• Choose a category
• All
• Classic-Fiction

By Root 10072 0

prices of fuel after Hurricane Katrina. The claim was that fuel was in shortage due to the destruction, which caused terrible price increases. Of course, if this were true then the fuel would be worth a lot more than it is; instead it was an example of the claim of scarcity used to make money. Yet at the same time, when BP’s error caused millions of gallons of oil to be lost in the Gulf of Mexico, ruining the ecosystem, instead of fuel prices skyrocketing due to lack of supply, they dropped. How? Well I won’t get into that here, but it proves the point that for scarcity to work, it has to be believable, and this where the oil companies fail and where social engineers can fail, too.

From a social engineer’s standpoint, the more limited or difficult it is obtain an opportunity the more value it will have to people. If information is deemed as private, restricted, and hard to come by, and you are willing to share it with someone, you have just gained a lot of value in their eyes.

A social engineer can leverage scarcity with information by using a statement like, “I am not supposed to be saying this but…” or “I am not sure if you heard this news, but I overheard…” Statements like these spoken in hushed tones imply that this information is scarce.

Authority

People are more willing to follow the directions or recommendations of someone they view as an authority. Finding a person who has enough assertiveness to question authority directly, especially when that authority holds direct power over him or is face-to-face with him is uncommon.

Children, for example, are taught to obey adults such as teachers, counselors, priests, and nannies because they have authority over them. Often, questioning authority is deemed as disrespectful and abject obedience is what is rewarded. These principles carry over into adult life because we are taught to respect authority figures and not question rules or orders given to us by those whom we deem authorities.

Unfortunately, it is this principle leads many children into the hands of abusers and molesters. Of course, not this principle solely, but those who prey on children realize how children are taught about authority and often seek out those who appear to be more compliant. Similarly, malicious social engineers use this principle to manipulate their targets to take some action or inaction that can lead to a breach.

Understanding how authority is used from a social engineering aspect is important. German sociologist and political economist, Max Weber, defined authority into categories that I have adapted to fit more closely into the realm of social engineering.

Legal Authority

Legal authority is based upon government and law. This generally applies to law enforcement officers or others who enforce the laws of the land, area, or facility you are presently in.

As a social engineer, pretexts that involve law enforcement or other government officials are usually illegal. However, security guards, bank security, or other types of enforcement authority figures can be well represented and are often used by social engineers.

In one episode of the BBC television program The Real Hustle, Paul Wilson and his cohorts dressed up like the guards who collect the money. When someone shows up in the uniforms that look similar to the real ones and acts as a normal person in that authoritative position would act, targets have little reason to doubt the imposter is who he “says” he is. Acting as an authority figure is a major ploy used by social engineers to gain access to a company.

Another ploy that can be effective is posing as a lawyer who is seeking certain information. Playing a role that is generally feared or respected by the masses can be one way a legal authority ploy is used.

Organizational Authority

Organizational authority is quite simply any authority defined by means of an organization. Typically, this refers to a supervisory hierarchy. Someone within a position of power in an organization has more power and access to more information than someone at the bottom of the hierarchy.

In a