How to Coach Yourself and Others Beware of Manipulation | Page 184
70. Social Engineering
Social Engineering is a term used by computer hackers who seek to get confidential information from
company employees by which they can have their way with company computer systems. The methods
they use are simple and effective as illustrated here. The core principle is to play on the trust that
people naturally give to one another. The massive cost is the erosion of trust and, in consequence,
society.
Hackers are not the only people to use these methods and head-hunters, sales people and more may act
as 'social engineers' to extract the information they need from unwitting employees whose first goal is
to get their job done with the minimum hassle.
Principles
Bold impersonation
The basic method the social engineer uses is to phone up a company employee and ask them for the
information wanted. Of course employees do not just dish out company secrets--but do they? If they
believe they are talking to another employee then many will happily help a colleague. Impersonation is
thus one of the fundamentals of social engineering.
Learn the lingo
The first trick, before asking for the detail wanted, is to sound like an employee, using company jargon
and dropping names of other employees. This may be found in websites, magazines and across
conversations, including eavesdropping on the chat of others in nearby bars and restaurants.
183