Obligation has to do with actions one feels they need to take due to some sort of social, legal, or moral requirement, duty, contract, or promise. In the context of social engineering, obligation is closely related to reciprocation but is not limited to it. This can be as simple as holding an outer door for someone will usually make them hold the inner door for you. It can be escalated to someone giving you private info because you create a sense of obligation. This is a common attack vector when targeting customer service people.
For example, complimenting the person then following it up with a request. This technique is very easy to do wrong if you are new or inexperienced and can come across so fake it alerts and has the wrong effect. But if done properly it can lead to obtaining even little pieces of information that are valuable. If you treat people kindly and give them something they may need, even if it is as small as a compliment, it can create a sense of obligation to you.
The principle is simplistic enough there is not much information on this topic. Combined with other topics such as reverse social engineering though, this can be a powerful tool.
Psychologist Steve Bressert makes this point in his article “Persuasion and How To Influence Others”
- “For example, according to the American Disabled Veterans organization, mailing out a simple appeal for donations produces an 18% success rate. Enclosing a small gift, such as personalized address labels, nearly doubles the success rate to 35%. Since you sent me some useful address labels, I’ll send you a small donation in return.”
A final thought on obligation is that even something as small as a question can create obligation. Try this exercise: Next time someone asks you a question, say nothing. Just stay silent or ignore it and move on in the conversation. Notice how awkward that is, because something as simple as a question creates a sense of obligation to answer. Simply asking the target a question, can lead to amazing results. (see Elicitation)