Home

Published

- 7 min read

Social Engineering - Emotion-First Strategy, Hooking, and Exchanged Context

redteam social engineering
img of Social Engineering - Emotion-First Strategy, Hooking, and Exchanged Context

Disclaimer

Warning: In this article, both Optimistic Outlook and Reward honesty are advanced interrogation techniques. These and other Social Engineering techniques are very effective, but should be used with caution and not in everyday situations. They have the potential to get a wrongful confession or false information, without the victim realizing.

We really mean it - we teach Hacking without batting an eye, but using these techniques can go very wrong.

Social Engineering techniques are ment to be used only in a responsible manner and only in professional scenarios - they’re not a game and not ment to be used on people around you, on the internet, without consent or outside a Redteam / Pentesting context. Further more, don’t use them on people with mental illness or other, vulnerable groups!

Talking to the Person’s Emotion

The most effective approach in my experience. People make decisions based on emotions, even when they think, their decision would be based on facts and logic. It’s not about asking directly, “How do you feel right now?” but about continuously calming a person, assuring them that nothing bad will happen, making it clear you don’t judge or hate them.

During a training session, I applied the emotion-first technique and was able to uncover the information I needed within just a few sentences, without any prior preparation from either side. This technique left the subject completely oblivious to my true intentions.

Abuse by Scammers

Especially focusing on negative emotion, like health issues, guilt, financial problems, but also positive emotions, like making a person “fall in love”, is widely used by everyday scammers in all categories. Most untrained people fall for it.

Use by Hunters

We’ve seen Hunters like Alex Rosen utilize these techniques with a high succes rate.

Optimistic Outlook - Be Reassuring

In case of a criminal investigation: Let them know what they do or did is understandable.

Focus on potential positive aspects of the topic and the situation. Show understanding for good intentions that may have led to the situation at hand. Pronounce that the person may have been confronted with difficult choices and had no other option than to choose the lesser of two evils.

For example, in a Police interview of a suspect for a murder case, the interviewer would focus on circumstances of self-defense and emphasize the point, he clearly doesn’t see the suspect as a bad person. Really focus on the outlook by saying things like “it’s not the end of the world, you’ll get through this and we try to help you”.

Don’t punish the truth - Emphasise the positivity of truth and facts - Reward honesty

In 21st century pedagogy it’s defacto standard that we teach kids from early on: The truth won’t be punished. If Junior did something wrong but openly admited to it, you should never punish him for doing so, or you likely won’t get much openess in the future.

In thruth-seeking situations, pronounce often, that the truth is not only the most important thing right now, but also that you have been truthfull the entire conversation, and therefor can expect honesty in return. Remind the other person on mutual respect and that dishonesty equals disrespect.

Rephrase the previous according to the target audience. While street smarts may react better to terms like respect and honesty, religous people will hook in on the truth topic from a more metaphysical perspective and academic people probably react best to the term transparency.

Pronounce where you’re coming from, that you’re not playing games, don’t want to beat around the bush but instead are purely interested in facts. Try to disconnect emotion from the facts for both yourself as well as the other party.

Reward honesty by thanking the other party for being truthful to further encourage them.

Note: The previous was meant as psychological background knowledge - all adults were young at some point and received education as well as social norms. Social Engineering techniques are in no way meant as educational or pedagogical instrument, they’re a highly effective, offensive tool.

The Labeling Effect - “I Know, You’re Honest”

Telling people what they are can often lead them to embody that trait. This method is incredibly effective. By affirming someone’s honesty, you subtly encourage them to live up to that label.

This can go as far as calling someone an expert for topic X or Y - that person will instantly try to become one.

Women all know this one probably from everyday life situations, using a little bit of flirting in exchange for some work done. It’s well-known to call a neighbour for help and telling the man, that he looks like a great electrical engineer - proceed with caution.

Chris Voss uses Labels and Mirrors as an effective technique you can use on-the-fly.

Note: We highly support gender equality and don’t want to encourage old-school, “gender-typical” behavior. Yet things like this are defacto standard in western societies, we didn’t invent them, just recognized them.

Exchanged Context

Exchanging context involves steering the conversation towards areas that can indirectly reveal the information you’re after. It’s about asking questions that appear unrelated but are tactically chosen to extfil specific details.

Example

To determine if someone attended a particular event without revealing your interest, you might mention a widely reported incident (e.g. a traffic jam or a unique food truck) that occurred nearby on the same day:
“Did you catch the traffic jam by the stadium last week? Heard it was a nightmare because of that gourmet taco truck breaking down.”

If they respond with knowledge about the incident or the event, you’ve subtly confirmed their attendance without a direct question, hiding your agenda completely.

Depending on your Operational Security settings, how much you care about hiding your true intentions, you may follow up on a positive response, with a more direct question:
“Oh you were there? Did you take a photo?”

Make sure though, you don’t show your real emotion, especially after the direct response. You may be excited now - don’t telegraph it.

Further assuming a scenario, where this follow-up response gets your spider instincts on high alert, this person was at the stadium and close to the food truck, which makes them a likely suspect for crime commited there (taco theft): It’s crucial to respond careless now:
“You took a photo, cool, cool. May I see? Yeah well, not that interesting. No no, you don’t need to send it to me, I only had heard about it from my mom, she was also there and asked me about it.”

Credits: We were introduced to this technique personally from an experienced colleague in the field, confidential shout-out and thanks!

Conclusion

Incorporating psychology, science and intgerrogation based techniques into social engineering not only enriches the approach but also enhances its effectiveness. Understanding human behavior and applying these insights can significantly improve your ability to navigate social interactions and achieve your objectives. Whether it’s through emotion-first strategies, the art of hooking, or the nuanced exchange of context, the key lies in the subtle manipulation of conversation to uncover truths without ever revealing your intentions.

General Disclaimer on Social Engineering

With all our articles about Psychological Manipulation we aim to help victims of such tactics. These days, Bad Actors use these techniques and tactics, outside of a legal context like Redteaming or Pentesting, for their own purposes. Thereby attackers are often crossing ethical borders, for reasons like Fraud, Blackmailing or just to put people under pressure, leaving their victims without resolution.

We provide detailed analysis of these techniques in hopes to create awareness, to help people understand what maybe has happened to them and to protect them against Social Engineering attacks.