We tested social engineering online, and it’s super easy

A friend of mine once told me “Wear a nice suit, keep your shoes polished, smile…and you can get away with murder.” He meant it figuratively (I hope). This research from Nixu reinforces the view that others will want to engage as long as you follow a few simple rules…:

[…] Social engineering takes advantage of the following traits of human behavior:

  • The tendency to return a favor – you got a gift or someone’s trust, how can you now say no?
  • Desire to be helpful – maybe they will help you later.
  • The tendency to trust – most people are friendly. It’s especially easy to trust people that like similar things than you. The feeling of belonging together due to the same beliefs or values can increase trust.
  • Curiosity – getting something to gossip about or knowing more than others.
  • Appealing to your ego – you have won, you are the one. Compliments, praise, and exclusiveness work, too.
  • Appealing to authority – better do what the CEO or the inspector says.
  • Appealing to the majority and social acceptance – 9/10 people are doing this, why aren’t you?
  • Fear of losing – if you don’t order now, they’ll run out of stock.
  • Fear of shame – maybe this person on the internet does have embarrassing pictures of me.
  • Laziness – it’s nice to get something for free, and it can be too troublesome to check the facts.
  • The tendency to commitment – it’s easier to stick with something familiar and keep doing it. Social engineers use this by first asking you to do a small favor and then proceeding to bigger things.

Many online social engineering attempts are reaching out to the general audience because there’s a good chance that someone will fall for the hoax. A very successful social engineer knows their victim well and uses that information to make a targeted attempt. Everybody has a weak spot. Open-source intelligence is a powerful way of gathering data about the target.

It’s good to note that social engineering online is not only limited to phishing, CEO fraud, malware delivery emails, and subscription traps. Fake news and spreading disinformation are also ways of manipulating human behavior.


Original article here