Social Engineering and Pretexts

by Poacher

I worked for a while as a store detective and the man that hired me gave me a piece of advice: "Son, this could be the dullest, most-depressing job you will ever have in your life.  Ten hours walking around a store will make you quit in two days.  But this job is what you make of it.  If you get creative it can be the most fun you'll ever have."

He was right on both counts.  My first two days were Hell on Earth.  Then at the end of the second day I sat down and decided that rather than give up I would figure out a way to be good at it.  Two years later when I eventually quit over a dispute over wages, I was loving every second of the job.

I took that same attitude with me when I started out working as a private detective.  To some people, spending 18 hours at a stretch sitting in a car desperate to take a leak may not sound fun.  But it was the challenge, the seeking for hidden knowledge.  Spending a week following someone's every movement and at the end of it they don't even know you exist, yet you knew everything about them.

Sounds familiar?  It's the "hacker high" that feeling you get from acquiring knowledge that they don't want you to have and getting it without them ever knowing.

Anyway, back to the topic in hand...

As a private eye I was good at the covert surveillance stuff.  Sitting in cars and following people eventually became second nature.  But early on I started meeting guys who never needed to do that.  They could knock on a door and get the information in five minutes that I could spend a week of sitting in a car to get.  In short, I was jealous.

This was something that I just couldn't do.  I had spent my entire short career striving to stay in the shadows and the idea of actually knocking on the door and speaking to our subject freaked me out.

Then during one long job in the North, I happened to be browsing through a bookshop and came across a copy of Kevin Mitnick's The Art of Deception.  I devoured that book then read it again immediately.  My respect goes to Kevin for what is an excellent book.

However, nothing changed.  I still couldn't knock on doors.  But the seeds had been sown.

Social engineering is a very personal skill.  I believe anybody can do it.  In fact I know now that anyone can because we're all doing it all the time.  It's done unconsciously a lot of the time and deliberately some of the time.  Every time we negotiate a lift in a friend's car or try to minimize the damage from forgetting a birthday we are using social engineering.

Realizing this changed things for me.  I reasoned that I had to find methods that fitted my personality.  There would be no point in my pretending to be an extroverted character if I wasn't one deep down.  I would just be creating another opportunity to get caught out.

Working as a private detective in England is, I suspect, a lot different from doing the same job in many states of the U.S.  We have no license, no ID, no authority, no weapons, and, most importantly, no access (legally anyway) to a lot of sources of information.  For example, we have no reverse phone directory, no access to criminal records, and what information is public is often locally based and so very difficult to find.  So in order to earn our dinner we have to be very creative.

One vital skill is being able to find out who is staying at an address or who has stayed there.  I tried many approaches over the years until I hit upon a method that worked for me.

I analyzed my interactions with people and realized that with the right pretext, people would tell you anything.  I decided to play upon two fundamental human motivators: the desire to be helpful and the fear of something unpleasant happening.  If one wouldn't get them the other one would.

In conjunction with that, the pretext I used would have to be one that I was comfortable with and could be believable in.

The first thing I did was go to a business card machine in a shopping center and make up a few cards with a false name, proclaiming I was a field representative of a finance company.  Then I started dressing for work.  Rather than wearing what was comfortable I would wear a jacket and tie.

Now if I had to go to an address and find out if, for example, John Doe was living there and if he wasn't, find out where he now was and not alert anyone that a PI was looking for Mr. Doe, what I would do is arm myself with my business cards (later I would add a fake ID), a clipboard, or a document case with a few random printouts, and knock on the door.  Then I would pick a name at random.

Resident:  "Hello."
Me:  "Hi, can I speak to Alfred James."
Resident:  "I think you've got the wrong house."
Me:  (frowning and scratching my head)  "This is 221b Baker Street?"
Resident:  (now looking confused)  "Yes it is."
Me:  "O.K., ah, you see I'm Harry Belmont from Axis Credit.  What happens is if someone applies for a large loan, sometimes we send people out to check the address exists.  So you're sure there's no one called Alfred James staying here?"
Resident:  (looking alarmed)  "No, I've never heard of anyone called that."
Me:  "I see, I think someone's given us a false address then.  Look don't worry, a few minutes of our time and we can straighten this out and I can get your address removed from our system and you can forget about this.  O.K., I'll need a few details..."

And that's it.

From that point on, the resident will give me almost any information I could possibly want to ask for and as a bonus at the end they'll be thanking me.

So far I've found this method to work for me almost 100 percent of the time.  But it's not foolproof and its suitability depends upon what information you re trying to obtain.  Nevertheless for a quick cold call at a door it's a pretty good method of getting information that a resident would not otherwise give a stranger.

The golden rules of using a pretext as I see them:

1.)  Choose one you are comfortable with.  This will make you believable.  Don't pretend to be a telephone engineer if you know nothing about the business.  Don't turn up dressed like a bin man while pretending to be a businessman.

2.)  Tailor your pretext to the information you want to obtain.

3.)  Utilize the social motivators like the desire to help or fear of the unknown.  People will often volunteer all the information you need.

4.)  Be confident.

I found that with each success my confidence grew and as that happened I found I could push the limits and try for more each time.  But start small.  There's always another way to obtain information, but if you make someone suspicious your job will get exponentially harder.

My work kit now includes a few rudimentary props that have proved worth the space they take up in my car.  A hard hat and a reflective vest are often all that you need to walk confidently onto a construction site or even into an office building.  Carry a small case and some technical looking tools as well and no one will question if they see you poking around computers or telecom equipment.  A modest amount of money and half an hour at a business card printing machine can equip you with a range of cards in various names to cover most scenarios.

Even my Thermos proved a useful prop.

On one job I had to access a very large, very well secured private housing estate.  During my surveillance of the entrance I noticed lots of gardeners' trucks arriving in the mornings to tend the grounds of the idle rich.  Quickly improvising with what I had I took my shirt off and tied it round my waist, picked up my Thermos, and strolled round the grounds like I was a gardener on his break.  If anyone had stopped me I had a story ready that I had missed my pickup that morning and was trying to find my boss and the work van.  As it turned out, despite more CCTV than I could count and uniformed guards at every gate, I managed to stroll around the estate at will for two days.

People are easier to fool than computers and "hacking" a person can be a lot more fun.  All you need is a little imagination and ability to think on your feet.  Start out by spending a little time each day just observing people and their interactions.  Often the very people employed to stop you getting in somewhere can be the most helpful.

Think security guard.  They are most often bored and underpaid and all too willing to talk to someone if offered the right pretext.  Making friends with the security is more useful than a set of keys.

I hope this inspires people to go out and pay a little more attention to their interactions with others.

Have fun doing it and always remember to treat everyone with respect.