Presented by:

Casey Mullins

Social Engineering- Persuasion -

WHAT IS PERSUASION?

• The main objective is to convince the person disclosing the information that the social engineer is in fact a person that they can trust with that sensitive information.

METHODS OF PERSUASION

• Impersonation

• Ingratiation

• Conformity

• Diffusion of Responsibility

• Friendliness

IMPERSONATION

• Creating some sort of character and acting out the role.

• Hackers strike when the person they are impersonating is out of town and call on the phone using voice recorders.

• Attackers include: a repairman, IT support, a manager, or a company employee.

INGRATIATION

• To gain favor or favorable acceptance for by deliberate effort.

• Employees want to impress, so they will provide information to an authority figure.

CONFORMITY

• Group-based behavior, but can be used occasionally in the individual setting by convincing the user that everyone else has been giving the hacker the same information now requested, such as if the hacker is impersonating an IT manager.

DIFFUSION OF RESPONSIBILITY

• Convincing someone to reveal information by tricking them into thinking you’re the manager.

• Tell the employee that, you the manager, will take care of everything alleviating the stress on the employee thus convincing the employee to give you everything.

FRIENDLINESS

• This is the best way to obtain information using a social engineering attack.

• Flattery or flirtation will help soften up the potential victim.

• A experienced hacker must know when to pull back when too much information has been taken, just before they get suspicious.

FACTORS THAT INFLUENCE

• Authority – people are highly likely, in the right situation, to be highly responsive to assertions of authority, even when the person who purports to be in position of authority in not physically present.

• Scarcity – people are also highly responsive to indications that a particular item they may want in in short supply or available for only a limited period.

FACTORS THAT INFLUENCE

• Liking and Similarity – It is a truly human tendency to like people who are like us. We tend to regard him or her more favorably merely because of similarity.

• Reciprocation – a well-recognized rule of social interaction requires that if someone gives us something, we feel a strong urge to reciprocate by giving something back in return.

FACTORS THAT INFLUENCE

• Commitment and Consistency – if we promise to do something, and fail to carry out that promise, we are virtually certain to be considered untrustworthy or undesirable.

• Social Proof – In many social situations, one of the mental shortcuts on which we rely, in determining what course of action is most appropriate, is to look to see what other people in the vicinity are doing or saying. Prompts us to take actions that may be against our self-interest without taking the time to consider them more deeply.

REFERENCES

Chuvakin, Anton. NLP-powered Social Engineering. 20 March 2001. http://www.securityfocus.com/guest/5044

Granger, Sarah. Social Engineering Fundamentals, Part I: Hacker Tactics. 18 Dec. 2001. http://www.securityfocus.com/printable/infocus/1527

The “Social Engineering” of Internet Fraud. http://www.isoc.org/inet99/proceedings/3g/3g_2.htm