What is social engineering? And social engineering techniques!
Social engineering is an art used by criminals (social engineers) to manipulate, seduce and mislead people. Social engineers play on human traits such as ignorance, curiosity, greed, fear, and trust with their social engineering techniques. The ultimate goal: is to steal personal information, money, and all sorts of other things.
The social engineer
Who exactly are these social engineers? Social engineers often pretend to be someone else. For example, you may get a message from the IRS or an e-mail from a company where you often store. In reality, you are interacting with someone else. This could be the friendly neighbor who waves at you every morning, or it could just as easily be a spy from China who wants to enter your employer’s network.
Social engineering techniques
Ignorance, curiosity, greed, fear, and trust. These aforementioned human traits are why social engineers have a host of social engineering techniques lying around. What are these techniques? We list some of them!
One of the most common social engineering techniques is phishing. In the case of phishing, you receive a message that looks “just like the real thing. The message asks you to transfer an amount of money, click on a link or open an attachment. Often, a link or attachment turns out to contain malicious software that allows the social engineer to access your systems.
Quid pro quo
Quid pro quo is a form of scam in which social engineers ask for your personal information in exchange for something. For example, you are asked to create an account on a website, in exchange you will receive a free product. You will never receive the gift, but the social engineer now has your data in his hands that he can use or sell.
Baiting is a form of social engineering similar to phishing. The main difference is that the social engineer makes a promise to entice you. They do this, for example, by offering free movies and series. However, there is a catch. To watch the movies and series, you have to give your login information!
Start today with GOOSE VPN and get this deal! You can try it 30 days without any risk with our 30 day money back guarantee
Holidays Deal - Lifetime VPN for €149.00
Start today with GOOSE VPN and get this deal! You can try it 30 days without any risk with our 30 day money back guaranteeSTART NOW
Six principles of persuasion
Humans are social creatures by nature. Therefore, the thought processes of others have a great influence on our decision-making. The art of social engineering is a psychological game between the social engineer and a victim, in which the social engineer applies various psychological techniques to influence behavior.
Why do people say “yes” to requests? This is the question Dr. Robert Cialdini, professor emeritus of psychology and marketing at Arizona State University and founder of Influence at Work, asked himself. To answer this question, Dr. Cialdini initiated research that led to the six principles of persuasion: reciprocity, consistency, social proof, authority, sympathy, and scarcity. Dr. Cialdini’s six principles of persuasion are often applied by social engineers, but how exactly do these six principles work?
Principle 1: Reciprocity
You know the drill – after a delicious dinner at a restaurant, you receive the bill. On the table is a saucer containing a receipt and some mints or candies. Although these mints and candies look like a nice gesture from the restaurant, it is a strategy to get more tips. This has everything to do with the first persuasion principle: reciprocity.
When someone gives us a gift we tend to give something back to that person. The same thing happens with mints or candies in restaurants. Because you get something nice you tend to tip the staff (more) faster. Research has shown that people tip 18 to 21 percent more if they get something tasty with the bill.
Social engineers can apply this principle to their social engineering techniques. For example, you receive an e-mail containing a coupon for 25 euros off at your favorite website. All you have to do is create an account. Out of enthusiasm, you don’t have to think about this for a second. Within a minute your new account is up but the 25 euro discount does not work. The social engineer now has all kinds of data about you that can be used for evil purposes.
Principle 2: Consistency
Do you ever sleep in a hotel? Then you’ve surely seen a card in the bathroom asking you to reuse your towels. How the hotel makes this request affects your behavior. Along with Dr. Noah J. Goldstein and Steve J. Martin, Dr. Robert Cialdini conducted research on this phenomenon.
Working with a hotel, the three researchers left two different tickets in the bathrooms of the hotel where the experiment took place. The first ticket asked guests to reuse their towels to save the environment, and show their respect for nature. The second ticket indicated that the majority of hotel guests reused their towels at least once during their stay. And what’s more, guests who were told that most guests reuse their towels were 26 percent more likely to reuse their towels than those who received a message about environmental protection.
This is a good example of the first persuasion principle of consistency. The principle states that people are subconsciously inclined to behave in ways that are consistent with the past. Hotel guests who received the message that most hotel guests reuse their towels were much more likely to tend to reuse their towels because it is consistent with past behavior.
The second principle, consistency, is also regularly applied to social engineering techniques. For example, the social engineer sends, on behalf of someone else, an e-mail. The e-mail contains the important question of whether you want to transfer a small amount of money. You transfer the money. Later, you receive another e-mail, and another, and another. The amount of money asked for gets higher and higher and higher. Because people tend to stay consistent, eventually you keep transferring the money amount. But not to the person you think it is.
Principle 3: Social proof power
After hours of strolling through a new city, do you feel like a refreshing drink and a tasty snack? Chances are you’ll take a seat at the busiest restaurant. This is how the third principle, social proof power, works.
The moment many people perform a certain action similarly, we assume it is the right way. When we see a crowded restaurant and an empty restaurant, we assume that the crowded patio is the best choice, without knowing what the empty restaurant has to offer.
How is this third principle applied to social engineering techniques? For example, social engineers make you qualify with an ad. The ad shows that there is a great new app on the market that everyone is using. You don’t want to be left behind the rest, so you click on the link in the ad. The link ends up causing malicious software to be installed on your device.
Principle 4: Authority
The fourth principle, authority, means that we tend to follow the example of experts. If you see a toothpaste commercial go by in which a dentist is promoting a new toothpaste, you are more likely to purchase the toothpaste than if a firefighter is promoting the same toothpaste.
Someone with authority is a trusted source for many of us. Social engineers are aware of this and use it in their social engineering techniques. Often, social engineers send a message on behalf of the IRS containing a payment request. Most people blindly transfer money. After all, it’s the IRS, it must be right. But without realizing it, a social engineer is a few hundred euros richer.
Principle 5: Likeability
We are more easily persuaded by people we like than by people we don’t. This is the fifth principle of persuasion. There are three scientifically essential factors on which we base whether we like someone.
- We like people who are similar to us
- We like people who give us compliments
- We like people with whom we can work on common goals
After a few months of intensive use, your athletic shoes are worn out. You decide to buy new ones so you go to a large sporting goods store. You ask the nearest store employee for help, but you get a disinterested answer. Soon the clerk discouraged you from making a purchase. A new employee walks up and sees that you need help. Coincidentally, you and the associate play the same sport. The fact that you and the associate play the same sport creates a click between you, so you enjoy buying the shoes from Jurre (now you know the associate’s name).
The fifth principle, sympathy, is also often applied to social engineering techniques. Do you use social media? Then it sometimes happens that you receive a friend request from a stranger. Whether or not you accept a request can have major consequences.
You look at the person’s name and profile picture and scroll the page for a while. Finally, you decide to accept the request. After a few days, there is more and more contact between you and your new boyfriend or girlfriend. You know everything about each other. Well, the other person knows everything about you. You know everything about a fictional person. After a while comes the all-important question of whether you want to transfer money. You do it, and then a few more times, until you hear nothing more from that good friend.
Principle 6: Scarcity
The sixth principle states: if we can’t get it, we want it all the more. This age-old psychological trick is used many times by scammers of all shapes and sizes. The scam trick is used not only in real-life but also online.
Stores also use this principle. After hours of scrolling through the online store, you come across that one perfect item. You’re only unsure about the price. Is the item worth that much money? You decide to wait with the purchase of the item until you see the message ‘only 1 item available. To avoid missing out, you decide to add the item to your shopping cart and pay for it.
Scarcity, the sixth principle, is also frequently applied to social engineering techniques. An example is time limits on an e-mail. Social engineers can send e-mails containing a special field to supposedly change your login information. The reason for this? They have spotted suspicious activity on your account and want to protect you. You hesitate about what to do, but then you see a countdown clock. You only have 24 hours to change the data. Fearing the link will expire, you change your data. The account is not changed and the social engineer has all the necessary data to scam you further.
Protect against social engineering
Want to better protect yourself from social engineering? You can! First, it is wise to be careful with the information you distribute. Never just give away sensitive information. Before you know it, a social engineer will be using your personal information!
You might accidentally click on a malicious link or attachment. In that case, you want to know as soon as possible that there is malicious software on your device. So use a cyber-attack detection program, such as Cyber Alarm from GOOSE VPN. These programs scan your Internet traffic for malicious software and notify you when malicious software is detected.
In addition, it is wise to update your software. Outdated software contains vulnerabilities that allow social engineers to enter your system even more easily.
You can also use a VPN connection. This is a secure connection between you and the Internet. By using this connection, your data is encrypted and no one can watch your Internet traffic. Social engineers can no longer watch what you do. Some social engineers use your personal information in their social engineering techniques. Therefore, it is nice to protect yourself better.
Use GOOSE VPN
Would you like to use a VPN connection? GOOSE VPN is the perfect solution. With our reliable, simple, and affordable VPN connection you are better protected online and social engineers can no longer watch your Internet behavior.
In addition, with GOOSE VPN you can use the Cyber Alarm. The Cyber Alarm is an extra addition that monitors your Internet traffic 27/7 for malicious software. If any malicious software is detected, you will be notified immediately!
Sign up now with GOOSE VPN
Protect yourself from social engineering with GOOSE VPN connections and Cyber Alarm! Sign up with GOOSE VPN now and receive a 30-day money-back guarantee.