• Choose a category
• All
• Classic-Fiction

Examples of attacks: A social engineer attempts to cloak himself in the mantle of authority by claiming that he is with the IT department, or that he is an executive or works for an executive in the company.

Liking

People have the tendency to comply when the person making a request has been able to establish himself as likable, or as having similar interests, beliefs, and attitudes as the victim.

Examples of attacks: Through conversation, the attacker manages to learn a hobby or interest of the victim, and claims an interest and enthusiasm for the same hobby or interest. Or he may claim to be from the same state or school, or to have similar goals. The social engineer will also attempt to mimic the behaviors of his target to create the appearance of similarity.

Reciprocation

We may automatically comply with a request when we have been given or promised something of value. The gift may be a material item, or advice, or help. When someone has done something for you, you feel an inclination to reciprocate. This strong tendency to reciprocate exists even in situations where the person receiving the gift hasn’t asked for it. One of the most effective ways to influence people to do us a “favor” (comply with a request) is by giving some gift or assistance that forms an underlying obligation.

Members of the Hare Krishna religious cult were very effective at influencing people to donate to their cause by first giving them a book or flower as a gift. If the recipient tried to return the gift, the giver would refuse remarking, “It’s our gift to you.” This behavioral principle of reciprocation was used by the Krishnas to substantially increase donations.

Examples of attacks: An employee receives a call from a person who identifies himself as being from the IT department. The caller explains that some company computers have been infected with a new virus not recognized by the antivirus software that can destroy all files on a computer, and offers to talk the person through some steps to prevent problems. Following this, the caller asks the person to test a software utility that has just been recently upgraded for allowing users to change passwords. The employee is reluctant to refuse, because the caller has just provided help that will supposedly protect the user from a virus. He reciprocates by complying with the caller’s request.

Consistency

People have the tendency to comply after having made a public commitment or endorsement for a cause. Once we have promised we will do something, we don’t want to appear untrustworthy or undesirable and will tend to follow through in order to be consistent with our statement or promise.

Example of attack: The attacker contacts a relatively new employee and advises her of the agreement to abide by certain security policies and procedures as a condition of being allowed to use company information systems. After discussing a few security practices, the caller asks the user for her password “to verify compliance” with policy on choosing a difficult-to-guess password. Once the user reveals her password, the caller makes a recommendation to construct future passwords in such a way that the attacker will be able to guess it. The victim complies because of her prior agreement to abide by company policies and her assumption that the caller is merely verifying her compliance.

Social Validation

People have the tendency to comply when doing so appears to be in line with what others are doing. The action of others is accepted as validation that the behavior in question is the correct and appropriate action.

Examples of attacks: The caller says he is conducting a survey and names other people in the department who he claims have already cooperated with him. The victim, believing that cooperation by others validates the authenticity of the request, agrees to take part. The caller then asks a series of questions, among which are questions that draw the victim into revealing his computer username and password.