You are affected by social engineering strategies each day.
Okay, let me explain. Wikipedia states that social engineering is the psychological manipulation of people to carry out actions or disclose confidential information from the perspective of information security. That’s true, but information security is not limited to social engineering; it’s something we all experience every day.
As part of a new series on the psychology of phishing attacks, we will examine why social engineering works and how it is used and exploited by others to subtly (or not so subtly) exploit you.
We need to learn the basics of network security professionals that will help us to recognise them as they appear in the new skilled attacks.
Contents of Blogs
4.Authority for Authority Uh,
6.Commitment Consensus of
9.Our greatest strengths, our greatest shortcomings
When you break it down, we make a remarkable number of decisions every day and we speculate about surprisingly less of them, let alone test them
These principles of persuasion, in our decision-making, clarify how we take shortcuts. There’s a great video that illustrates these thoughts in more detail. It’s hard to make choices because we don’t have the time, money, or stamina to fully evaluate and decision before we act on it. So, we build shortcuts for ourselves, particularly when it comes to relating to others. Social Engineering takes advantage of those shortcuts. Let’s go over each one quickly.
People don’t love to feel indebted to anyone. When we’re the beneficiary of a favour, we prefer to try to repay it. The candy with your check has been shown to raise tips at a restaurant. Businesses provide free content on their websites in hopes of attracting your interest and, hopefully, your business one day. In his novel, my favourite instance is one which Cialdini points out.
Mexico City was hit by a massive quake in 1985, causing billions of dollars in damage and over 5,000 graves. International assistance to help Mexico has come from around the world, but with a particularly unexpected donation, one country in particular, stands out. In 1985, Ethiopia was not in a position to assist anyone. They were facing hunger and drought. In 1985, the total aid sent to Ethiopia was around $1 billion. Yet the Ethiopian Red Cross gave Mexico $5000 in assistance because, 50 years earlier, Mexico appeared to aid Ethiopia when Italy invaded.
People are more likely to want items that are restricted in quantity, exclusive, or always available, they believe. This is the whole philosophy behind the McRib, the limited-time exclusive offers on items you didn’t know you wanted, or the clearance sale that car dealerships always seem to have because they’re overcrowded (apparently inventory management of automobiles is tricky).
People just don’t enjoy being unsure. We look for authority figures and mimic them naturally. We have a vague definition, such as uniforms, of what constitutes a figure of authority. We tend to give more attention to their prescription decision when we see someone in a clinic in a white blazer.
Liking to Like
We listen to people who we like. This idea is why you used to see the lovely young woman sitting on top of a sports car in commercials, why compliments would improve the odds of getting a favour, and why certain fast-food chains are open to mouthy Twitter feeds.
People want to see the maintenance of consistent behaviour. Because of this, a small action can lead to larger actions. Cialdini cites an example that I love; a study in which a random group of people were called and asked how if asked to donate three hours of their time volunteering, they would respond to the American Cancer Society. The researcher found that people said yes (most of them did; who wants to be the guy bristling at the prospect of volunteer work?) and called them back later to ask them to volunteer. The American Cancer Society has seen a 700 percent volunteer increase over its usual efforts.
Individuals contribute to doing what they think everyone around them is doing, especially when they are not sure what to do in the initial position. What’s the first thing that’s going to happen to you when you walk into a packed room, and everybody looks at the ceiling?
We gravitate towards others who we consider to be close to us. This is where nationalism, the bond of the family, and the March of Women all stem from. That is also why we share with others a curiosity; we like it; it is something we have in common.
In tandem with practise, these principles are commonly used, as we can see when applying them to examples of real-world social engineering techniques.
Our greatest strengths, our greatest shortcomings
In his paper Psychological Based Social Engineering, which usually leverages Reckless, Comfort Zone, Helpful, and Fear in social engineering, Charles Lively addresses a system of attack vectors. What Lively means, and where we are going to spend our next four blogs, is that there are essential facets of human nature that are exploited by attackers using the techniques of influence that we have already addressed. They are more than just vectors of crime or poor behaviour; they are components of who we are as individuals, and each has played a role in shaping today’s culture. I have translated Lively’s description into what I call the Four Natures.
Simple Nature: People tend to philtre out information which they consider to be insignificant
Assistive Nature: It seems like people want to be helpful
Familiar Nature: In familiar circumstances, humans tend to let our guard down.
Emotional Nature: People tend to hinder or overshadow decision-making by triggering emotions.
Another way to ensure the internet privacy and security is the training of network security engineers.
Leave a Reply