It's easy to get yourself into awkward situ-ations, especially at the beginning of your social engineering career. You will speak to reception-ists and other company insiders who know the lingo, know policies and screen setups, and know how to spot a fake. Whether intentional or not, you will be asked questions to which the
answers are not readily apparent, due to the fact you are an impostor. Here are some samples" and possible solutions.
RECEPTIONIST: "You're Charles Green? But there is no Mr. Green in our computing department. "
YOUR RESPONSE: 'I've just been here a few days- "
RECEPTIONIST: 'That's funny, I didn't see your picture hanging up on the New Staff bulletin board. "
YOUR RESPONSE: 'Yes, I know. What's-her-name hasn't had a chance to take my picture yet. Maybe
later today.
RECEPTIONIST: "What do you mean, 'What's-HER-name'? lack's the one who takes staff pictures.
YOUR RESPONSE: "Oh yeah, Jack -right!"
RECEPTIONIST: "I won't be able to help you until I have your staff ID. What is your employee ID num
ber, please?'
YOUR RESPONSE: "Oh, I don't have one. I'm just a temp. I'm filling in for someone who went off to have a
baby.'
RECEPTIONIST: "Just read the number off your ID badge.
YOUR RESPONSE: "I didn't get my badge yet there was some mix-up or something.
My supervisor said
she would give it to me tomorrow, maybe. You know how it is, no one knows what they're doing, and all that..."
RECEPTIONIST: "Who's your boss/supervisor/manager?
YOUR RESPONSE: "M______,Do you know any-thing about him1her? "
(You should've done your research, so you should know the answer to this sort of question. If you don't know and it's a large company, or a large building, you can try either answering with a false but common name, or try the old, "Uhm.... Something with an 'S' - Schindler? Schindling? Schiffer? Schifrin?")
Here's a different situation:
RECEPTIONIST: "But I don't have a computer!"
YOUR RESPONSE: 'I'm sorry. I must've dialed wrong. Is M- available? '
(M_______,is the name of the receptionist's boss.)
If you can manage to work in some company news or personal tidbits in an
unobtrusive way, then do so- if the person you're speaking to seems friendly. This is just another way of
gaining credibility points.
YOU: "Sorry, I didn't hear that last thing you said. It's really loud here with that construction they're
doing next door."
YOU:"By the way, does M have a kid in the Little League? My son has a friend named
Note that for maximum benefit, credibility questions, should be worked in before asking about login procedures.
