Congratulations if you have decided to become a disciple of the lost art of social engineering. I say lost, because the art has lost it's meaning over the last few years, and has been dilluted by people who talk a lot, but do not practice. Lost, because there are people who try to turn it into a science (it isn't), or try to persuade people that you need special powers to become a social engineer (you don't).
Too many times I hear people asking the same questions whenever they want to delve into the wonderful world of social engineering. The first knee-jerk reaction is:
"yeah, I've read the books, listened to the CD's, bought the T-shirt, I know social engineering"
The point I'm trying to make is, social engineering isn't something you can learn from a book, a CD or a movie: it's something you can only learn by doing.
I've had numerous people tell me that they "know all about social engineering", only to have them shuffle their feet and look to their toes when I give them the phone to make the call.
"Who, me?"
And then, the excuses creep in:
"I need more information on the target"
"You go ahead, I'll go last"
"Now is not a good time, I need to prepare myself for this"
"I'm more of an e-mail person"
"But what if they don't believe me?"
"What if they want to call me back?"
"What if I fail? Won't that ruin everything?"
Social engineering is doing. Social engineering is doing, falling flat on your ass, and getting up without second thought and try again. Until the time you can grab a phone and instantly strike up a conversation, you might "know" social engineering , but won't be a social engineer.
How you can train yourself to do this, is something I'll write about another time.
Abonneren op:
Reacties posten (Atom)
Geen opmerkingen:
Een reactie posten