Preparing Yourself for Face-to-Face Attacks

It’s one thing to send an e-mail to or chat with someone online during a SEA, but it’s quite another to meet face to face with them, or even speak to them on the phone for that matter. When working online, you can make your attempt and then sit back and see if you get a result. When you’re face to face, you never know what the other person is going to say, so you simply must be prepared for anything, including the worst. In order to successfully mount a face-to-face SEA, you must not only look the part you’re playing, but also appear as comfortable as you would if you were having a relaxed conversation with a friend. Ideally you want your attitude to put people at ease. This is easier said than done; walking across a wooden plank is easy when it’s on the ground, but put it 50 feet in the air and suddenly it’s quite difficult—not because the physical actions are any different, but because your mind is now acutely aware of the risk of falling. To your body, it’s the same. In social engineering, you may experience many different emotions, from fear to exhilaration. To achieve your goal, you’re lying to and deceiving people who are probably being nice and even helpful to you. It can be extremely stressful.

If you appear nervous, you will be less convincing. People are more likely to question you when you appear out of place or uncomfortable; it will get you noticed for all the wrong reasons. Maintaining calm while attempting to deceive someone might not come naturally or easily for you depending on your personality and life experience. It can be learned, however. The most useful metric for determining how calm you are is your heart rate. During a face-to-face encounter with your subject or subjects, you will most likely experience an increase in adrenaline. This is due to a natural fight-or-flight response to what your mind perceives as a possible conflict or confrontation. This will elevate your heart rate and make your palms and/or face sweat, which may make you look nervous. Looking nervous is a bad thing for a social engineer who is trying to con- vince someone they belong and that everything is normal.

In order to consciously manage this response, you must start by knowing your resting heart rate. An easy way to determine this is to purchase an inexpensive wrist heart rate monitor such as a Mio Watch. The most accurate way to determine your resting heart rate is to take your pulse when you first wake up but haven’t gotten out of bed. When you’re conversing with a face-to-face target, you’ll want to be within about 20 percent of your resting heart rate to look comfortable. That means if your resting heart rate is 65 beats per minute (bpm), it shouldn’t get over 80 bpm or you’ll start to appear nervous.

You can learn to manage your heart rate using basic relaxation techniques such as meditation, acupressure, and reflexology. Find a technique that works for you, practice it, and use it just prior to executing your SEA. You can also try to retrain or desensitize your instinctive conflict response. Try this exercise: As you walk in public and encounter people, look them directly in the eye and hold eye contact with them until they break it or you move past them. Don’t stare like a psychopath, but try not to smile or look threatening, either; just hold eye contact. Your heart rate will likely elevate in early trials, but over time this will become easier and your body won’t respond as strongly to it. Keep in mind that this type of eye contact is a primal human dominance posture and could elicit an angry response. If confronted, simply and apologetically explain that you thought you knew the person but weren’t sure. Over time you will gain more control over your responses and reactions to conflict. You will be able to remain calm and act naturally when confronting a target or being confronted.

You should also practice any discrete components of your attack plan multiple times prior to execution. The more times you repeat something, the more likely you’ll be comfortable saying it one more time. It’s advisable to have a base script to work from and then deviate as circumstances necessitate. Rehearsing as a team also helps. The more possible deviations you can think of ahead of time, the more relaxed and prepared you’ll be when the time comes for you to meet your target face to face.

In addition to rehearsing what you’ll say, rehearse what you’ll have with you—a computer bag, for instance, or maybe your lunch. Think about how you’ll hold it. A common beginner mistake is to not have something to do with their hands. It seems like something you shouldn’t have to think about, but when you feel self-conscience, you often forget what to do with your hands, and awkward movements can make you look very nervous. If in doubt, make sure you have things to hold, or simply think about where to put your hands in advance. Practice standing with your hands in your desired pose in front of a mirror, find positions that look best for you, and practice them.

Another common nervous response brought on by the fight-or-flight instinct is excess salivation. This can make you swallow nervously while you’re trying to talk but can be easily remedied with chewing gum, a breath mint, or hard candy, any of which will
keep your salivation more or less constant during the stressful part of your encounter with your target.

Mio Heart Monitor