#8. Techie Talk
Many penetration testers and malicious hackers come from a technical background and not a background in human psychology. As a result, when technical people need to do social engineering they resort to what they know best: being a techie.
An example of this is when a social engineer calls up a user within an organization and impersonates a help desk operator. Here is a sample of what that phone call may look like:
Social Engineer: “Hello. This is Andrew from the help desk. Hey listen, we’ve been noticing that some passwords have leaked out, and we are calling around to make sure that people are changing their passwords. We think your password may have been compromised, so if you don’t mind, I’d like to walk you through changing it.”
Social Engineer: “Great! First, I want you to hold down the Control button, the Alt button, and the Delete button at the same time. That will bring up a new screen that has several buttons. Once this appears, click on the Change Password button. Now it’s important that you type in a secure password that contains a good mixture of uppercase and lowercase letters as well as numbers so that it is difficult for an attacker to hack into your computer. What password are you going to use?”
User: “Hmm…let me think. How about Password123? Is that secure?”
Social Engineer: “Absolutely. Go ahead and type in the new password and press OK. I really appreciate you taking the time to do this to keep your computer secure.”
The social engineer was able to use his or her knowledge of technology to convince a user to give out a password.