Chapter 6. "Can You Help Me?"

You've seen how social engineers trick people by offering to help. Another favorite approach turns the tables: The social engineer manipulates by pretending he needs the other person to help him. We can all sympathize with people in a tight spot, and the approach proves effective over and over again in allowing a social engineer to reach his goal.


A story in Chapter 3 showed how an attacker can talk a victim into revealing his employee number. This one uses a different approach for achieving the same result, and then shows how the attacker can make use of that information.

Keeping Up with the Joneses

In Silicon Valley there is a certain global company that shall be nameless. The scattered sales offices and other field installations around the world are all connected to that company's headquarters over a WAN, a wide area network. The intruder, a smart, feisty guy named Brian Atterby, knew it was almost always easier to break into a network at one of the remote sites, where security is practically guaranteed to be more lax than at headquarters.

The intruder phoned the Chicago office and asked to speak with Mr. Jones. The receptionist asked if he knew Mr. Jones's first name; he answered, "I had it here, I'm looking for it. How many Joneses do you have?" She said, "Three. Which department would he be in?"

He said, "If you read me the names, maybe I'll recognize it." So she did: "Barry, Joseph, and Gordon."

"Joe. I'm pretty sure that was it," ...

Get The Art of Deception: Controlling the Human Element of Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.