How to think like a con artist (part 2)

In the concluding part of this two-part feature, we explore the dos and don'ts to succeed as a fraudster and make a living from security testing.


This is the second half of a two-part article. You can find the first half here.

Don't: Arouse suspicion by moving too quickly

Gaining the confidence of the target is an essential skill, but zoning in, too fast on your social engineering test can set off alarms in the target's head.

It is essential to keep a cool head and pace yourself. After all, many of those whose identity you might assume to pull off your job, a contractor, a hapless corporate user, or a disgruntled employee, do not necessarily go about their own work quickly.

Think of the process as being more like a dance than a race, says Kaminsky, one in which you are leading the victim, guiding his or her path, but avoiding a sudden shove in a particular direction. "Everyone has to perceive that you're doing what you're supposed to be doing," he says.

Don't: Put on an act that's too perfect

Somewhere between truly honest behaviour and the artifice of a ruse, people may begin to intuit that something is not right.

Academics who study human perception have a name for the point at which the mind begins to pay more attention to, for example, the slightly unnatural motion in a computer-generated animation than to the rich, lifelike detail it presents: They call it the Uncanny Valley.

Social engineering experts also refer to the Uncanny Valley, it is the moment in a social engineering attempt when everything looks and works just a bit too perfectly and therefore arouses the target's suspicion.

"Recommended For You"

Chocolate is better than antivirus software in settling data breach cases Spammers hit email users with new HTML attack