BRAIN-HACKING: Why is social engineering so effective?
You are affected by social engineering strategies each day.
rnrnOkay, let me explain. Wikipedia states that socialrnengineering is the psychological manipulation of people to carry out actions orrndisclose confidential information from the perspective of information security.rnThat's true, but information security is not limited to social engineering;rnit's something we all experience every day.
As part of a new series on the psychology of phishingrnattacks, we will examine why social engineering works and how it is used andrnexploited by others to subtly (or not so subtly) exploit you.
We need to learn the basics of network securityprofessionals that will help us to recognise them as they appear in the newrnskilled attacks.
1.Decisions, Decisions
2.Reciprocity Reciprocity Scarcity
3.Scarcity
4.Authority for AuthorityUh,
5.Liking Engagement
6.Commitment Consensus of
7.Consensus
8.Peace Unity
9. Our greatest strengths, our greatest shortcomings
Decisions The
When you break it down, we make a remarkable number ofrndecisions every day and we speculate about surprisingly less of them, let alone test them.
These principles of persuasion, in our decision-making,rnclarify how we take shortcuts. There's a great video that illustrates thesernthoughts in more detail. It's hard to make choices because we don't have therntime, money, or stamina to fully evaluate and decision before we act on it. So,rnwe build shortcuts for ourselves, particularly when it comes to relating tornothers. Social Engineering takes advantage of those shortcuts. Let's go overrneach one quickly.
Reciprocity The
People don't love to feel indebted to anyone. When we're thernbeneficiary of a favour, we prefer to try to repay it. The candy with yourcheck has been shown to raise tips at a restaurant. Businesses provide freecontent on their websites in hopes of attracting your interest and, hopefully,your business one day. In his novel, my favourite instance is one whichrnCialdini points out.
Mexico City was hit by a massive quake in 1985, causingrnbillions of dollars in damage and over 5,000 graves. International assistancernto help Mexico has come from around the world, but with a particularlyrnunexpected donation, one country in particular, stands out. In 1985, Ethiopiawas not in a position to assist anyone. They were facing hunger and drought. Inrn1985, the total aid sent to Ethiopia was around $1 billion. Yet the EthiopianrnRed Cross gave Mexico $5000 in assistance because, 50 years earlier, Mexicornappeared to aid Ethiopia when Italy invaded.
Rarity
People are more likely to want items that are restricted inrnquantity, exclusive, or always available, they believe. This is the wholernphilosophy behind the McRib, the limited-time exclusive offers on items yourndidn't know you wanted, or the clearance sale that car dealerships always seemrnto have because they're overcrowded (apparently inventory management ofrnautomobiles is tricky).
Authority, authority
People just don't enjoy being unsure. We look for authorityrnfigures and mimic them naturally. We have a vague definition, such as uniforms,rnof what constitutes a figure of authority. We tend to give more attention torntheir prescription decision when we see someone in a clinic in a white blazer.
Liking to Like
We listen to people who we like. This idea is why you usedrnto see the lovely young woman sitting on top of a sports car in commercials,rnwhy compliments would improve the odds of getting a favour, and why certainrnfast-food chains are open to mouthy Twitter feeds.
People want to see the maintenance of consistent behaviour.rnBecause of this, a small action can lead to larger actions. Cialdini cites anrnexample that I love; a study in which a random group of people were called andrnasked how if asked to donate three hours of their time volunteering, they wouldrnrespond to the American Cancer Society. The researcher found that people saidrnyes (most of them did; who wants to be the guy bristling at the prospect ofrnvolunteer work?) and called them back later to ask them to volunteer. ThernAmerican Cancer Society has seen a 700 percent volunteer increase over itsrnusual efforts.
Consensus of
Individuals contribute to doing what they think everyonernaround them is doing, especially when they are not sure what to do in therninitial position. What's the first thing that's going to happen to you when yournwalk into a packed room, and everybody looks at the ceiling?
The Harmony
We gravitate towards others who we consider to be close tornus. This is where nationalism, the bond of the family, and the March of Womenrnall stem from. That is also why we share with others a curiosity; we like it;rnit is something we have in common.
In tandem with practise, these principles are commonly used,rnas we can see when applying them to examples of real-world social engineeringrntechniques.
rnrnOur greatest strengths, our greatest shortcomings
rnrnIn his paper Psychological Based Social Engineering, whichrnusually leverages Reckless, Comfort Zone, Helpful, and Fear in socialrnengineering, Charles Lively addresses a system of attack vectors. What Livelyrnmeans, and where we are going to spend our next four blogs, is that there arernessential facets of human nature that are exploited by attackers using therntechniques of influence that we have already addressed. They are more than justrnvectors of crime or poor behaviour; they are components of who we are asrnindividuals, and each has played a role in shaping today's culture. I haverntranslated Lively's description into what I call the Four Natures.
rnrnAssistive Nature: It seems like people want to be helpful
rnrnFamiliar Nature: In familiar circumstances, humans tend tornlet our guard down.
rnrnEmotional Nature: People tend to hinder or overshadowrndecision-making by triggering emotions.
rnrnAnother way to ensure the internet privacy and security isrnthe training of network security engineers.
rnrn