Social-Engineer Newsletter – Vol 06 Issue 77

Vol 06 Issue 77
February 2016

In This Issue

  • Manufacturing Emotion
  • Social-Engineer News
  • Upcoming classes

THE NEWS


As a member of the newsletter you have the option to OPT-IN for special offers.  You can click here to do that.


Check out the schedule of upcoming training on Social-Engineer.com

2016 Schedule

If you want to ensure your spot on the list register now – Classes are filling up fast and early!


Do you like FREE Stuff?

How about the first chapter of ALL OF Chris Hadnagy’s Best Selling Books
       

If you do, you can register to get the first chapter completely free just go over to http://www.social-engineer.com to download now!   


To contribute your ideas or writing send an email to [email protected] 


 Special Thanks and Notices:

If you want to listen to our past podcasts hit up our Podcasts Page and download the latest episodes.

A Special Thanks to:

Ace Hackware for their support in very cool schwag and hacker tools

The EFF for supporting freedom of Speech

Check out Robin Dreeke’s amazing book called “Its Not All About Me” packed with the top 10 techniques to building rapport fast. It is an awesome book!


We are adding pages to the framework every day… check out our informational resources like the SE Infographic below.


Chris Hadnagy’s & Michele Fincher’s new book is out and available – Phishing Dark Waters:

Unmasking The Social Engineer:  The Human Side of Security
is an effort that took over 2 years to write with help from Dr. Paul Ekman and Paul Kelly.


Keep Up With Us

Friend on Facebook Facebook
Follow on Twitter Twitter

Manufacturing Emotion: Using Emotional Connections in Elicitation 

Picture it. A serene afternoon, warm with sunshine, a gentle breeze blowing, children laughing. Feels nice, doesn’t it? You can almost feel yourself smiling. What emotions happen during that little sentence? It’s amazing that words can cause us to feel a certain way, to change belief or express something which is important. Storytellers, artists, and marketing gurus have been using this part of our psychology to make us “feel” something in regards to their products for centuries. These same techniques find a home in social engineering as well.



According to
Bagozzzi, et al “Emotions are mental states of readiness that arise from appraisals of events or one’s own thoughts,”. This simple description covers a wide range of experience which for the most part is common to all humankind. In the video linked below, the creators were looking to create a feeling of helplessness and panic. See if that’s how you feel after watching it:

https://www.youtube.com/watch?v=YQNXJpuLKwU

What feelings did this video create in you?

Dr. Paul Ekman identified 7 basic emotions that are universal in all humans: Happiness, Sadness, Surprise, Fear, Anger, Disgust and Contempt. These basic emotions combine to form the myriad of feelings we experience. Each one is tied to the way we react to situations and stimuli. The main key in using emotion is knowing how the person will react, and creating an environment to cause a reaction which is desirable. These principles apply in counseling, marketing,social engineering, and any other area of influence.

One theory of the emotion to reaction process comes from Dr. Walter Cannon, who coined the term “Fight or Flight”. This is a phenomenon in which a person experiences both emotion and physiological reaction simultaneously to a perceived threat or stress in the environment. An example of this phenomenon would be in the video; the boy fell out of the tree causing immediate fear (and presumably a simultaneous physiological reaction) in the father, who acted by rushing to the boy’s side and lifting his head (Don’t do that! Neck and head injuries can be deadly if you move them!) and crying for help. Did you experience something similar? The key to effective use of emotions in influence is predicting the correct response in a target, which is far more art than science.

Some of the basic reactions to emotional triggers are

  • Anger/Disgust – Typical reaction is the  Fight or Flight response described earlier, in which the body’s sympathetic nervous system prepares the body through the release of hormones that cause things like a raise in blood pressure, dilating of the pupils, decreased blood flow to the digestive system. Interestingly enough, our physiological reaction is the same regardless of the level of threat – so as a social engineer, we need to be careful if using this as a form of influence.  
  • Happiness – When endorphins are released in your system they trigger positive feelings, and the more happy or positive a person is, the more likely they are to comply with influence.
  • Sadness – Sadness can change us physiologically.  It softens our posture and lowers our vocal tone. We also know that sadness is linked to empathy.  These emotions can be a powerful form of influence, in moderation.
  • Surprise/Fear – This reaction is also typically the Fight or Flight response, and depends heavily on context. Again, due to the potential for an extreme reaction, we recommend using this emotion with caution

In order to be effective at generating these emotions we have to understand them and also the specific events which will create that reaction. If the event is miscalculated instead of an individual desiring to fight against a common enemy, they can potentially try to fight against you. There are no 100% guarantees in dealing with emotions, but there are probabilistic likelihoods you can use. The reason the ad campaign from St. John’s Ambulance was so effective was it played on one of humanity’s most basic instincts: To protect children and continue the human race. Similarly, especially in this day’s political climate there is a tremendous outcry against inequality and oppression, which creates an anger response. If you want to generate a happiness response, the most common ways are to be happy and to also give good news or the promise of a reward.

A key focus should be placed on knowing the audience. While the stimuli of jumping out from behind a door thrills my daughter and makes her giggle, my wife will punch me if I do that. As social engineers and individuals who have any type of social interaction we need to know how our audience leans in reactions. Some great tools are performing Open Source Intelligence, or OSINT, to see what you can find about the people you interact with. Another is to study demographics and mark out patterns based on the area you are in. For instance, I’m from the south. When someone says “bless your little heart”, around here it’s an insult. However I interact with people everyday who are from areas where that means something entirely different. Know your audience  in order to generate maximum impact with what you say and do.

Another great tool for face to face interactions is learn to read body language and facial expressions. While the basic emotions will have certain physiological changes associated with them, there are also several facial expressions which are associated with the base emotions. Dr. Paul Ekman has done a phenomenal job of cataloging those expressions and what emotion they correspond to, and I highly recommend anyone who is interested in human social interactions give his research serious consideration.

While understanding your audience and reading nonverbals can be effective at influencing others, there are also ways to protect yourself from being a victim. The key to defending against a pushy salesman,  a scammer, or malicious social engineer is to put some separation between you and the situation. Don’t react immediately, ask for time to think it over and don’t give any information until you can get that separation. Get them to give you a way to respond and take control of the conversation. By making them respond to you, it creates a new dynamic. Don’t simply react, give yourself time to make an informed decision. Don’t click a link because it says it’s from your bank. Instead, go directly to your bank’s website and login so you know for a fact where you went. Don’t answer phone calls from people you don’t recognize. If that’s something you have to do, have a script you write out so you know you are not giving out too much information. Take the same advice I was given in law enforcement training: Be polite, be courteous, and look at every interaction as a threat against you.

It is possible to be a kind and considerate person and be a hard target for people who would exploit the natural desire to help others. The key is to be aware of the people you interact with. The same tactics used by those who would exploit them can be used by you to become situationally aware of people and how they should interact. So go out and use what you know to make the world a better place.

Be polite, be courteous, and be informed.

Written by Bryan Austin

As part of the newsletter group, you will be the first to receive special offers to services and products by Social-Engineer.Com.


 

Trackbacks

Leave A Reply