Scribbler Logo

    You have 4 summaries left

    The Social-Engineer Podcast

    Ep. 216 - The SE ETC Series - Acting Your Way in Social Engineering with Curt Rosa Patrick and Chris

    Mon Jun 26 2023
    social engineeringtraining programsacting techniquesbuilding rapportpretext engagementsverification callscustomer service skills

    Description

    This episode covers various aspects of social engineering, including training programs offered by Social Engineer LLC, the use of acting techniques in social engineering, the importance of staying in character and building rapport, tips for successful pretext engagements, strategies for building rapport and conducting verification calls, the application of customer service skills in social engineering, and the overall insights gained from the discussion. Listeners are also invited to join the Slack channel for social engineering enthusiasts.

    Insights

    Training Programs and Nonprofit Support

    Social Engineer LLC offers practical social engineering training online and in-person, covering OSINT, spear phishing, and vishing techniques. They also support Innocent Lives Foundation (ILF), a nonprofit organization that helps law enforcement track individuals involved in child trafficking.

    Acting Techniques and Persona Development

    Guests on the podcast discuss the use of acting techniques, such as dressing up as the persona being portrayed, to enhance social engineering engagements. They emphasize the importance of staying in character, playing objectives, and being comfortable with vulnerability.

    Building Rapport and Pretext Engagements

    The importance of matching demeanor to the character's traits and feelings during pretext engagements is highlighted. Unique aliases are recommended to add interest and avoid common names. However, caution should be exercised to prevent incidents where aliases match actual employees.

    Verification Calls and Emotional Manipulation

    During verification calls, it is crucial to never break character and continue building rapport. Emotional responses from callers can provide valuable information, but ending calls with emotionally hijacked individuals can be challenging. Additional verification steps, such as a word of the day, can help defend against social engineering attacks.

    Customer Service Skills in Social Engineering

    Applying customer service skills, such as troubleshooting and going above and beyond to solve problems, can enhance social engineering engagements. Listening and building rapport with targets before revealing the true purpose of the call increases their willingness to cooperate.

    Chapters

    1. Introduction and Training
    2. Podcast Episodes and Acting Techniques
    3. Character Pretext and Demeanor
    4. Building Rapport and Verification Calls
    5. Customer Service and Communication Skills
    6. Conclusion
    Summary
    Transcript

    Introduction and Training

    00:02 - 06:53

    • Patrick Lavarie introduces himself as a member of Social Engineer LLC, where he works with a team of social engineers.
    • Social Engineer LLC offers practical social engineering training that includes OSINT, spear phishing, and vishing techniques.
    • The training is available online and in-person in Orlando and Bucharest.
    • The podcast hosts invite listeners to join the Slack channel for social engineering enthusiasts.
    • They also mention Innocent Lives Foundation (ILF), a nonprofit organization that helps law enforcement track and locate individuals involved in child trafficking.
    • ILF accepts volunteers and donations to support their mission.
    • The hosts announce the upcoming End Child Exploitation Gala in Los Angeles, hosted by LeVar Burton, to raise awareness and funds for ILF's work.

    Podcast Episodes and Acting Techniques

    06:29 - 21:19

    • There are four different podcast episodes released each month, covering various topics in social engineering.
    • The episodes include interviews with thought leaders in the industry, conversations with chief security officers and chief technical officers, and discussions on the psychology of social engineering with a resident PhD psychology expert.
    • The hosts are open to suggestions for future episode topics from listeners.
    • In a previous episode, the idea of getting into the mindset of a social engineer was discussed, leading to the decision to invite experts who use acting techniques to understand the overlap between acting and social engineering.
    • The guests for this episode are Rosa Rolls and Mr. Kirkclump, both human risk analysts at Social Engineer LLC.
    • Rosa shares her practice of dressing up as the persona she is portraying during phishing calls to help her get into character and build rapport with targets.
    • This practice is supported by research on 'enclothed cognition', which suggests that what we wear can affect how we act and perceive ourselves.
    • Rosa's approach helps her feel less guilty about obtaining credentials during phishing calls because she genuinely believes she is someone from HR or IT there to assist them.
    • The guest discusses how dressing professionally helps with their delivery and how they determined the appropriate attire for their character.
    • The guest explains their background as a classically trained professional actor and their experience in theater, films, and commercials.
    • The guest highlights the importance of staying in character, playing the character's objectives, and being comfortable with vulnerability in social engineering.
    • Acting in theater requires thinking on your feet and adapting to unexpected situations, similar to social engineering.
    • Being unshakable and showing vulnerability can create sympathy and assistance from others during social engineering engagements.
    • Another guest shares their experience performing in chorus and emphasizes the need to let go of personal feelings and embody the role while social engineering.
    • Dressing as a specific persona and getting into an alter ego is important for successful social engineering.

    Character Pretext and Demeanor

    13:35 - 28:26

    • When assuming a character for pretext, the demeanor should match the character's traits and feelings.
    • Drawing from personal experiences in music performances, being open and honest with the audience builds understanding and trust.
    • Sharing relatable experiences, such as having a long day, can create empathy and believability in phishing scenarios.
    • Rosa is typically quiet and reserved but transforms when singing with a microphone.
    • Kurt uses different aliases for different roles in pretext engagements.
    • Kurt's aliases include Dog (IT), Grant (HR), and Tim (miscellaneous).
    • Using unique names for aliases adds interest and avoids common names like Smith.
    • An incident occurred when Kurt used an alias that matched an actual employee at the client's company.

    Building Rapport and Verification Calls

    28:02 - 40:39

    • Sometimes people believe you or are non-plus when you confidently say something, even if it's stupid.
    • During verification calls, we never break character and continue to build rapport with the caller.
    • If a call is not legit or cannot be verified, it's best to end the call immediately.
    • Mentioning the name of a directory during verification can provide useful information for future calls.
    • After trying to verify someone who doesn't exist twice, it's considered due diligence.
    • Threats and emotional responses from callers may not be ideal but can still provide valuable information.
    • Some people can be emotionally driven and easily manipulated during social engineering calls.
    • It can be challenging to end a call with someone who is emotionally hijacked and desperate to fix their mistake.
    • Having a word of the day as an additional verification step can help defend against social engineering attacks.
    • Implementing security measures may slow down processes, but it is necessary to protect against vulnerabilities.
    • Acting classes and improv training can be beneficial for social engineering, even when the other person is not aware of the manipulation.
    • Listening and building rapport with the target before revealing the true purpose of the call increases their willingness to cooperate.

    Customer Service and Communication Skills

    40:10 - 47:10

    • Building rapport with customers by troubleshooting and helping them with their problems
    • Using acting techniques, such as listening to scene partners and being present, to improve communication skills
    • Keeping phone calls fresh and engaging even when following a formulaic path
    • Providing exceptional customer service by going above and beyond to solve simple problems
    • Teaching social engineering principles in a foundational application course, including pre-texting and body language
    • Analyzing real vision calls to identify points of influence
    • Applying performance art techniques in non-performance-related roles for effective communication

    Conclusion

    46:47 - 48:14

    • The conversation was great and insightful.
    • The skills discussed can be applied in various fields.
    • Next month's episode topic is a surprise.
    • Thank you for listening to episode 216.
    1