Theory

From SERepository

Jump to: navigation, search

This page is designed to maintain theories and strategies that can be used in social engineering assessments and prevention.

Social Engineering – Attacking Human Nature and Emotions

Social engineering can exploit the trust inherent to human nature. The successful execution of a social engineering attack will be mainly dependent on the attacker’s ability to build some level of trust or confidence with the target and potential victim. The ability to influence the target's emotions such as guilt, fear, or compassion, is dependent on the attacker’s ability to establish at least a minimal level of trust. And similar to technical attack, once a relationship of trust is established, the attacker might be able to extend that trust relationship to other targets.
Social engineering can attack a victims feeling of guilt. The attacker can make the victim feel guilty about something encouraging them to cooperate. It could be the latest policy they forgot to comply with such as installing iTunes on their work computer.
Social engineering can persuade a victim to have a feeling of fear. This does not necessarily mean making an individual fear for their life, but maybe just feel that they may not get their next paycheck. It could be a phone call to individuals and letting them know that there as been a problem with their direct deposit and it may be a couple weeks before they get paid unless we get some information.
Social engineering can attack an individual's good nature of compassion. Believe it or not, generally people want to help. Especially when they come across a person in distress or with a problem they can relate to. For example, everyone can relate to last minute computer problems before a big deadline. If your target is a mom, maybe you are stuck home with sick kids and need VPN access. Its tough for victims to resist that parental instinct, even when they are fake kids they only hear over the phone.
  • Other areas for further development
    • Curiosity - ex. Thumb drives with custom malicious code or email with interesting subject.
    • Hope - ex. Could win something.
    • Bitterness, Boredom, Betrayal - ex. Trade secret discussion.
    • Happiness Joy - ex. Discussion of the latest successful sports team.
    • Impatience - ex. Keep people on hold for extended amounts of time and then ask for the information.
    • Loneliness, Lust, Love - ex. Have an overly attractive/friendly person asking for the information.
Retrieved from "http://socialengineeringdb.org/index.php5?title=Theory"
Personal tools