A Primer

It’s a challenging time to be in the recruiting game.  It has become nearly impossible to connect with top-tier candidates. People no longer answer their phones and will rarely take the time to listen to a voicemail from an unknown number.  It’s easy to ignore unsolicited emails and no one wants to be called at their job by a recruiter. To connect with these folks we need to do something different.  We need to go tribal. We need to connect and interact with our target audience in the places and mediums where they interact with each other; we need to join their tribes.  Gaining access to those tribes can be done very efficiently by utilizing the techniques espoused by social engineering.

What is Social Engineering?

That is a good question and it has been answered in many different ways.

There are a growing number of books and online resources that can help you get an understanding of the entirety of the field but for our purposes, I am going to rely heavily on one source, a book written by Christopher Hadnagy, titled Unmasking the Social Engineer. There he defines social engineering as “any act that influences someone to take an action that may or may not be in his or her best interest.” That seems a little ominous, right?  The good news is that since our focus is on those attributes of Social Engineering that are relevant to recruitment we can rewrite the definition to read any act that influences someone to take an action that is in his or her best interest. I am not going to address the dark side of social engineering here because as recruiters we should always be looking to ensure that any action that we influence is in the best interest of all parties we are dealing with.

For a Recruiter to be successful in this economy, especially if he or she is going to work in the IT space, they need to become a member of the tribe.  Christopher Hadnagy describes a tribe as anything that causes people to join groups.  These can be based around a workplace, a technology stack, beliefs (open source), but even things like clothing and music. Social Engineering is largely based on information gathering. Because we don’t have the time or luxury of face to face interactions most of the information that we are gathering is online.  We gather this information in order to know what groups to join and to contribute in order to gain access to and become a trusted member of the tribe.

Pretexting

Anyone that has a social media profile is already familiar with this concept.  In the way that your Facebook profile is different to your LinkedIn profile.  Our pretext is the online persona that we create to interact with different groups.  To be successful as a Social Engineer you must become something of an actor learning the way your target audience communicates and gaining familiarity with the subject matter knowledge that they possess in order to make your pretext believable.

Elicitation

Hadnagy describes Elicitation as the art the art of getting information without asking direct questions.  Elicitation is basically the art of conversation. It’s rapport building, talking to your target about their life, family, and job, getting that person to like you enough to have them volunteer information.

In this quick overview, I very briefly covered two important tools for the Social Engineer. In addition to pretexting and elicitation, there are many other tools and techniques that I intend to cover in more detail in future posts. These are tools to assist you in gathering information and what you need to remember is that “no information is useless.”

Even the smallest nugget of information can become an integral part of a successful engagement.