What Makes People Easily Fooled by Social Engineering
We live in today’s digital era where technology and cyber security are advancing in the blink of an eye. However, little did we realize that we are now more exposed than ever before. Our personal information can be accessed easily through our social media, or even from internet search engines. Social rather than technical penetration attacks are currently one of the most well-known and successful attacks, and they are so successful that these exploits support most cyber-attacks.
Get Deeper about Social Engineering
Social engineering, according to Conteh & Schmick (2016), is “the design and application of deceptive techniques to deliberately manipulate human targets”. In the context of cyber security, it is typically used to persuade victims into disclosing private information or taking actions that violate security protocols, unintentionally infecting systems or disclosing sensitive data.
Oxford University Press (2019) also defined social engineering as the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. In the context of cyber security, it is typically used to persuade victims into disclosing private information or taking actions that violate security protocols, unintentionally infecting systems or disclosing sensitive data. Oxford University Press (2019) also defined social engineering as the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Examining the aforementioned definitions of social engineering, it cannot be denied that social engineering is one of the biggest threats to cybersecurity in today’s digital transformation era. Social engineering attacks can be identified but not prevented (Libicki, 2018). Even though social engineering attacks vary, they all follow a similar pattern and have similar phases. Mouton, Leenen, and Venter(2016) explained the 4 phases of social engineering in their study as follows:
Phase 1: Gather data about the targeted victim. Based on certain criteria, the attacker chooses a victim.
Phase 2: Develop a relationship with the targeted victim. Through direct contact or email communication, the attacker begins to win the victim’s trust.
Phase 3: Carry out the attack using the gathered information. The targeted victim is emotionally coerced by the attacker to divulge personal information or make security lapses.
Phase 4: Leave no trace behind. Without leaving any evidence, the attacker leaves.
Samani & McFarland (2015) mention in the “Hacking the Human Operating System: The Role of Social Engineering within Cybersecurity” Report that social engineering is classified into two categories:
1. Hunting
Obtain information from the targeted victims with the least amount of contact. This strategy typically involves just one encounter, with the attacker cutting off communication after gathering information.
2. Farming
Establishing a relationship with the targeted victims and continuing to “milk” that relationship for information over time.
Why Do People Get Fooled Easily by Social Engineering?
In social engineering, fraudsters use two-ways communications to gain their victims’ trusts. This theory is also stated in Robert Cialdini’s Six Principles of Persuasion (Ferreira, Coventry, & Lenzini, 2015), which foregrounds ways to build influence upon others.
What are the Six Principles of Persuasion?
1. Reciprocity
Reciprocity is particularly dangerous from as it demonstrates how rarely we consider the motivations behind supposedly generous acts — or, if we do, how we stick to our social obligations regardless.
2. Scarcity
This principle explains that people are more likely to want something if they know there is a limited supply. It creates a sense of urgency in people, and they will rush to make their purchase.
3. Authority
This principle explains that experts in their fields can be trusted, especially if they can back up their claims with evidence. Almost every successful phishing campaign employs this technique by posing as a trusted figure.
4. Consistency
This principle takes advantage of people’s reluctance to hypocrisy. Fraudsters manipulate victims into a seemingly harmless opinion or act, then uses that logic to force them into a more important position.
5. Liking
This principle explains that people are more likely to agree to something if asked by someone they like. As a result, others are more willing to do them favors without even realizing it.
6. Consensus
In social engineering, consensus is used for criminals to persuade their targets in doing certain act because ‘everyone else is doing it’ rather than based on total conscience and logical reasoning.
Learn more about how to prevent and avoid social engineering here. If you have any suggestions on how to prevent social engineering, do share them and help others by responding to our story.
