🌊 Social Engineering Tactics

Social Engineering 

My favourite aspect 🙂 Kevin Mitnick was all about this one.

It's the idea where a bad actor takes advantage of cognitive biases.

5.2 Psychological Concepts Instruction 

Psychological Concepts:

-Reciprocity 

-Commitment and Consistency

-Social Proof

-Authority

-Liking

-Scarcity 

Other Principles 

-Trust

-Ignorance 

-Desire to help 

-Desire to be liked

-Gullibility 

-Greed 

Tactics: 

Cognitive Dissonance 

-Many concepts can provoke cognitive dissonance 

-Mental discomfort 

-Situation clashes with current beliefs or attitudes 

-Try to stop discomfort 

e.g. You want to be healthy, but you don't exercise regularly or eat a nutritious diet 

Reciprocity 

-Doing a favour 

-Sense of obligation

-Must delating asking in return 

-Favour gets returned

e.g. Free sticker for their email 

 

Commitment and Consistency 

-Desire to be consistent

-Small initial commitment 

-Relevant request 

-Support commitment 

e.g. Survey for a Charity 

Social Proof 

-Look to others of how to think/act 

-These people know what going on 

-Imply that others are thinking/acting someway 

e.g. If everyone's doing it.. 

Authority 

-Many obey authority 

-May be implied or not provable 

-Avoid punishment 

e.g. Milgram experiments. While many of the subjects

became extremely agitated, distraught, and angry at the 

experimenter, they nevertheless continued to follow orders all the way 

to the end. 

Liking 

-Persuaded by people they like

-Friendly relationship 

-Can just be friendly 

-Be attractive 

Scarcity 

-Limited resources 

-Real or imagined 

-Generated desire for resource 

-Typically used in business 

Additional Principles 

Trust 

-Sense of trust

-Apart of the group 

-Default is to trust

-Look like the group 

-Insider knowledge 

Ignorance 

-Targets aren't stupid 

-Defer to more knowledgeable people 

-Gain technical authority 

Desire to help 

-Emphatise with situation 

-Feel compelled to help 

-Make a believable story 

Desire to be liked 

-People enjoy being liked 

-Socially accepted 

-Testers try to induce this feeling 

-Drop their guard 

Gullibility 

-Easily manipulated

-Some more gullible than others

-Figure out who is gullible 

-Find out gradually 

Greed

-Powerful motivator 

-Most people are vulnerable 

-Know what people want/need 

-Pretend they can provide 

Methods of Social Engineering | Part 1 

-Tailor made for the situation

-Think on your feet 

-Practice and watch others

-Pretexting (Creating a false scenario) 

Provoking Fear

-Create a problem 

-Real of fake

-Target is the reason for the problem 

-Want to correct it 

Power of Authority 

-Know the hierarchy

-Pretend to be authority or act on their behalf 

-Target low level or new employees 

Inflating Authority/Importance 

-Boosts self-worth in target

-Remind them of their power

-Real or imagined

-Bypass real authority 

Politeness

-Respectful and courteous

-Formality is not politeness 

-Need true politeness

-Increases liking 

Asking for Mercy 

-Intense emotions are not common at work 

-Hard to deal with in a work setting

-Urgency and crisis 

Sexual Manipulation 

-Risky if miscalculated

-Subtle is usually better 

-Flirtation is common

-Usually used by females against males but not always

Being Impatient

-Twarts logic or ability to follow rules 

-Reactions can be

--Ignore

--Agitated and confused 

--Indifferent