SHREE LEARNING ACADEMY

The reason why social engineering is effective is because we are human. Social engineering tactics are formulated to exploit different facets of human behavior. While not all individuals may fall prey to every attempt, the majority of us can be susceptible to at least one of these commonly used social engineering principles.

Authority

The technique of authority is potent since many individuals tend to obey figures of authority. The key lies in persuading the target that the attacker possesses legitimate authority. Such authority may originate from either the internal hierarchy of an organization or an external recognized authority, for instance, law enforcement, debt collection, pest extermination, technical support, utility inspection, among others. Attackers may establish their authority in different ways, either by verbal assertion or by putting on a uniform or costume.

Intimidation

Intimidation means using authority, confidence, or the threat of harm to make someone do what you want them to do. This often happens when the situation is unclear and there isn't an obvious solution. The person doing the intimidating tries to use force, whether real or just the fear of it, to get the other person to obey quickly without thinking about it.

Consensus

Leveraging a person's inherent inclination to imitate the actions of others or what they have purportedly done in the past is referred to as consensus or social proof. One illustration of this is bartenders placing money in their tip jar to create the impression that previous customers were satisfied with the service. Individuals may write their name on a railing when they visit a tourist attraction since numerous other names are already present. Similarly, people may halt their movement on a street and become part of a gathering merely to discover what is happening. As an illustration, the attacker may allege that a worker who is currently unavailable, guaranteed a significant discount on a purchase and that the transaction must be conducted at now as the targeted individual is a salesperson.

Scarcity

The use of scarcity as a technique aims to persuade individuals that an item holds greater worth, based on its limited availability. This tactic is frequently observed in consumer behavior, where time-sensitive promotions, low inventory levels, or discontinued products can inspire buyers to make a purchase.

Familiarity/liking

The social-engineering principle of familiarity or liking aims to take advantage of an individual's inherent trust in things that are familiar in order to manipulate them. In an attempt to deceive the target, the attacker frequently creates a false sense of familiarity or connection by claiming to share common friends or experiences, or adopts a false identity of a different person or organization. When a message appears to originate from a familiar source, such as a friend or the target's bank, the likelihood of the target trusting and taking action on the message's content significantly increases.

Trust

As a social engineering principle, building trust requires the attacker to establish a connection with the victim, which can take anywhere from a few seconds to several months. Once a level of trust is established, the attacker leverages it to persuade the victim to disclose sensitive information or engage in an activity that breaches the organization's security.

Urgency