Chapter 4. Building Trust

Some of these stories might lead you to think that I believe everyone in business is a complete idiot, ready, even eager, to give away every secret in his or her possession. The social engineer knows that isn't true. Why are social engineering attacks so successful? It isn't because people are stupid or lack common sense. But we, as human beings, are all vulnerable to being deceived because people can misplace their trust if manipulated in certain ways.

The social engineer anticipates suspicion and resistance, and he's always prepared to turn distrust into trust. A good social engineer plans his attack like a chess game, anticipating the questions his target might ask so he can be ready with the proper answers.

One of his common techniques involves building a sense of trust on the part of his victim. How does a con man make you trust him? Trust me, he can.


The more a social engineer can make his contact seem like business as usual, the more he allays suspicion. When people don't have a reason to be suspicious, it's easy for a social engineer to gain their trust.

Once he's got your trust, the drawbridge is lowered and the castle door thrown open so he can enter and take whatever information he wants.


You may notice I refer to social engineers, phone phreaks, and con-game operators as "he" through most of these stories. This is not chauvinism; it simply reflects the truth that most practitioners in these fields are male. But though ...

Get The Art of Deception: Controlling the Human Element of Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.