This type of role playing is like reverse social engineering without the sabotage (see next chapter). Here you pretend that something has gone wrong with a place's computers, and you are the technician who is calling to fix it.
Let's say you want to break into the computers at the mayor's office. You call up his secre-tary, and you say something like this:
"Hello, this is Jake McConnel from Computers. We were wondering, have you been having any problems with the computer system? "
Of course she's been having some sort of problem with it - there's always some problem with computers!
The secretary answers: 'Why yes! First this was happening, then blah blah blah...'
You say, "Yes! That's exactly it! That wasn't your fault - there's something wrong with the computers, and we're having troublefixing it. When you first turn on the computer, what do you type in to get it started? One of the other guys here was screwing things around last night and we think that has something to do with it. "
The secretary will not be suspicious; after all, you've identified yourself. Even if you hadn't, what harm could possibly come from telling someone a password over the phone? You see, the secretary, or any other underpaid, over-worked, menial user of the system, is a very weak link in the chain of security. The secretary
doesn't understand computers and doesn't want to. All she knows is something's going wrong and you're going to fix it for her. This is a very effective ploy.
