Pre-show work is a common method used by many magicians and mentalists. Pre-show work broadly refers to work prior to the show that would allow the performer to gain or force information, which the performer can use during the show as part of an effect.
Here’s one example. Before the show, the mentalist mingles around with people who are going to see the show. The mentalist approaches Jane and asks her to think of a two digit number. Then as the mentalist looks away, he asks Jane to write down the number on a piece of paper so that she cannot change her mind. The paper is folded up and safely left in Jane’s pocket. The mentalist turns back and guesses “33.” Jane however says that it is wrong. He says, “Nevermind, we’ll try again later. If I call on you later during the show, think of this two digit number.” Secretly though, the mentalist has obtained her two digit number by using an accomplice who peeked at the information from behind while Jane was writing it down. Now during the show, he can call on Jane to think of a two digit number and reveal it. This method is highly deceptive.
Among those who use pre-show work, there are two groups. The first group openly declare their pre-show work. For example, the mentalist may call up Jane during the show and say, “Earlier, before the show, I asked Jane to think of a two digit number. I couldn’t get her number, but now I am going to try again.” Here, the audience now knows what there were things going on before the show which they did not see.
A second group of mentalists never reveals that there was any pre-show work. For example during the show, the mentalist can say the following to Jane: “Now, I want you to think of a two digit number for me. Can I first confirm that I never asked you to think of a specific number? Yes? You made up this number freely right? And this number, now, exists in your mind right?” Jane will say yes to all of this. To the audience, it seems like Jane just thought of a two digit number that only exists in her head. So pre-show work can be hidden from the audience, adding a layer of deception.
There are other kinds of pre-show methods like stalking someone’s Facebook to gain information, or forcing information (eg. asking someone to flip to a page of a gimmicked book and remember the first word on that page which actually repeats on every page). This allows the performer to reveal a lot of information during the show and would seem impossible. The audience cannot back trace this because they have not seen the full process.
Among mentalists, pre-show raises ethical issues, especially when it comes to hiding the fact that pre-show work was done. Ethical issues aside, some mentalists like it and some don’t.
Moral of the story: Now that you have a basic grasp what pre-show is, you know what may be going on whenever a magician or mentalist talks to you before the show. But be nice and don’t go around exposing him/her of course.
Note: Frederick Mentalism: The Singapore Mentalist does NOT use pre-show work.
Social Engineering?: Written By a Mentalist in Singapore (who was an Information Security Scholar)
Mentalists detect lies, use psychological influence and use other information gathering techniques to know what’s on your mind. They use it for your entertainment, to create the illusion of mind reading. No harm there right?
Today however, I want to talk about a group of people who use similar techniques, BUT they are the bad guys. In the world of information security, the term ‘social engineering’ refers to techniques used on people to get them to diverge information, usually about themselves, the company they work for, or even customer information. Often these bad guys use some form of psychological manipulation, exploit human weaknesses and use various information gathering techniques.
In social engineering, the attacker contacts the victim tries to get information. For example, the attacker can pretend to be from DBS and call you regarding a problem with your credit card. He then asks for you to verify your secret PIN code at the back of your card. This of course is a very simplified case. Attackers go to great lengths to make everything look legitimate. Another common scam is when you receive an email or message to click on a link. You go to a page that looks completely legitimate. But if you look closely at the top of your browser, you might see a url like “https://www.faacebook.io”. If it’s not obvious, Facebook is spelt wrongly, and should end with a .com. So this is a fake website, where the attacker lures you in order for you to key in your username and password.
To make things worse, there is reverse social engineering. In social engineering, attackers contact the victim. In reverse social engineering, the victim is the one who contacts the attacker for information instead. Here’s an example. First, an attacker sabotages a system to cause an error (such as using a virus). This causes the user to seek help. Second, the attacker advertises herself. For example, the attacker might have given out a fake business card weeks beforehand or even input calling information into the error message. Lastly, the attacker waits for the victim to contact her and then assists the victim while also getting more information.
The reason why reverse social engineering is so powerful is because the victim is not suspicious of the attacker. When a victim establishes contact with the attacker, it is because the victim believes the attacker has a certain identity and often believes that the attacker is in a good position to provide assistance. For example, if someone directly calls a victim and asks for the victim’s login details, this would seem suspicious to most victims. Victims would check the person’s identity. If instead, the victim is looking for help and finds a helpdesk number to call, the victim would be less suspicious and more willing to share information. No one calls a helpdesk and then tries to verify the person’s identity first. Hence, trust is established if attackers successfully manage to get victims to initiate contact.
It is really difficult to protect yourself. So always check the url of websites, verify the identity of people, avoid diverging information over the phone or email, only go to reliable sources and follow the best practices set out by your company. There’s plenty more advice online on how to protect yourself, so do check them out!
-Written by Frederick, a mentalist in Singapore.