IN our second visit to the subject of social engineering, this week we will focus on the approaches used to socially engineer others.

Not in terms of the how, but instead over what technologies (e.g. phone or in person) and how to change your behaviour based on this. Email can be covered in more detail when discussing phishing, and won’t be covered in this article, unfortunately!

When conducting social engineering over the phone, there are a variety of approaches. It is important to take into consideration that the individual in this case, the “victim”, has no prior perception of you, the “attacker” and bases their entire judgement of you based on your voice and attitude.

We can use this to our advantage and adopt different behaviours to deceive the victim on the other end. For example, the attacker may adopt a patient, friendly behaviour to “warm” to the victim and be a friendly figure, or instead take an authoritative figure and aim to extract information by intimidation. Both ways have success in different situations and should be used interchangeably.

READ MORE: Engineering things to your advantage

In person, social engineering must be more thoroughly crafted. Unlike over the phone, the victim will base their opinion of you on both your appearance, your mannerisms as well as your voice.

In this situation, it is important to build a persona to avoid appearing “fake” and raising suspicion. Keep it simple, a high-vis jacket, or sometimes even pizza, is often the main catalyst you need to lower your suspicion. Many highly revered social engineers succeed by blending into the environment they are entering.

As a final combining note for both scenarios, consistency is key – choose your mannerism and character and stick with it. Falling out of character raises suspicion and can be the one break in the chain to blow your cover!