What is social engineering, what are the different types, and why would you ever need to use it? Why should you be on the lookout for it? The basic premise of social engineering is to psychologically manipulate someone to get what you want. Sound harsh, doesn’t it? The truth is, we all use “social engineering” on a daily basis without even realizing it.
One of the most basic and common occurrences of social engineering is displayed in the parent-child relationship.
How many times have you heard a parent say, “If you eat all your lunch you can have some ice cream?” It's a simple way to explain it but, using the self-interest of someone (the thought of getting ice cream) to get them to do something (eat their food) is a form of social engineering.
Social engineering is used by folks on both ends of the spectrum, those who have good intentions and those who don’t. You may have good intentions if you are in a tight spot and are in critical need of something from someone. There may be a time you may need to convince someone to help you in order to take care of that need. Examples may be:
- Convincing someone to let you use their phone
- Convincing someone to give you a ride
- Convincing someone to loan you money for gas if your card doesn’t work
These are all simple and innocent examples of when you may need to convince someone to do something they are NOT compelled to do.
According to Dr. Robert Cialdini, there is a definitive science to how people are persuaded and the science behind it would surprise most folks.
In a perfect world, we would factor in all available information when making a decision. However, the decision-making process doesn't necessarily work that way in real life. We constantly seek shortcuts or rules of thumb to guide our behavior in our super busy lives. Dr. Cialdini’s research has identified just 6 of these shortcuts as universals that guide human behavior. They are:
These 6 shortcuts are used to influence our decisions on a daily basis. They are used for both good and bad and we should be aware of how they work in order to safeguard ourselves. We should also be aware of how they work so we can use them if and when a scenario calls for it.
Reciprocity is when people are obliged to give back to others the form of a behavior, gift, or service that they have received first. Most folks don’t like to feel indebted and it creates somewhat of an obligation to repay debts that are outstanding.
How many times have you tipped housekeeping at a resort or hotel and received some sort of perk out of it? It happens all the time. Keep in mind, you should be tipping because it’s the right thing to do. First of all, most of the staff work very hard and a good tip can really help them out. Outside of that, there are some fringe benefits. Odds are, you will always have plenty of amenities, a super clean room, and a well-stocked minibar. This is just one example of how the principle of reciprocity is used to manipulate the behavior of another.
The principle of Scarcity is when people want more of those things they can have less of. I remember being in the Maasai Mara of Kenya a few years back when I found myself negotiating for a Maasai spear. I had wanted a legitimate Maasai spear for some time, but everything you find is commercially made just for tourists. Basically, they are mass produced junk.
The social engineering principle of scarcity can cause someone to do something that they normally wouldn't do, because the thing they want is scarce.
On this particular occasion in a Maasai village, I was able to use the principle of scarcity to make a trade for a legitimate spear. Thirty minutes of negotiations plus a Casio G-Shock and some cash and I walked away with an authentic Maasai spear and a tribal hunting knife. Cash is used all the time and it’s fine if you want to buy the knock-offs. However, the G-Shock (digital watch) is very scarce and can’t be easily obtained in this particular area. The thought of this scarcity and his desire to have the watch caused the man to go to his hut and return 10 minutes later with authentic (I hope) items.
Authority is built on the basis of people following the lead of credible, knowledgeable experts. We are overwhelmed by this in the world we live in. We see it in TV ads, radio commercials, print magazines, and all over the internet. The reality is, we look for validation when making decisions. The easiest way for this to happen is for an “authority” to legitimize the decision we are trying to make. If it’s good enough for expert “A”, it’s good enough for me.
A uniform makes someone look like they have more authority.
In my previous life as a federal agent, I used the principle of authority all the time with informants, during interrogations, and for undercover work. There are a number of “things” people look for when validating someone’s authority. How someone is dressed, what they drive, or what title they use when introducing themselves, all establish their credibility. Combine all of these elements into one package and your presentation can be very convincing to an untrained eye. Bad guys use this tactic all the time to gain access to personal identifying information or worse, your home! Be wary of unsolicited repairmen, salesmen, delivery folks, etc.
The Consistency principle explains how people like to be consistent with the things they have previously said or done. This creates a shortcut in our lives and it makes the decision-making process easy. If you have said “yes” to a particular person’s simple requests time and time again, the desire to continue saying yes is strong. Once the initial commitment is made for something small it’s easier to ask for larger and more complicated requests as time goes on.
The Liking principle demonstrates how people prefer to say yes to those they like. We like people who are similar to us, we like people who pay us compliments, and we like people who cooperate with us towards mutual goals. This principle works very well when used, especially when it’s sincere. If you share something common with someone, establish rapport around the similarity and offer compliments to back it up. You are more likely to get what you want out of them when this practice is utilized.
The Consensus principle explains how people will look at the actions and behaviors of others to determine their own. How many times have you been in a traffic jam only to watch someone ahead of you cut across the grassy median onto the service road for a quick escape? The next thing you know, another person does it, then another, then another. In rapid fashion, there is soon a mass exodus. Watching other cars “break the law” and cut across the median is all the social proof some people need to commit the same behavior.
Folks are more likely to do something if they see others doing it. Don't be a sheep!
The consensus principle, in a nutshell, is the sheep mentality, where people will do something if they see others doing it.
Learn to use the self-interest of others to get their cooperation (highlight the benefits). To do this, you will need to be empathetic in order to gain the other person's insight. If you can “feel” their emotions it will help you gauge what they are thinking or how they are feeling. Use this and give them a reason to make the decision in your favor. If someone has a need and you can meet it while benefiting yourself, both parties win.
Take away all power from the word “No”. This will help build confidence because the possible outcome of a no doesn’t scare you anymore.
Situational Awareness is the key to safeguarding yourself from the folks who implement social engineering for malicious purposes. The general rule of thumb is if something seems to good to be true, it probably is. Your goal is to be aware of the following to help safeguard yourself:
- Be mindful of folks putting you into indebtedness
- Avoid the feeling to always say yes if you have established a pattern of doing so
- Don’t be lured into doing something just because you see other folks doing it
- Avoid the feeling of needing to comply based on someone’s clothing, titles, trappings, etc.
- Don’t let the “likeability” of someone influence sound judgment
- Avoid compulsive decisions based on a feeling of scarcity
The topic of social engineering is hardly ever brought up without controversy. However, this is something we all engage in. There are always the folks who say I am advocating and encouraging people to manipulate and “use” one another. As with anything else, you have to look at things in context. Social engineering is not bad in and of itself, but people who use it for bad purposes are. On the other hand, I do believe if people are to protect themselves from this type of behavior, they have to be aware of how it works and what it looks like.
If being nice to someone and gaining their favor gets me an upgrade at the hotel I’m staying in is bad, I guess I’m guilty. Maybe I will sleep a little better in my upgraded room and maybe the hotel staff may have a little better day because someone was genuinely nice to them and left a good tip.