A Social Engineering and Manipulation Teaser

June 29, 2015 | Views: 2434

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

“Humans are, and always will be, the weakest security link.”

 

It’s amazing how many companies I’ve worked with during Pen-testing/Ethical Hack engagements that have either foregone the social engineering aspect of the hack or limited the social engineering test to a single instance in a single category. And, it really gets me when companies cite the following reason for not participating in a full social engineering hack: they “already know they’ll fail miserably.” Yet, they want to know where they need to ‘beef-up’ their security…..meaning “what hardware or tools can we buy to improve our security posture?”

 

Think about the major breaches that have been publicly disclosed over the last 10 years. What did the majority of them have in common? They were social engineered. Through one form or multiple forms, the perpetrator was able to acquire the keys to the kingdom…with ‘minimal’ technical hacking involved.

 

With this in mind, I’d like to offer some very powerful teasers – tidbits of knowledge to entice you to expand your horizons a little, or a lot. Dive in as deep as you can, or would like to…

  • Beyond elicitation and pretexting
  • Beyond tailgating and cube surfing
  • Beyond dumpster diving and impersonations
  • Beyond spearphishing  and trojans
  • Beyond whatever you previously have thought about social engineering…

 

Let’s look at what makes people are who they are and why they do the things they do. I don’t want to teach you this here and now, and I don’t want to sell you anything. What I want to do is give you enough information to make you want to research and learn about this on your own.

Take in the information below, process it and imagine the possibilities…

  • Marketing and Sales professionals only scratch the surface
  • Cold readers and Psychics haven’t a clue
  • Psychologists and Hypnotherapists think they understand it

Are you ready to open your mind?

 

First Teaser: Priming

Priming is an implicit memory effect in which exposure to one stimulus influences a response to another stimulus. A broad array of research in social psychology reveals that the subconscious can be influenced by intentional priming, which is the passive, subtle, and unobtrusive activation of the mind by external stimuli.

When introduced in a relevant context, priming can affect thought patterns and instinctive reactions in people who are not aware of the influence exerted by the priming stimuli. Like the emotional system in our brains, the subconscious operates much more rapidly than does the conscious mind. The subconscious, therefore, can affect one’s behavior before he or she even recognizes the reaction.

OK, that was a lot of information in only a few words.  How does this affect you? Reread that paragraph, slower, understanding the meaning of each sentence…wow….where can you take it from there?

 

Second Teaser: Influencing Others

Robert Cialdini identified six principles of influence through experimental studies, and by immersing himself in the world of what he called “compliance professionals” – salespeople, fund raisers, recruiters, advertisers, marketers and so on. (These are people skilled in the art of convincing and influencing others.)

 

The six principles are as follows:

1. Reciprocity

As humans, we generally aim to return favors, pay back debts and treat others as they treat us. According to the idea of reciprocity, this can lead us to feel obliged to offer concessions or discounts to others if they have offered them to us. We’re uncomfortable with feeling indebted to them.

For example, when a colleague helps you when you’re busy with a project, you might feel obliged to support her ideas for improving team processes. You might decide to buy more from a supplier if they have offered you an aggressive discount. Or, you might give money to a charity fundraiser who gave you a flower on the street.

 

2. Commitment (and Consistency)

We have a deep desire to be consistent. For this reason, once we’ve committed to something, we’re more inclined to go through with it.

For instance, you’d probably be more likely to support a colleague’s project proposal if you had shown interest when he first talked to you about his ideas.

 

3. Social Proof

This principle relies on our sense of “safety in numbers.”

For example, we’re more likely to work late if others in our team are doing the same, put a tip in a jar if it already contains money, or eat in a restaurant if it’s busy. Here, we’re assuming that if lots of other people are doing something, then it must be OK.

We’re particularly susceptible to this principle when we’re feeling uncertain, and we’re even more likely to be influenced if the people we see seem to be similar to us. That’s why commercials often use moms, not celebrities, to advertise household products.

 

4. Liking

We’re more likely to be influenced by people we like. Likability comes in many forms – people might be similar or familiar to us, they might give us compliments or we may just simply trust them.

Companies that use sales agents from within the community employ this principle with huge success. People are more likely to buy from people like themselves, from friends and from people they know and respect.

 

5. Authority

We feel a sense of duty or obligation to people in positions of authority. This is why advertisers of pharmaceutical products employ doctors to front their campaigns, and why most of us will do most things that our manager requests.

Job titles, uniforms and even accessories (like cars or gadgets) can lend an air of authority, and can persuade us to accept what these people say.

 

6. Scarcity

This principle says that things are more attractive when their availability is limited, or when we stand to lose the opportunity to acquire them on favorable terms.

For instance, we might buy something immediately if we’re told that it’s the last one, or that a special offer will soon expire.

Hmm, are you starting to see a new reality here? Can you see ‘priming’ and ‘influencing others’ complementing each other?

 

Third Teaser: Non-verbal Cues

Nonverbal communication represents two-thirds of all communication. It takes just one-tenth of a second for someone to judge and make their first impression based on all the non-verbal cues. If you want to become a better social communicator, it’s important to become more sensitive not only to the body language and nonverbal cues of others, but also to your own.

So, if I understand priming and influencing others, and I use that knowledge while being totally congruent….then….wow….

 


If you’re interested in these and similar social engineering/manipulation topics and if you’d like to see me write more on them, follow me and let me know….

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
19 Comments
  1. informative!

Page 4 of 4«1234
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel