doing it. It is a massive cartel-like thing.

The interesting thing was that the guy was very close to trying to withdraw the deal from me once he got me on the hook. He was a great salesman and almost succeeded, but not quite. He was trying to Jedi mind trick me into forgetting his magic deal, but no dice. I win.

The key point was that I very clearly indicated that I was upset and was going to leave. I did not even ask for a better price, it had to come from him or it wouldn’t have been convincing on my part. In short, he perceived he had more to gain from helping me and keeping me as a customer than to let me go.

If you do not rebel and test the limits and show that you cannot be pushed around you will continue to pay a marked up price when it comes to these sort of things.

Why and how does Social Engineering work?

Because people want to be helpful and/or benefit themselves.

If you can make it seem like they are doing you a favor or that they are helping you somehow, and making you happy – for example by providing an arbitrary reason – most people will go along with what you’re asking so long as it doesn’t involve risk to them.

Identify with their position

Also, it is very important to recognize what position the other person has, and how strongly invested he or she is into the interaction or situation at hand. For example, a cop isn’t paid well enough to risk his life single-handedly chasing after a bank robber. He has way too much to lose.

Similarly, an employee on the support or sales side of a company typically has more to lose by an angry customer potentially wanting to file a complaint against him or the company than he has from stepping slightly over his boundary of what he can agree to.

Always take into account the role of the other person. It helps if you have personal experience in that line of work.  Think about what, and how much, the other person has to lose if something goes wrong, and how much he or she has to gain by helping you.

I dislike the notion of social interactions which some people have; namely that there is an ongoing combat of frames going on between two or more people in which there is a definite victor based on whose ego is the most forceful.  We’ve all met people like this – the annoying argumentative person who makes everything about “winning” and is on a constant paranoid struggle to maintain his or her image by having to always be right about everything.

Recognize that most people are sheep

If you are in a queue and you see people getting ahead you will soon notice that there are two types of reactions.

The first is that of people who are crudely pushing through the queue. They will usually be confronted with bad social feedback, but ironically enough they usually get away with it.

The second is that of people who are more skillful. People do not even notice it because they act so smoothly and project such authority. This makes the ordinary “sheepish” people unconsciously assume that they are simply entitled to do so. They will likely not think about it – it won’t register in their minds.  But even if it registers in their minds they will rationalize it as it being some important person – maybe the owner of a club or some rich guy with connections.

You won’t be able to pull it off if you are insecure

But in probably 70% of the cases you will be able to do it simply by going for it.

You will be surprised with the kind of stuff you can get away with if you simply do it. But most people are too afraid of breaking any kind of social conventions. Therefore they do not suspect that others can do it.

You don’t know what you can get away with until you try.

 - COLIN POWELL -

Recommended reading: Kevin Mitnick – The Art of Deception

Boring, but good book. Goes into much more advanced social engineering.

 

Question:

Got any personal examples of ballsy social stuff you have done lately?

The post Social Engineering Applied in Daily Life: Part 2 – How I’ve Used it Lately appeared first on Startgainingmomentum.