Any instance of impersonation is a form of social engineering. The impersonation may be of an individual person (the president of a com-pany who demands to know why his password isn't working) or of a generic person Gill Tech-rucian, calling to ask if any computer problems have come up). The telephone is normally used because it enables a hacker to reach distant businesses without travel, as well as creating a defensive barrier between the hacker and the people he or she calls. If the conversation starts to go sour, a telephone can be hung up; if a face-to-face talk gets out of hand, it could be dif-ficult to get out of the building.
A good rule of thumb when doing in-person social engineering is to always wear a suit - a good suit, one that fits properly. Make yourself look like you just stepped out of a fashion magazine. At the very least, wear a shirt and tie. Females, wear suitable business attire
Many kinds of SE that work over the phone, won't work in person. You can't pretend to have an office, or pretend to have a computer termi-nal. Because of this the information you get from bullshitting in person may be minimal or only peripheral. You will probably end up with more background material than immediately useful information. Pretending to be interested in wanting a job at the firm, or going on a tour of the place, or simply squeezing in and wandering around on your own, provide lots of good data on how employees interact among themselves. Hackers and crackers have also impersonated mainte-nance workers, painters, and other workers to get inside a company. Being a security guard is also a nice ruse.
The prototypical in-person social engineer is the survey taker. You make up a survey, and stand in the lobby of the building with a pen and clipboard, and get people passing by to fill one out for you. The survey asks for name, spouse's name, hobbies, pets and pets' names, and similar info. Then you go home and try all that
stuff as passwords. You might want to say there's some prize involved. For example, that completely filled out forms will be entered in a raffle; winners get tickets to a local show, or a free meal at a nearby restaurant. (Hint: Don't ask people to fill out surveys in the morning when they're late getting to work.)
