News - Articles

Social Engineering

Article from Cédric Duchesne (03/08/2013)

Main target of the audience : ASEAN Business Group - Facebook

Social engineering : these two words put together force the curiosity of people, mostly marketing officers ! What does it consist in ? How to use/Which goal ? What to avoid ? Here is a quick summary...

What does it consist in ?

Social engineering is the application of social analysis permitting to "control" the mass through some (mostly fake) leads. Magicians, politically-engaged journalists, politicians already used the basis since long years ago. Concerning marketing, Internet and social media, we see several recurrent emerging phenomenons.

How to use/which goal ?

1st case : I'm a hacker and I would like to setup a kind of malware to your computer. While using the social engineering, I can play with your fears ; let's take the "virus" fear ! "ALERT, ALERT, this website integrates an automatic and free scan of your computer and found 1.000 viruses in your computer in less than 10 seconds (time of the loading of the page). If you wanna clear this thread, please download our best software called "Windows-Antivirus-Firewall-BestOfTheWorld-2014", last generation of antivirus.... But, once setup, you have to pay by Paypal or BitCoins only... Strange...

2nd case : everybody hates to have direct marketing advertising : it is boring, always the same way, always the same idea... First reflex : make a buzz with something special (soft social engineering). In Bangkok, by example, you saw a few months ago some Taxi-Porshe provided in secret by Samsung... Everybody was attracted, took videos, published it and made a natural buzz... But it is still indirect marketing...

3rd case : For direct/fake marketing, I will create a fake story and push people from inside and fake a happy user, trying to play with the possible notoriety of my "fake" user. My scenario is done : I attack ! "Hey guys, I have a big big problem, I need your help because I'm not sure about my solution... I found this solution a few days ago but I'm not sure... What do you think about it ? Can you also try it for me ?". Of course, in a community, people will help you ! They will check and read carefully, give their mind and you just have to follow them, while correcting the objective to come back again and again to the product and finishing by choosing the specific solution and give the best compliments to your first choice ! Mission accomplished !

What to avoid ?

This previous scenario is really smart and well used if you have a credible profile with high level job, as a Project Manager in worldwide companies... But you have to be careful not to betray yourself and know WELL the real constraints of this fake job !

By example, avoid to play in a too high level : normal evolution and agreements to use a new software takes months to be agreed by ICT Managers. Of course, worldwide companies requires sophisticated reports and audits from the software... Choosing a solution within 24H is impossible as all outgoing data's are fortunately blocked to avoid business spies.

If you also see that people don't really follow you in a way, just follow them a little bit and try to correct after : in the scenario, YOU request some help from people so listen to them and take the time, even if the followers are not your primary target... Never forget that, if 3 people answer but don't interest you, you have hundreds people reading and potentially interest you !

Another thing to be careful : if you begin a parallel advertising (in several places at the same time), be careful to be credible and to change your posts to fit to the targeted group... Of course, people investigating will easily find that, in one group, you already implemented your solution and, in another group, you just begin to think about the project and still requesting help from them to check the solution for you...

I hope that this quick summary will interest several of you and try to enhance your social engineering marketing project, avoiding to be caught by the followers of your lead...

Cédric DUCHESNE - ICT Expert