Social engineering and mind games expert Brian Brushwood has not come by his knowledge in the traditional manner of school or business training. Brushwood is the host of the Internet video series Scam School, a show he describes as dedicated to social engineering in the bar and on the street.
In addition to his passion for teaching people about social engineering cons, Brushwood is also a touring magician who frequently performs on college campuses and has appeared on the Tonight Show. He first became interested in social engineering years ago as a means to enhance his performance and pull off secret moves successfully. Brushwood said his understanding and use of the term social engineering goes beyond the security industry perception.
"When I use the phrase, I am actually talking about an older version of it. Social engineering just basically means the application of social science to the solution of social problems," he said. "In other words, it's getting people to do what you want by using certain sociological principles."
These days, Brushwood uses social engineering techniques so frequently he admits it is sometime hard to "turn it off." Here Brushwood explains the four basic psychological tactics social engineers use to gain trust and get what they want, and how security pros can arm their staff against this type of deception.
1. Social engineers are confident and in control of the conversation
According to Brushwood, one of the first steps to pulling off something deceptive is to act confident. For example, someone trying to get into a secure building might forge a badge or pretend to be from a service company. The key to getting in without being challenged is to simply act like you belong there and that you have nothing to hide. Conveying confidence with body posture puts others at ease.
"People running concert security often aren't even looking for badges," said Brushwood. "They are looking for posture. They can always tell who is a fan trying to sneak back and catch a glimpse of the star and who is working the event because they seem like they belong there." (See how this tactic played into another scammer's attempt to get into the Super Bowl for a massive prank.)
Another way to gain the upper hand is to seem in charge through conversation, said Brushwood.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.