The trained user will know immediately when you're trying social engineering. She can then go off and tell others about your attempted pilfering of passwords. Those "others" include co-workers, bosses, computer managers, the person you tried to emulate, guards, or security officers. None of this will help you get in later on, even if it doesn't immediately get you caught or hurt your chances of penetration. Discovery is certainly not on your list of birthday wishes.
On the other hand, reverse SEing is sure to make you a friend on the inside. When you help people overcome obstacles, they will happily spread the word of your courteous, efficient manner of help to others - thus spawning more calls and more passwords.
The preceding explanations were motivated by three goals. I want you to comprehend the reasons why even such a powerful force as classic social engineering will fail on occasion, and how reverse social engineering can eliminate those failings. Yet my main concern is this: Social engineering can not remain as a mainstay of the modem hacker's bag of tricks without word getting out to ordinary computer users. Ordinary users are becoming increasingly aware of the need for discretion when it comes to such intimate topics as passwords and computer security. Ordinary users are reading more in the mainstream press about how we hackers break into systems. They are attending computer security lectures given by their companies, their community colleges, and their local law enforcement branches. The systems them-selves contain warnings not to reveal anything to anyone; their employers tell them that, their conscience tells them that. I - yes, even I - tell them that some vile people are out there trying to rifle through their computer files.
I doubt strongly there will ever come a time when all computer users know enough not to blab. Perhaps in a few years, businesses will have output from their telephones on a time delay, and have them hooked up to voice monitors. Then, if a naughty word is spoken, it can be detected and eradicated before the electrons that
compose it leave the confines of the building's wiring.
Even if such a thing does become commonplace, or even if 95% of the com-puterusing public decide not to be bullshitted any longer by social engineers, there will still be those five percent, the hundreds of other new and old hacking methods, and there will still be Reverse Social Engineering to get the hacker through his day.
