The Art of Social

Engineering.
Understanding it and using it in your investigations.
www.johnpizzuro.com
Social engineering is the art of manipulating people so
they give up confidential information.

It is the ability to manipulate people into certain actions

for a person’s benefit.

It is the ability to get people to take an action that they

would ordinarily to.
Its more than unwittingly getting
people to provide personal
information an create back
doors for Cyber Security risks.

We can use it for investigations.

Especially proactive
investigations involving people
and information.
Phishing
An email to trick the target into revealing sensitive information or taking an action
that then compromises security.

Spear phishing
Spear phishing is a more targeted form of phishing. Usually sent to thousands, spear
phishing emails are much more tailored to a specific person or business.

Baiting
Baiting differs from phishing by trying to entice the target with an offer or exploit
their curiosity. A common form of baiting is to offer free music downloads (or other
forms of media). The aim is to get the target to click on the link and enter their login
details.
Vishing
Social engineering doesn't have to happen on the internet. Vishing is a form of
social engineering carried out over the phone.

Tailgating
Tailgating is another form of offline social engineering. Simply this type of
attack is a person without authorization following an employee into a restricted
area.

Pretexting
Pretexting relies on forming a false sense of trust with the victim. The attacker
creates a believable pretext or scenario in which to trick the target into giving
them information or even direct access to their systems.
Why does education, awareness and proactive campaigns to
explain Social Engineering fail?

Why is there an increase?

Why is it so easy for people to be duped, manipulated, or

unwittingly provide sensitive information time after time?
Emotional processing by the amygdala can occur subconsciously and can be
affected by sensory input.

It happens when your brain reacts to psychological stress as if its physical

danger. It then triggers a fight-or-flight response. Adrenaline and blood
pressure rises.

We lose the ability to communicate effectively and autopilot is in charge.

When a social engineer triggers a strong emotional response to the target, it
can reduce a person’s ability to think logically. In proactive investigations it
causes suspects to make mistakes, which is to do an say things that they
normally would not.
NEUROCHEMISTRY

Neurochemistry Four primary neurochemicals, endorphins, dopamine,

serotonin and oxytocin (all essential to normal healthy
brain function)—contribute to our positive feelings of
hapiness, pride, joy, achievement and fulfillment
 DOPAMINE

A neurotransmitter controls communication to the brain.

• DOPAMINE - is a neurotransmitter that helps control the brain's reward and pleasure
centers

• More dopamine is also associated with both greater competitiveness, aggression,

and impulse control

• Therefore high amounts of dopamine can cause euphoria, aggression and intense
sexual feelings.
SEX RELEASES DOPAMINE. EVEN
THINKING ABOUT SEX DOES. IT IS THE
ANTICIPATION.
IN OTHER WORDS ONCE REWARD IS
LEARNED IT BECOMES LESS ABOUT THE
REWARDS AND MORE ABOUT
THE ANTICIPATION.

PREDATORS????
 SEROTONIN

Serotonin helps regulate your mood naturally. When your serotonin levels are normal,
you feel:

• Happier
• Calmer
• More focused
• Less anxious
• More emotionally stable

A 2007 study found that people with depression often have low levels of serotonin.
Serotonin deficiency has also been linked to anxiety and insomnia.
American neuroeconomist Paul J Zak studies the neuroscience of
trust. His early experiments revealed people who felt connected
and trusted each other experienced what he called “virtuous
cycles” of higher oxytocin levels.

In 2001, Zak ran an experiment where he gave people an oxytocin

boost via a nasal spray. He found the oxytocin significantly raised
their motivation to trust people, as well as their desire to be
trusted.
Have you ever been betrayed by someone that you
trusted completely even though every fiber in you body
gave you those warning signs that he or she might not
be trustworthy?

Recent neuroscientific research shows that in many

ways our brains are hardwired to trust others.
What Is the Neuroscience of Trust?

According to a study in the Journal of Neuroscience,

participants were under the illusion that they were
playing an economic investment game with three
different players: a close friend, a stranger, or a
computerized slot machine.

In reality, in every instance the participants were

actually playing against a computer with a simple
algorithm that systematically reciprocated actions
worthy of trust exactly 50 percent of the time..
Based on perceptions of trust, the participants
reported positive interactions with the "close friend" to
be more rewarding than interactions with a stranger or
slot machine—and were more likely to invest with this
player.

This illustrates our innate human desire to connect

with others and create close-knit bonds even if these
ties are based on blind trust or lead to Ponzi schemes.
Priming is an implicit memory effect in which
exposure to a stimulus influences a response to a later
stimulus.” Let's unpack that. 'implicit memory effect' -
whatever priming is, it is occurring below the surface
of conscious though.

An example would be the amount of subconscious

information our mind processes.
Priming is a phenomenon in which exposure to a stimulus, such
as a word or image, influences how one responds to a
subsequent, related stimulus.

It is thought to occur when particular mental representations or

associations are activated before a person carries out an action
or task. ie, a person who sees the word doctor will be faster to
recognize the word nurse than he will be to recognize an
unrelated word because the concepts are closely associated.
Some psychologists have argued that priming can have
surprising effects on our behavior: that seeing an image
of money can affect our political views, for instance, or
reading words associated with the elderly can make
people move more slowly.
Technology
 TECHONLOGY AND ITS IMPACT ON BEHAVIOR
1. IT Beckons

App makers push notifications to get users to engage. That’s why, for instance,
Instagram tells you when someone you follow has posted for the first time in a
while, luring you to open the app and take a look.

2. It takes up mental space.

Even when we’re not looking at our phones, and we’ve made a conscious effort to
ignore them, such as turning off notifications and ringers or powering them off entirely,
they still can distract us.

3. It alters your perception of your options

4.) It reinforces your beliefs.

Simply put, the filter bubble is a phenomenon that occurs with users online. Of
course, this dynamic exists offline, too -- we make friends who have similar interests
and ideologies, for example. This might limit our thinking, but can it influence our
behavior?

5.)It collects information about you that can be used to influence you later.

Related to the filter bubble concept, all web and social platform users are familiar with
how targeted advertising works. You Google something, look for a product on Amazon,
put an item in your virtual shopping cart, browse flight booking options -- then, maybe
hours or even weeks later, you see an ad for whatever you were eyeing earlier.
6. It keeps serving up the next thing.

Social media feeds allow users to scroll endlessly, but that’s only one
example of the never-ending waterfall of information that users encounter
online. After watching a video on Netflix, Facebook or another site that hosts
video content, you’ll often see a countdown with a preview of another video
that will autoplay after a few seconds.

7.) It shortens your attention span.

"Ten years ago, before the iPad and iPhone were mainstream, the average
person had an attention span of about 12 seconds," Research suggests that
there's been a drop from 12 to eight seconds ... shorter than the attention of the
average goldfish, which is nine seconds.”
8.) It can trick you into thinking it's something more
Humans have the potential to form relationships with artificially intelligent personas.

.
9.) It turns everyday actions into games.

Gamifying certain behaviors is a powerful way to incentivize people to

engage in them. Think of how fitness apps encourage you to set goals,
compare your performance to other users and congratulate you when you hit
milestones. Or, how brands you shop with remind you about the number of
loyalty points you’ve accumulated and entice you with the next reward you’re
eligible to unlock.

This is why Social Engineering is successful today. You can use it to elicit
information and behavior during proactive investigations.
Teen sociality is particularly about affect and responsiveness to
emotional signaling.

Frantic need to belong.

Produces teen vulnerability to peer pressure and emotion.

Pressure is typically “Device Training” increasing violence,

substance abuse, sex, and poor health
 2017 UCLA Brain Mapping Study

The same brain circuits that are activated by eating chocolate

and winning money are activated when teenagers see large
numbers of “likes” on their own photos or the photos of peers in
a social network, according to findings from a UCLA study in
which researchers scanned teens’ brains while they used social
media.
In deciding whether to click that they liked a photo, the teenagers were
highly influenced by the number of likes the photo had.

The study showed the exact same photo with a lot of likes to half of the
teens and to the other half with just a few likes.

When they saw a photo with more likes, they were significantly more
likely to like it themselves.

Teens react differently to information when they believe it has been

endorsed by many or few of their peers, even if these peers are strangers.
Technology & It’s Impact on Grooming

• Dopamine Dependent Society.

• No Serotonin and Oxytocin.

• Likes, Followers, & Views.

• Social Engineering & Proactive Investigations have

the same effect.
How do we accomplish this when conducting investigations?
 What happens? Why people are manipulated?

You are the Expert (or believed to be) if people perceive you as a competent, authority and
trustworthy person, they will do what you ask them to do.

Likability- People inherently want to be liked and charismatic people will have a pull.

Fear - Fear is a very persuasive tool (Just look at Covid-19, 911 & Superstorm Sandy.) Many
politicians use fear to influence people. Manipulation is more likely to happen when the
public doesn’t fully understand the issue or can’t overcome the fear instilled by the politician.
Inoculation is a technique used to make people
immune to persuasion attempts by first exposing
them to small arguments.

Is it believable? Is it conceivable? Does it make

sense? – All this can be introduced in your
investigation.

Storytelling. It is how we learn, how we remember

and in some cases how we define ourselves.
Human behavior is the response of individuals or groups
of humans to internal and external stimuli.

It refers to the array of every physical action and observable

emotion associated with individuals, as well as
the human race.
 Unconscious Language Effects
Framing altering decision making.

“Drug has a 95% survival rate”

“Drug has a 5% death rate”

Neuroimaging studies show that more colorful wording engages

the anterior cingulate more.
Game of catch study.

Fear of Missing Out.

It all starts with Trust.

Screen time, smart phone addiction has made it easier.

Use Stress to your advantage.

Rapport, Matching, Mirroring

In order to influence someone you have to what influences them.

(They will spend time in their world before they get them to their world)

Unwittingly Social Engineers will Pace & Lead.

They are reverse engineers.

 What is their model of the world?

What do they value?

What do they need?

What beliefs do they have?

What do they do in order to meet their needs?

HOW DO WE INFLUENCE INFORMANTS/WITNESES/SUSPECTS?

Find out what they want but are not getting

Find out what they are dissatisfied with and change it

Process of getting people to associate desired feeling or state to you

The secret of how to win friends and influence people is simple.

People are attracted to anyone that makes them feel good!
 INFLUENCE IS OFTEN A PEOPLE RESPOND BEST TO IF YOU LOOK AND LISTEN
PROCESS RATHER THAN AN INFLUENCE TECHNIQUES THEY PEOPLE WILL REVEAL WHAT
EVENT. USE THEMSELVES. THEY FIND MOST INFLUENTIAL.
 What Type of Investigations Can I Use This Technique?

Racketeering

Fraud

Bribery

Homicide

Child Exploitation

Money Laundering

Tax Evasion

Narcotics
• You get less than 90 seconds to achieve rapport during a phone call. Therefore, the way
you answer, including the tone of your voice and the choice of words, is crucial.

• Match the energy and type of response you receive from the other person.

• Sound relaxed and willing to offer assistance. Sounding stressed or upset will put your
reputation and competence at risk. People may misconstrue the meaning of your state
and attribute it to the wrong cause.

• Give the person your complete attention. Sit straight or stand up for important calls;
you can even walk around – this improves your voice quality.
Match:
• Voice speed
• Volume
• Breathing
• Content – how friendly and approachable or how business-like and credible
should you be?

You can still tell whether or not rapport has been reached. The signals to listen for are:

• The conversation flows easily

• Each person has space to speak fully
• You succeed in giving or receiving the message
• Few interruptions; no awkwardness
• You conclude the conversation gracefully.
 What about Chats or Emails?

Crafting emails, letters, reports and other documents is an art form

that is covered under other topics.

Start by thinking about the individual who is your reader.

Different people and different companies have their own styles,

particularly for email communications.
• Match what works in your situation.
• Match how much content is asked for and expected.
• Match the style and tone where appropriate.
• Match the frequency of communication.
• Match the sensory language.
• Match the mood, however, never write an email when you are angry
or upset as you may write something you later regret, and your anger
may well be apparent in what you write making later communication
difficult.
Influence is the business of people.

Be genuinely interested in people.

Be a good listener

Make people feel important

Talk to people in terms of their

interests.
Frontal Cortex comes to the rescue with perspective rationalization and emotion regulation.

Theory of Mind
Don’t act like a Cop!

Meaning do the unexpected.

Law Enforcement behave a

certain way and use the same
methods.
I have spent the last 22 years pushing the envelope investigatively.

Whether it was Homicide, Organized Crime, Drug Cartels, Terrorism, Fraud, Cyber,
Online Child Exploitation or Trafficking, doing things differently have always worked
for me.

It starts with understanding your adversary and your own capabilities and the
capabilities of others that you can leverage.

Do the Unexpected! Be unorthodox! Be Creative!

I promise you it will work!

 QUESTIONS????

WWW.JOHNPIZZURO.COM

WWW.IWELLNESSFOUNDATION.ORG

WWW.LINKEDIN.COM/IN/JOHNPIZZURO/