Social Engineering Isn’t About Making Friends, But Exploiting Your Trust

The art of hacking doesn’t always involve an individual slouched over a keyboard frantically typing code to steal your data. Known as social engineering, this type of hacking can be more complex than attempting to break through security systems. By employing con games and psychological manipulation Instead, a hacker will try to break through your mind, gaining your trust in the process.

On February 15th, 1995, the FBI arrested the then infamous computer hacker, Kevin Mitnick. While Mitnick was detained for more advanced hacking schemes, he relied heavily on social engineering to obtain sensitive information from his victims. Flash forward to a fictional movie called Hackers — released in the same year — and the film’s eerie opening scene shows the protagonist posing as an executive to extract information from an unaware security guard. A chilling example of social engineering caught on celluloid.

Read More: 5 Things You Can Do to Prevent Phishing Scams at Work

Social Engineering is a tactic used before the days of computing but has rapidly evolved and become more sophisticated as the digital age emerged. Today, many individuals may be familiar with the term ‘phishing,’ an extremely prevalent form of social engineering in which a hacker impersonates a trusted person or entity, convincing someone to share valuable personal information.

You can avoid social engineering by becoming familiar with the techniques involved and understand how a hacker might attempt to manipulate you for their own purposes. Here are the six fundamental principles of social engineering laid out by Professor Robert Cialdini in his 1984 book, Influence: The Psychology of Persuasion:

1. Reciprocity – You’re more likely to perform an action for someone if it’s framed as returning a favor. Social engineers rely heavily on this emotional cue and the best defense is to carefully consider the information you’re giving out – just because you owe someone a favor, don’t give them keys to the castle.
2. Commitment – When an individual commits to an idea they are more likely to sacrifice in order to obtain a goal. For example, if you agree to work on a project with an individual and are asked to share sensitive information, your commitment to the person or project could convince you to hand over data – be aware of what you’re providing and why.
3. Social Proof – This can be summed up by the old phrase “Monkey see – monkey do.” As social creatures, we’re likely to follow what those around us are doing. If your coworkers in the office are unknowingly entering a sweepstakes scam, you’re more likely to jump in and do the same. Don’t forget to think for yourself and avoid the herd mentality – do your research!
4. Authority – Perceived authority is one of the major influences for social engineers to prey upon. The adherence to authority is commonly used in phishing scams. A hacker sends a phony email that appears to come from an authoritative entity like your human resources department, which can cause you to react and provide the requested information right away. However, the fake request can be more direct such as a ‘supervisor’ asking you for a password. When confronted with these types of emails, make sure to understand your company’s security policies. In many cases, passwords shouldn’t be handed to anyone, no matter the person’s level of authority.
5. Scarcity – If the desired object is scarce, you’re more likely to jump for it. These feelings point to historical research when early humans had to forage for supplies and food, often competing for minimal resources. Don’t allow ‘limited time offers’ or ‘act now’ keywords influence you. Think before entering any personal information.

A final tip here is to always take a step back and not allow factors such as authority and commitment warp your judgment. Social engineering is a terrifying practice. Hackers aren’t just attempting to break into our computers, but also manipulate our minds – the most private space of all. Understanding how social engineering techniques work is a head start in keeping yourself protected.