Friday, October 06, 2006

The MacGyver How-to Guide to Pretexting

Anyone remember Dexter Fillmore? Dexter was MacGyver's favorite alias, a computer geek before it was cool, which he used to infiltrate companies and gain information. That, my friends, is pretexting.

Most pretexting isn't illegal. If you do not claim to be a specific person from a specific company, you're okay. So if you pretend you're a grad student to get info out of a receptionist, you're still okay. Also, provided you're not trying to obtain information from a financial company. This will probably change in the wake of the HP scandal. Unless we all forget about it because of a Congressional sex scandal. But that would never happen.

But, in 1985, none of this was illegal. The Graham Act of 1999 made it so. So Macgyver did not break any laws. Though he did frequently violate the Federal Wiretapping Act. Ends justify the means, eh, Mac?

Okay, so here's my MacGyver How-to Guide to Pretexting. Written by me, a former employee of a private intelligence gathering firm. This stuff works. Amendments and comments welcome.

1. Wear glasses. Even if you're just making a phone call, it'll help you get into character. Unless, you wear glasses, in which case, take them off.

2. Be polite. People respond well to being treated nice. Also, they will think you're Canadian, and therefore harmless.

3. Work fast. Inquire about what you want to know right away, before they have time to wonder who the hell you are.

4. Know your backstory. Otherwise you'll be grasping for an answer, which will make them suspicious. For instance, if you're claiming to be a superspy working for a pseudo-government agency, at least know how to pick a lock with a pocketknife.

5. Target receptionists. Usually, they are bored, willing to talk, and under-appreciated. Even better, their job is to provide information. Most companies completely overlook them when warning their employees about pretexting.

5. Ask your question with authority. Especially if you're talking to a receptionist or secretary. People, especially in entry-level position are reluctant to challenge authority. Think about what happens when an underling challenges Darth Vader.

6. Flirt. Tell them that they have a sexy voice. They'll be distracted by their own feelings of self-worth, and associate those feelings with you, making them even more eager to please you. And honestly, if you're talking to a receptionist, she or he is usually pretty hot.

7. Nurture a good source. After you get the information that you want, ask them about their day, the plot of Lost, etc. Anything to get trust to connect you as a person.

8. If challenged, don't hang-up. They aren't the FBI, they aren't tracing your call. Say "if, you're not comfortable giving me this information, can you connect me to someone who can. Sound angry. While they are connecting you to someone else, figure out what triggered their suspicion and try to do better with the next person. And ask for the person's direct extension, this will give a hint of the company's dialing scheme, and you'll be able to make random calls. Particularly effective at large companies.

9. Always say thank you. Yes, this is a repeat of number 2, but in the excitement of getting the information you need, you may forget. Remember, we're in a civil society, please act accordingly.


Post a Comment

<< Home