Social Engineering - Christopher Hadnagy [113]
Commitment and Consistency
People value consistency in others, and they also want to appear consistent in their own behavior. Generally people probably want their words, attitudes, and deeds to be consistent and congruent. Consistency reduces the need to reprocess information and offers shortcuts through complex decisions.
Gut feelings—those moments where you sense that an action is good or bad, or right or wrong, based on past experience—are often indicators that a decision being made might be against previously committed feelings and beliefs. These signals often indicate that you feel pushed to agree to something that you don’t want.
Gut feelings can also occur when it comes to making commitments. Gut feelings may indicate that you are uncertain of whether your commitment was a mistake. You can ask yourself, “Knowing what I now know, if I could do that again, would I make the same commitment?”
Before looking at how a social engineer can use consistency to gain someone’s commitment, take a look at three examples that might help hit this point home.
Marketing: Companies often spend extraordinary amounts of money to gain market share. There is no real return, but they fight to remain in that share that they believe to be profitable. Coca-Cola and Pepsi are great examples of using marketing throughout the decades in the fight to remain visible, yet often a commercial will not sway a person to switch from Pepsi to Coke. Because the two companies have been “committed” to the war against each other it seems that when one of them comes out with a new product or marketing idea, the other is not too far behind.
Auctions: The increased popularity of online auction houses such as eBay has this principle more visible. People feel a level of commitment to something they place a bid on and if someone outbids them it is as if they are compelled to bid again. At times they will even increase the bid way past their comfort zone because they feel committed. One classic example of this is when Robert Campeau bought Bloomingdales. He paid $600 million dollars more than it was worth. Max Bazerman, author of Negotiating Rationally quoted a journalist from the Wall Street Journal as saying, “We are not dealing with price anymore, but with egos….”
Carnivals, game houses, and so on: Anytime gambling or game houses are involved a greater risk exists of commitment and consistency being used to persuade people. One columnist, Ryan Healy, an online marketing consultant, wrote a story about when he took his daughter to a circus (www.ryanhealy.com/commitment-and-consistency/). He spent $44 on the tickets, $5 to park his car, then 40 minutes of drive time to get there. He was committed to being at the circus. His daughter wanted cotton candy so he committed to a yes by giving her $5. How could cotton candy cost more than that? When the vendor came by and said the bag was $12, how could he back out on his commitment now? He couldn’t, and therefore ended up spending the $12 on a single cotton candy.
Consistency in this pretense is defined as what is expected based on previous experience or expectations. That experience or expectation can motivate a target to take an action that can cause a breach. For example, when the tech support guy comes it is expected he will go to the server room. That request is consistent with the previous experience and expectation. When access to the server room is requested, it is more likely to be fulfilled because it is consistent with what is expected.
Commitment and consistency can be strong influence factors upon most people to take actions, give information, or divulge secrets.
A social engineer can make commitment and consistency some of the most powerful tools in his or her arsenal. If a social engineer can get a target to commit to something small, usually escalating the commitment is not too hard.
In his book Influence, Robert