1 00:00:06,700 --> 00:00:07,533 - [Instructor] For many years, 2 00:00:07,533 --> 00:00:11,110 attackers tried to manipulate the human behavior, 3 00:00:11,110 --> 00:00:13,260 not only to reveal sensitive information, 4 00:00:13,260 --> 00:00:17,610 so to trick a person to reveal information 5 00:00:17,610 --> 00:00:20,670 that, you know, he or she should not be 6 00:00:20,670 --> 00:00:22,270 potentially sharing with somebody. 7 00:00:22,270 --> 00:00:25,177 But also to potentially redirect them 8 00:00:25,177 --> 00:00:28,330 to malicious links to download malware, 9 00:00:28,330 --> 00:00:32,190 or for them to act in a specific behavior, 10 00:00:32,190 --> 00:00:34,390 you know, a specific manner. 11 00:00:34,390 --> 00:00:37,497 Now how somebody influences, 12 00:00:37,497 --> 00:00:41,557 interrogates, and impersonates others are key components 13 00:00:41,557 --> 00:00:46,520 of these realm of social engineering. 14 00:00:46,520 --> 00:00:49,957 So in short, elicitation and interrogation 15 00:00:49,957 --> 00:00:53,150 are basically the act of gaining knowledge 16 00:00:53,150 --> 00:00:55,170 or information from people. 17 00:00:55,170 --> 00:00:56,340 In most cases, you know, 18 00:00:56,340 --> 00:00:58,040 attackers actually get information 19 00:00:58,040 --> 00:01:00,640 from the victims without directly asking 20 00:01:00,640 --> 00:01:02,540 for particular information, 21 00:01:02,540 --> 00:01:06,510 is basically just by carrying a specific dialogue. 22 00:01:06,510 --> 00:01:07,360 And then, you know, 23 00:01:07,360 --> 00:01:10,030 from there trying to convince the victim 24 00:01:10,030 --> 00:01:12,880 to reveal specific information. 25 00:01:12,880 --> 00:01:14,950 Now, how an attacker interrogates 26 00:01:14,950 --> 00:01:19,366 and interacts with the victim is extremely crucial 27 00:01:19,366 --> 00:01:22,480 for the success of the social engineering campaign. 28 00:01:22,480 --> 00:01:24,380 An interrogator can actually ask 29 00:01:24,380 --> 00:01:25,927 good open-ended questions 30 00:01:25,927 --> 00:01:28,657 to learn about an individual's viewpoint, 31 00:01:28,657 --> 00:01:31,370 an individual's values, their goals. 32 00:01:31,370 --> 00:01:32,990 And then the interrogator can then use 33 00:01:32,990 --> 00:01:35,810 that information to continue to gather 34 00:01:35,810 --> 00:01:38,060 additional information or to obtain information 35 00:01:38,060 --> 00:01:39,960 about another victim. 36 00:01:39,960 --> 00:01:41,100 It is also possible 37 00:01:41,100 --> 00:01:45,625 for that interrogator to be using closed-ended questions 38 00:01:45,625 --> 00:01:48,130 to get more control of the conversations, 39 00:01:48,130 --> 00:01:49,937 to lead the conversation, 40 00:01:49,937 --> 00:01:53,870 or to actually stop the conversation in some cases. 41 00:01:53,870 --> 00:01:55,490 Now asking too many questions 42 00:01:55,490 --> 00:01:59,737 can cause the victim to basically shut down the interaction. 43 00:01:59,737 --> 00:02:01,539 And then at the same time, 44 00:02:01,539 --> 00:02:04,590 if you ask two few questions, 45 00:02:04,590 --> 00:02:06,540 then it may seem awkward, right? 46 00:02:06,540 --> 00:02:08,000 The conversation may seem awkward 47 00:02:08,000 --> 00:02:11,260 and the victim, of course, will probably pick that up 48 00:02:11,260 --> 00:02:14,480 and hold herself or himself back 49 00:02:14,480 --> 00:02:17,840 from sharing any additional information. 50 00:02:17,840 --> 00:02:20,886 Now successful social engineering interrogators 51 00:02:20,886 --> 00:02:24,500 will basically use a narrow approach. 52 00:02:24,500 --> 00:02:26,680 And that narrow approach in their questioning 53 00:02:26,680 --> 00:02:28,780 is basically to gain the most information 54 00:02:28,780 --> 00:02:30,590 from the victim as possible 55 00:02:30,590 --> 00:02:33,290 in the least amount of time. 56 00:02:33,290 --> 00:02:35,570 Now these are few things 57 00:02:35,570 --> 00:02:38,150 that you as a social engineering expert, 58 00:02:38,150 --> 00:02:40,220 or, you know a penetration tester 59 00:02:40,220 --> 00:02:42,590 should pay attention to, right? 60 00:02:42,590 --> 00:02:44,960 So the first thing is whenever you're talking 61 00:02:44,960 --> 00:02:49,070 to the quote on quote victim or the target, 62 00:02:49,070 --> 00:02:51,770 always look at the posture and the body language 63 00:02:51,770 --> 00:02:53,590 of that person, right? 64 00:02:53,590 --> 00:02:58,220 And see if the face has become, you know, a different color, 65 00:02:58,220 --> 00:03:03,220 especially if victim is getting either mad, right? 66 00:03:03,220 --> 00:03:07,690 Probably the face is becoming red or reddish. 67 00:03:07,690 --> 00:03:10,610 Or it's becoming a little bit more pale 68 00:03:10,610 --> 00:03:13,260 because potentially it's care, right. 69 00:03:13,260 --> 00:03:15,158 That you're influencing 70 00:03:15,158 --> 00:03:17,160 with potentially fear and so on, right? 71 00:03:17,160 --> 00:03:20,680 Also the direction of the victim's heads and eyes, right? 72 00:03:20,680 --> 00:03:21,920 That's what you can also tell 73 00:03:21,920 --> 00:03:24,600 if somebody's lying in some cases, right? 74 00:03:24,600 --> 00:03:27,300 The movement of the victim's hands and feet 75 00:03:27,300 --> 00:03:29,950 also can reveal if they are comfortable 76 00:03:29,950 --> 00:03:32,487 with the conversation or if they're not. 77 00:03:32,487 --> 00:03:34,090 Now, the other thing is the pitch 78 00:03:34,090 --> 00:03:35,940 and rate of the victim voice, 79 00:03:35,940 --> 00:03:37,737 as well as the changes in the voice, 80 00:03:37,737 --> 00:03:40,790 the victim's words, including their length, 81 00:03:40,790 --> 00:03:45,790 the number of syllables, functions, pauses, and so on. 82 00:03:46,470 --> 00:03:49,860 Now with pre-texting or impersonation, 83 00:03:49,860 --> 00:03:53,310 an attacker can present as somebody else, right, 84 00:03:53,310 --> 00:03:54,640 in order to gain information, 85 00:03:54,640 --> 00:03:56,250 as I mentioned to you before. 86 00:03:56,250 --> 00:03:59,690 In some cases it can be a very simple interaction, 87 00:03:59,690 --> 00:04:02,050 such as just quickly pretending to be someone else 88 00:04:02,050 --> 00:04:03,610 within the organization. 89 00:04:03,610 --> 00:04:06,130 In other cases actually it can involve creating 90 00:04:06,130 --> 00:04:08,050 a whole new identity, 91 00:04:08,050 --> 00:04:10,161 and then using that identity to manipulate 92 00:04:10,161 --> 00:04:12,270 the receipt of the information 93 00:04:12,270 --> 00:04:15,520 and continue to interact with the target, 94 00:04:15,520 --> 00:04:18,900 not only in one conversation, but in some cases 95 00:04:18,900 --> 00:04:21,280 actually even developing a full relationship 96 00:04:21,280 --> 00:04:23,373 with that individual. 97 00:04:23,373 --> 00:04:25,780 Now social engineering may actually use 98 00:04:25,780 --> 00:04:28,180 these type of techniques of pre-texting 99 00:04:28,180 --> 00:04:30,770 to impersonate individuals in certain jobs, 100 00:04:30,770 --> 00:04:31,940 in certain roles, 101 00:04:31,940 --> 00:04:34,560 even if they don't have experience in those roles. 102 00:04:34,560 --> 00:04:35,590 For example, you know, 103 00:04:35,590 --> 00:04:37,940 you can impersonate somebody 104 00:04:37,940 --> 00:04:41,880 that is delivering a package to you from UPS or FedEx, 105 00:04:41,880 --> 00:04:43,760 or even a bicycle messenger, 106 00:04:43,760 --> 00:04:46,150 or a courier with some important message 107 00:04:46,150 --> 00:04:47,530 for somebody in the organization. 108 00:04:47,530 --> 00:04:48,760 And then from there, 109 00:04:48,760 --> 00:04:50,467 probably act a little bit confused, 110 00:04:50,467 --> 00:04:54,139 ask for potentially contacts within the organization. 111 00:04:54,139 --> 00:04:56,440 And in many cases, as a matter of fact, 112 00:04:56,440 --> 00:04:57,460 scammers as well, 113 00:04:57,460 --> 00:04:59,268 use a lot of these techniques 114 00:04:59,268 --> 00:05:03,830 to try to manipulate users to reveal information. 115 00:05:03,830 --> 00:05:06,300 You know, nowadays you get not only the robocalls 116 00:05:06,300 --> 00:05:07,990 that we get all the time, 117 00:05:07,990 --> 00:05:12,990 but a lot of tactics to influence somebody with fear, 118 00:05:13,090 --> 00:05:14,990 probably impersonating somebody 119 00:05:14,990 --> 00:05:16,560 from law enforcement, 120 00:05:16,560 --> 00:05:19,170 somebody at least in the United States, 121 00:05:19,170 --> 00:05:21,410 you know, we have the IRS, right. 122 00:05:21,410 --> 00:05:25,920 Somebody impersonating that is an IRS person or personnel. 123 00:05:25,920 --> 00:05:28,030 And then, you know, telling them that, you know, 124 00:05:28,030 --> 00:05:30,259 you are potentially in trouble 125 00:05:30,259 --> 00:05:33,310 because you owe some money to the US government. 126 00:05:33,310 --> 00:05:34,610 And then from there, I mean, of course 127 00:05:34,610 --> 00:05:37,560 the victim can react in a few different ways. 128 00:05:37,560 --> 00:05:39,430 It can get mad or irate 129 00:05:39,430 --> 00:05:42,043 because they don't owe that money to the government. 130 00:05:42,043 --> 00:05:44,980 And then the attacker can actually potentially use that 131 00:05:44,980 --> 00:05:46,030 to their advantage. 132 00:05:46,030 --> 00:05:49,200 Some of these are becoming very mainstream, 133 00:05:49,200 --> 00:05:52,240 and a lot of people are getting a lot more aware, 134 00:05:52,240 --> 00:05:54,606 and we're gonna go over the counter measures 135 00:05:54,606 --> 00:05:56,220 a little bit later. 136 00:05:56,220 --> 00:05:58,500 But one of the main counter measures is of course, 137 00:05:58,500 --> 00:06:00,520 education, user education. 138 00:06:00,520 --> 00:06:02,670 In the next lesson, we're gonna be exploring 139 00:06:02,670 --> 00:06:05,830 a few different social engineering techniques, 140 00:06:05,830 --> 00:06:09,880 like spear phishing, phishing, farming, 141 00:06:09,880 --> 00:06:13,123 malware advertising, and different others as well.