Social Engineering at home.

Being an IT geek I'm well aware of the security implications of Social Engineering. If you're not aware of the term read the previous link, but basically it's all about methods of obtaining information from people via cleverly manipulating known facts about the person convincing them you are someone you're not.

Anyway while it wasn't a case of social engineering in the truest sense I was hit by an interesting social engineering style manipulation last night at home. Shortly after arriving home from work, and while in the middle of furiously getting dressed for training, there came a knock on the front door. Getting up and hopping over while still trying to pull on my sock I see an Indian gentleman with a namebadge, clipboard and a briefcase. Immediately I think "door to door salesman" and mentally prepare to flick him off.

I say "hey mate" and he starts a babble about electricity and gas supplier changes in the Qld market. It's at this point I'm about to cut him off when he says "I'm from insert company name here, I'm in here in response to the letter we sent you". I tell him I didn't receive any letter. He cleverly acts like he is confused and says "Well that's why I'm here" and half moves as if to step inside. I gotta admit he had me for the briefest of seconds. He was so confident and did it so well I almost believed I had messed something up, or that the owner, had sorted something out and I'd missed or forgotten something.

Regardless my preservation techniques kicked in and I moved subtly to stop his almost move inside. He was very good but let himself down by being too confident which immediately convinced me he was just doing a very good job of presenting like he was supposed to be here. He started talking about bill hassles and how "he was here to sort it out".

I told him I was going out and he did the usual "can I come back later?" routine but I told him no. He even managed to look confused and put out as if he was wondering why I wasn't interested in my appointment. Finally he left.

All in all this exchange only lasted like 30 seconds but it was absolutely bizarre. A new technique that immediately made me think of social engineering. Put a bit of info out there and try to bluff your way inside and then obviously do the sell. All in all it was very artfully done but the sheer arrogance of it all eventually tripped enough alarm bells that I didn't fall for it. Not once was there a question raised like "can I interest you in...", or "would you like me to show you...". It was all "I'm here to do this". Nice technique but it makes me wonder how many people will fall for the ploy, I like to think if I almost did then others would too... or maybe he just got me in a weak moment as I was rushing around doing other stuff...