To begin social engineering you must know how to cross-analyze someone. Cross Analyzation is basically determining someone's personality by looking at them. This can be farely easy because people make the way they live so obvious to others. For example, how would you determine someone as being a homeless drunk? Well by their clothes, hygeine, smell, a bottle of alcohol in their hand, etc. Another way cross analyzation can be used is over the phone but this method is not reliable in some cases. But it is a very useful tool when social engineering. Look for things such as their tone of voice, the way they answer the phone, mumbling, stuttering, etc. You can also see how dumb someone is if you tell them that they won a sweepstakes and you want to collect some information about them and they dont hang up on you.
Information Gathering these days is very easy for example if you wanted to find out the phone # your next door neighbor simply log onto the internet and goto portal.cyberarmy.com and you just type in what you know whether it be the phone number, address, or full name. Another method would be by snooping through their mail and trash. The best method (in my opinion) is to run a tap on their line. This way you can use what you heard to make a better cross-analyzation and you might gain some valuable information such as usernames and passwords, (which could doubtfully be obtained by social engineering or you wouldnt be reading this)and maybe you'll even be able to get some dirt on them. Another method would be to get the old binoculars and watch as they enter passwords for e-mail on their computer or as they chat with people. Another method I have used in the passed is hacking their voice mail box or answering machine. Now if you do all of this you will have a shit load of information on them. Now to get to the engineering.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.