Social-Engineering Target Profiling

In a previous blog post I told you about the two approaches for social engineering attacks. The structured approach has the following steps.

  1. The OSINT Process
  2. The target selection
  3. Profiling the target
  4. Target specific OSINT
  5. The attack preparation
  6. The attack execution

Today we dive deeper into target profiling


Before you can start target profiling I would recommend you to think about yourself first. It is important to understand yourself well enough before you start with social engineering since you are the tool you will be using. Technology is just an (amazing) aid.

System 1

We start in the sociology/ social psychology department. We need to understand how we look at the world in big lines and have the ability to make an assessment of others. Before you start with this I do recommend you to read Thinking Fast and Slow by Daniel Kahneman. The reason for this recommended read is that you need to understand that our system 1 has tools like biases and that we can’t turn these off.

DISC Assessment

DISC is a tool developed by William Moulton Marston  to have a behavior assessment tool. It should be noted like with every psychology tool there are pro- and con-arguments.

I personally like it is a tool I can use to assess my own and others behaviors. The complete test can be found online.

These scales look like this:

     D        |     I
     C        |     S       

The test consists of 28 groups of questions that poll for a preference. You will position yourself thus on the horizontal axis or the vertical axis which will result in either a preference for D, I, S or C.

D stands for Dominance, I stands for Influence, S stands for Steadiness and C stands for Conscientiousness.

Who do we use this as a social engineer? Well, when we assess people we try to figure out if they have a preference for active (fast-paced, assertive, dynamic, bold, …) or thoughtful (moderate pace, calm, methodical, careful, …) behavior. This determines if the target is in the upper half or in the lower half.

The second analysis we make is if the target is either questioning (logic-focused, objective, skeptical, challenging, …) or accepting (people-focused, empathizing, receptive, agreeable, …). This determines if the target is D-C or I-C.

Using DISC during an attack

You will have a target one of these combinations {D,C}, {D,I}, {I,S}, {S,C}. By taking the test yourself you know your preferences and by assessing the target you understand the target’s preferences.

The trick is now to understand what you have in common with your target and work with these attributes. To do this you look at behavior like what did the person on his or her desk, what do I see in social media pictures, etc.

Let’s say that the target has an “I” as DISC profile. You will need to take into account that the person has a preference for active and accepting. It means if I am not enthusiastic enough and not people-focused enough, the person will not be interested in me.

I hear you think “how do I know they are into me?” Well we like people that do and act like us. That is why your friends are your friends and you have a certain level of trust in your friends.

Since we want our target to trust us we will thus need to cater to that need and find the common ground and even make a little effort.

In our next blog post we will focusing on OSINT to approach the target person