http://www.csoonline.com/article/691910/new-social-engineering-poll-reveals-which-scam-works-better By Joan Goodchild Senior Editor CSO October 17, 2011 Which tactic works best for a scamming social engineer? Acting like an authority figure and requiring a victim to answer questions and give up sensitive information? Or acting like a nice, trustworthy person who strikes up a friendly conversation and just needs the victim to tell them a few things to help them out? That was the question asked by the team behind the web site social-engineer.org. They have just released results of a several-months long poll that laid out two different scenarios of how a social engineer might try and elicit information from a victim. The first showed how the principle of endearment and how it may be used by a malicious social engineer. The example given was a social engineer who attempts to get strangers to engage in very personal conversation with him with little effort. Dressed very casually he grabbed a prop that he felt would endear people to him, a small sign that had a funny slogan on it. As he walked around, looking like a tourist with his prop, he was able to engage people in conversation. "The fact is we like to deal with people who are like us, but even more powerfully we like to deal with those who LIKE us," said Christopher Hadnagy, founder of social-engineer.org and author of Social engineering: The art of human hacking. "Endearment makes a person feel liked and, in turn, like you. Endearment is used by getting on the same plane as the target, or giving them reasons to like you." [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Mon Oct 17 2011 - 22:51:10 PDT
This archive was generated by hypermail 2.2.0 : Mon Oct 17 2011 - 23:00:07 PDT