|
THE PSYCHOLOGY OF SOCIAL ENGINEERING |
||
|
You Can’t Force Compliance: Social engineering is
not mind control. You can never guarantee compliance, even threats of death
are not persuasive enough in all situations |
||
|
Social Engineering Increases The Likelihood Of Compliance: |
Despite the fact that you can’t force compliance, social engineering
is still highly effective. This is because social engineering tactics
increase the likelihood of compliance. |
|
|
Emotions Motivate Behaviour: |
Emotion is the key to increasing the likelihood of compliance (i.e.,
performing a desired behaviour). Emotions are the motivating force behind behaviour,
and provide the goals that shape and direct our decisions. |
|
|
Emotions Are Based on Physical States |
The experience and label of an emotion is based upon how we interpret
our core affective state, using our knowledge and understanding of the
emotion. |
|
|
Affect Emotions, Affect behaviour: |
If you can affect the source of a behaviour, then you can affect the behaviour
itself |
|
|
Principle of Reciprocity |
People are inclined to be fair. If someone does something for us, we
naturally want to do something for them. In social engineering, an attacker
might give something to the target (like a small gift or favour) to induce a
sense of obligation to give something back |
|
|
Principle of Authority: |
People tend to obey authority figures. Attackers often pose as bosses,
law enforcement, or other figures of authority to trick their targets into
complying with their requests |
|
|
Principle of Consistency: |
People like to be consistent with things they have previously said or
done. Attackers can exploit this by getting their targets to agree to a
small, innocuous request before hitting them with a larger, more damaging one |
|
|
Principle of Liking: |
People are more likely to comply with requests from people they like.
Attackers can exploit this by building rapport with their targets or by
pretending to have common interests |
|
|
Principle of Scarcity: |
Opportunities seem more valuable to us when they are less available.
Attackers can create a sense of urgency or exclusivity to pressure their
targets into making hasty decisions |
|
|
Understanding these principles can help
individuals and organizations build defences against social engineering
attacks. By being aware of these tactics, we can be better prepared to
recognize and resist social engineering attempts |
||
.png)
No comments:
Post a Comment