Unmasking the Social Engineer
eBook - ePub

Unmasking the Social Engineer

The Human Element of Security

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Unmasking the Social Engineer

The Human Element of Security

Book details
Book preview
Table of contents
Citations

About This Book

Learn to identify the social engineer by non-verbal behavior

Unmasking the Social Engineer: The Human Element of Security focuses on combining the science of understanding non-verbal communications with the knowledge of how social engineers, scam artists and con men use these skills to build feelings of trust and rapport in their targets. The author helps readers understand how to identify and detect social engineers and scammers by analyzing their non-verbal behavior. Unmasking the Social Engineer shows how attacks work, explains nonverbal communications, and demonstrates with visuals the connection of non-verbal behavior to social engineering and scamming.

  • Clearly combines both the practical and technical aspects of social engineering security
  • Reveals the various dirty tricks that scammers use
  • Pinpoints what to look for on the nonverbal side to detect the social engineer

Sharing proven scientific methodology for reading, understanding, and deciphering non-verbal communications, Unmasking the Social Engineer arms readers with the knowledge needed to help protect their organizations.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Unmasking the Social Engineer by Christopher Hadnagy, Paul F. Kelly in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2014
ISBN
9781118899564
Edition
1
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Part I

Building the Foundation

Chapter 1

What Is Nonverbal Communication?

Emotion always has its roots in the unconscious and manifests itself in the body.
—Irene Claremont de Castillejo
My first book, Social Engineering: The Art of Human Hacking, touched on the subject of communication modeling. I talked about how important it is to develop and understand the model around which you and others communicate.
Communication modeling is understanding the methods used to give and receive information. For instance, if you are communicating through email the sender (you) has to transmit emotion, intention, and message using only words, emoticons, and phrasing. The receiver (recipient) has to decipher this based on their state of mind and the way they interpret your email. In the communications cycle, feedback, in its varied forms, is critical.
If you are communicating in person, on the other hand, the sender has not only the words spoken but the body language, facial expressions, and more to relay the message. This means that a social engineer needs to model their communication style, method, and content based on the manner of communication as well as the receiver.
This chapter focuses on nonverbal communication. Nonverbal communication is a rich and complex topic, so this chapter first identifies what nonverbal communication is before breaking it down into smaller subsets.
To understand nonverbal communication, you must also understand what each one of our senses adds to the way we communicate. That is the crux of this chapter. I will touch on these topics and give an overview of what comprises the whole of nonverbal communications.
For instance, suppose you are giving a speech in front of a large group. As you look into the crowd, you see some people yawning, some using their mobile devices, and some leaning on their hands with their eyelids drooping. What do these actions mean? Without any words, you probably can conclude that you are losing your audience and that they are bored and uninterested.
Why? One simple reason: nonverbal communication. Many studies attach a percentage to how much of what we communicate is nonverbal. Some say that more than 50 percent of communication is nonverbal. In my work with Dr. Ekman, I have learned that it is hard to attach a real percentage to this phenomenon because it changes according to the type of communication, its purpose, toward whom it is directed, and many other factors. However, everyone agrees that the percentage would be high if a percentage could be attached to it.
Think back to the last time you received a text message or email that you interpreted as being harsh or sarcastic, but later you found out that was not the sender's (transmitter's) intent. Why does this happen? When you are reading a message without the transmitter present, you interject your feelings and present emotional state into the message.
I remember one hectic day when my brain was going in 50 directions and I was stressed out. Someone sent me a message that said something like “I tried calling you a few times. If you decide to actually work today, give me a call.” I was seeing red. How dare he accuse me of being lazy! Doesn't he know how much I've done today? I've probably accomplished more today than he has in the last three weeks! I'll give him a piece of my mind!
I wrote a long email, chewing him out. But as I reread it, I began to hear in my head how angry I sounded. I thought about who had sent the email and how we always joked around. I was stressed and under pressure and had put my emotional state on the sender of the email. Emails lack voice tone, facial expressions, and body language to help us get the message the sender is trying to send.
If I had been sitting in front of that person, I would have seen his smile and jovial nature. These would have quickly quelled any misimpression that he had negative thoughts about my work ethic or time-management skills.
Nonverbals are such an important part of how we communicate that some people have devoted their life's work to understanding them. This book delves into the research from these people, such as Dr. Ekman, analyzing the research to understand how it applies to social engineers.
Dr. Joseph J. Campos, head of the University of California Berkeley's Institute of Human Development, along with Drs. Anderson, Witherington, Uchiyama, and Barbu-Roth, performed a “visual cliff” experiment to demonstrate the importance of nonverbal communication.1 An infant who was old enough to crawl but not old enough to speak was placed at the end of a table with a Plexiglas top and a checkerboard pattern underneath. It looked to the baby as though, halfway across, the tabletop dropped off steeply, like a tall step down, but this was an optical illusion.
At the far end, past the “dangerous cliff,” was a toy. Over the edge of the table, near the toy, the baby could see the face of his or her mother. The mother was instructed to use no words, only facial expressions, to encourage her baby to come to her. When the baby arrived at the “cliff,” the mother was to show a macroexpression—a very long facial expression—of either happiness or fear. If the mother was happy, she displayed a smile that produced wrinkles on the outer sides of each eye (what Dr. Ekman describes as a “sincere smile”) and told the baby everything was okay, as shown in Figure 1-1. If the mother showed fear, she would pull back her lips horizontally/laterally and open her eyes wide, as shown in Figure 1-2.
Figure 1-1 How would the baby feel at seeing this expression on his mother?
image
Figure 1-2 How would the baby feel at seeing this expression on his mother?
image
When the mother showed signs of happiness, the baby was more likely not to notice the visual cliff and to crawl straight across to his or her mother. If the mother showed signs of fear, the baby displayed caution. One baby even shook his head when thinking about crossing the cliff.
This and similar experiments prove how important it is to understand the depth, seriousness, and impact that nonverbal communication has on the people we communicate with. Taking this a step further, we see how important it is to understand how professional social engineers can use nonverbals. Using this experiment as an example, if a social engineer's face shows fear when approaching a target, it will create feelings of fear in the target and cause them to wonder what is going on. If, on the other hand, the social engineer shows happiness, it is easier to develop rapport and achieve the desired goal.
So far I have classified all nonverbal communication into one large group, but this type of communication has many aspects.

The Different Aspects of Nonverbal Communication

Nonverbal communication can be broken into different aspects. Numerous researchers have spent thousands of hours dividing it into many categories. This section discusses some of the aspects I feel can really help you understand nonverbal communication.
In particular, this section discusses seven aspects of nonverbal communication: kinesics, proxemics, touch, eye contact, olfactics, adornment, and facial expressions. The following sections briefly describe each.

Kinesics

Kinesics is defined as “a systematic study of the relationship between nonlinguistic body motions (as blushes, shrugs, or eye movement) and communication.”
In essence, this term describes body language and how our bodies can give away the emotion we are feeling. Dr. Ekman wrote a paper in 1975 called “Communicative Body Movements” that focused on the work of Dr. David Efron from the 1940s. It discussed four areas of kinesics: emblems, illustrators, manipulators, and one I call RSVP. I will briefly describe these here and then explain in much more detail in Chapter 3.

Emblems

An emblem is a nonverbal movement that often involves the hands. Emblems have some very distinct aspects.
Imagine this scenario: From across the room, your friend notices you look a little pale, and she mouths, “Are you okay?” What gesture or gestures does she use—a thumbs-up with a shrug? How do you respond? Maybe you rub your stomach and give a thumbs-down motion. What are you saying? Your stomach is upset. You just had a small conversation with few or no words, using emblems.
Also, ponder the second aspect. If your conversation had taken place in the Middle East, you might not have used a thumbs-up emblem, because it has a completely different meaning in that part of the world. The emblems shown in Figures 1-3 and 1-4 change meaning depending on where they are used.
Figure 1-3 “Everything is okay,” or a derogatory statement?
image
Figure 1-4 Depending on where in the world you make this gesture, it could be benign or offensive.
image
Very much like the words you use, which you are aware of, we are aware of the emblems we use when we are speaking, because they are deliberate. And just as “slips of the tongue” can occur, emblem slips can happen in conversation.
Think about some of the emblems you have seen and what they mean.
In the US, the emblem shown in Figure 1-3 communicates that everything is good, but in the Middle East, parts of Africa, and other lands, it's an offensive gesture.
I will dive deeper into this topic in Chapter 3 because as a social engineer, you should understand emblems and their meanings depending on the country, culture, or people you are trying to influence. Using the wrong emblem at the wrong time can quickly change your communication from something influential to something insulting.

Illustrators

In 1972, Dr. Ekman wrote a paper called “Hand Movements.”2 It defined illustrators as “those acts which are intimately related on a moment-to-moment basis with speech, with phrasing, content, voice contours, loudness, etc.” (p. 358)
In other words, illustrators are gestures that usually augment what is being said. They are somewhat similar to emblems, although illustrators usually are used peripherally and without awareness.
When someone says “Aha!” or yells “Wait!,” what illustrator do you imagine being used? Or when someone says, “I headed north of the mountain and then drove on a really winding road for about three hours,” what illustrators do you imagine being used? You probably can picture how those conversations would go. You have seen and used illustrators many times.

Manipulators

A manipulator is any movement that involves a manipulation or grooming of a body part or article of clothing due to nervousness or discomfort or as a link to relaxation and comfort. Examples include playing with your ring or cuffs, rubbing your hands together, adjusting your buttons or shirt, and fixing your hair.
Dr. Ekman's work made one thing very clear, and I reiterate this point often: These and other cues are not automatic signs of deception. They may indicate that the person is uncomfortable with the situation, the other person, the questions, or the environment, and they may be linked to deception. But this doesn't mean that if...

Table of contents

  1. Cover
  2. Foreword
  3. Acknowledgments and Preface
  4. Introduction
  5. Part I: Building the Foundation
  6. Part II: Decoding the Language of the Body
  7. Part III: Deciphering the Science
  8. Part IV: Putting It All Together
  9. WILEY END USER LICENSE AGREEMENT