Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
The Art of Social Engineering

You're reading from   The Art of Social Engineering Uncover the secrets behind the human dynamics in cybersecurity

Arrow left icon
Product type Paperback
Published in Oct 2023
Publisher Packt
ISBN-13 9781804613641
Length 234 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Cesar Bravo Cesar Bravo
Author Profile Icon Cesar Bravo
Cesar Bravo
Desilda Toska Desilda Toska
Author Profile Icon Desilda Toska
Desilda Toska
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Part 1: Understanding Social Engineering
2. Chapter 1: The Psychology behind Social Engineering FREE CHAPTER 3. Chapter 2: Understanding Social Engineering 4. Chapter 3: Common Scam Attacks 5. Chapter 4: Types of Social Engineering Attacks 6. Part 2: Enhanced Social Engineering Attacks
7. Chapter 5: Enhanced Social Engineering Attacks 8. Chapter 6: Social Engineering and Social Network Attacks 9. Chapter 7: AI-Driven Techniques in Enhanced Social Engineering Attacks 10. Chapter 8: The Social Engineering Toolkit (SET) 11. Part 3: Protecting against Social Engineering Attacks
12. Chapter 9: Understanding the Social Engineering Life Cycle 13. Chapter 10: Defensive Strategies for Social Engineering 14. Chapter 11: Applicable Laws and Regulations for Social Engineering 15. Index 16. Other Books You May Enjoy

Examining the six principles of persuasion

As mentioned, social engineering is an art, an art that can be improved with time but can also be learned by applying several tactics.

Those tactics were highlighted by Robert Cialdini (behavioral psychologist) in the book The Psychology of Persuasion, in which he divides those tactics into six key principles, as shown in the following figure:

Figure 1.5 – Key principles of influence

Figure 1.5 – Key principles of influence

Now, let’s review each of those principles:

  • Reciprocity: There is a strong sense of payback when we receive something from others. Therefore, an attacker may use this technique by giving you something or doing a favor for you to influence your brain to do something form them later.
Figure 1.6 – Example of using reciprocity to influence a victim

Figure 1.6 – Example of using reciprocity to influence a victim

  • Commitment and consistency: If you commit to something, it is likely that you will honor that commitment, even if the original commitment or incentive slightly changes. That is exactly what the attacker wants. First, the attacker will make you commit to something reasonable and then slightly change it at the last minute to something you may have doubts about, but due to the previous commitment, you are likely to accept and proceed. The following figure shows an example of how an attacker can use this to gather physical access:
Figure 1.7 – Example of using commitment to influence a victim

Figure 1.7 – Example of using commitment to influence a victim

  • Social proof: This principle is based on the fact that people’s behaviors are influenced by what others do in a given place (the culture of the place). For example, in companies with a mature cybersecurity culture, tailgating is seen as an unacceptable behavior. However, the same action (tailgating) can be seen as just being polite in other companies with less cybersecurity awareness as illustrated in Figure 1.8:
Figure 1.8 – Example of using social proof to influence the victim

Figure 1.8 – Example of using social proof to influence the victim

  • Authority: It is more likely that people will follow an order when it is given by a person with authority (or at least pretending to have it). Impersonating a cybersecurity expert, influencer, or any other credible or known person is a typical case of using authority to influence the victim into executing a questionable action. As seen in Figure 1.9, the attacker calls the victim, impersonating someone from the IT or security department. Then, the attacker requests the victim to provide a code that they supposedly sent to them. However, what the victim does not know is that the code they are giving to the attacker is actually a password reset code that will give full access to the attacker:
Figure 1.9 – Example of using authority to influence the victim

Figure 1.9 – Example of using authority to influence the victim

  • Liking: People are more willing to trust others they like, and an attacker may use that principle to influence a victim. Liking is not limited to physical attraction; in fact, there are many other methods that attackers may use to gain your trust, as follows:
    • By sharing some characteristics in common (such as saying we live or grew up in the same city or have similar ancestors)
    • By sharing the same passion (for example, the same series, the same idols, the same favorite music group, etc.)
    • By following the same team or groups (in sports, politics, etc.)

    The following figure shows an example of how an attacker can use some compliments to like the victim and gain their trust:

Figure 1.10 – Example of using liking to influence the victim

Figure 1.10 – Example of using liking to influence the victim

  • Scarcity: This tactic is commonly used in marketing to influence you to purchase something (which, most of the time, is something that you don’t need). This tactic is incredibly powerful, which is why it is present in almost all social engineering attacks. Here, the attacker will push the victim by making them believe that they will lose a big opportunity if they do not leverage it right now!
Figure 1.11 – Example of using scarcity to influence the victim

Figure 1.11 – Example of using scarcity to influence the victim

Now, there are other key tactics and techniques used in social engineering attacks that are not included in that list such as developing rapport, empathy, and pretexting, so let’s review them in detail.

You have been reading a chapter from
The Art of Social Engineering
Published in: Oct 2023
Publisher: Packt
ISBN-13: 9781804613641
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime