4.1. Introduction to Guerilla Psychology
This section examines the various facets of the human psyche that can be exploited to obtain information and predict and control behavior. Different people respond to different stimuli according to the makeup of their characters. However people with similar characters are often found in similar roles. Thus it is possible to predict with a certain degree of accuracy which techniques will be effective given sufficient knowledge of a target individual. A basic understanding of the following concepts and threat vectors is critical to obtaining any real success with social engineering as well as having any chance of protecting yourself against it. Social engineers play on states of mind in order to get what they want. In this section, I'll talk about exploiting the following:
trust;
ignorance;
gullibility;
greed;
the desire to help;
the desire to be liked.
4.1.1. Exploiting Trust
Exploiting trust is at the core of social-engineering attacks. People trust the familiar. In the workplace, most people trust their colleagues (at least in the context of the work environment). We humans are by our nature trusting within our own clan or circles and less so outside them. But, more often than not, we err on the side of trust unless we have a specific reason not to.
For example, if someone calls from a marketing company to ask you to participate in a survey, your first inclination is not 'Arrgghh, a social engineer come to plunder my corporate secrets!' but ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
