In political science, the term is used to talk about the influences and actions that certain governments and power classes use on society to try to change it.
But in computer security, the expression refers to the techniques of psychological manipulation that cybercriminals use to trap Internet users.
Social engineering is the art of deception .
The objective can be diverse, from obtaining information to fraud or unlawfully accessing certain documents.
To achieve this, scammers use a series of methods and tools with which they seek to confuse the user.
These are some of them.
1. Principle of sympathy
Through the observation of the movements you make when browsing the network or the information that has been published about you, scammers can collect a lot of data, from your email address to your phone number, the name of your pet or your place of residence.
Getting data can be easier than many people think. Try it for yourself. How much can a stranger know about you analyzing your social networks?
The manipulation comes later: the hackers use that information to pose as a person of your trust and to trap you.
“The principle of sympathy, also translated as liking, taste or attraction, points us to something that at first sight may seem simple: we are more predisposed to let ourselves be influenced by people we like , and less by people who reject us.”, says psychologist Robert Cialdini and American writer who wrote in 1984 Influence: the psychology of Persuasio n ( “Influence: the psychology of persuasion”) and defined the six principles.
The best thing is that you avoid giving too much information about yourself to someone you do not know. We tend to trust strangers more when we surf the internet. Remember that prevention is better than cure.
The observation can also refer to the documents you have on the computer. Therefore, the less information you leave on your desk, the better.
A TIP : If you do not want to share too much information about yourself on the internet, disable geolocation so that other internet users do not know where you are. It is also advisable to check your public profile or visit internet directories to know what information they have about you.
2. Principle of scarcity
“Hurry up”. “It is urgent”. “Change your password now.” “Call now!”.
Putting pressure on users to achieve their goals is one of the most common techniques used by cybercriminals.
Through this pressure, they seek to go unnoticed, giving the user less opportunity to fall into the trap.
Many times they use that sense of urgency to send “offers you can not miss” and all kinds of “opportunities” that, in reality, are not as “exclusive” as they say in those emails or text messages.
And that urgency is closely related to what in psychology is defined as the “scarcity principle”, which makes us more willing to approach something if we notice that it is scarce or difficult to achieve.
3. Principle of authority
The threat often comes hand in hand with urgency. For example: “It’s urgent, if you do not change your password right now, you’ll lose your account forever.”
And the threat comes from the hand of what is known as the principle of authority.
As Cialdini explains, “we are more predisposed to let ourselves be influenced when we are challenged by an authority”.
It is not about coercing or exerting power, but with ” the aura of credibility that the authority supposes ” .
“We tend to believe that those in leadership positions have more knowledge, more experience, or more right to an opinion,” the specialist adds in his book.
For this, hackers often try to pose as an entity or person of trust of the victim. This technique is known as phishing.
4. Principle of reciprocity
Through a series of questions of a personal nature, scammers develop the profiles of their victims.
Thanks to this, they manage to establish links to identify the subjects to which they can react in a more favorable way for them.
Many times, they use false profiles to achieve deception. These types of connections are also used for “sextorsion” frauds.
Through these strategies, they apply what is known in psychology as the “principle of reciprocity,” which establishes that we tend to treat others in the same way they treat us.
For example, if we receive a gift or benefit, we will feel the need to return the favor . The effectiveness of this psychological method is greater if the gift is perceived as something personal.
The same thing happens if they tell us a secret or an intimate secret: it is very likely that we want to also share something of our own.
A COUNCIL : Do not establish dialogues with strangers about your personal life. Why do you ask so many questions? Why do you need to know all that information?
5. Principle of commitment and coherence
Having observed your previous behaviors and knowing about you, hackers are able to capture the attention of their victims.
If, for example, they want the person to make an impulsive decision, it will be easier to achieve it by being consistent with the profile of that person, with the tastes he has, with how he defines himself …
In addition, this principle establishes that when a person commits to something , he is more likely to fulfill his commitment, even when his original motivation has disappeared.
That is why, sometimes, scammers use forms and key questions that force you to commit to something specific.
6. Principle of social approval
This principle, which is also called “consensus” or “follow the flock”, states that we tend to accommodate what most people think .
That means that if many people give something for good, we probably do it too (and vice versa).
The scammers try to convince us that a certain antivirus (which is really a malicious program that they try to sell in pop-up windows) is the one used by everyone … and that is why we “need” to install it as well.
Or that many people participated in a raffle and many people touched a price: “You can do it too!”
Do not be fooled.