Most people view the words manipulation and influence as the same thing. However, at Social-Engineer, we consider the intent critical to making a distinction between these words. For instance, when the intent is positive, and the target feels better for having met you, we consider this influence. Conversely, when the intent is to win at all cost without considering the affect on the target, we view this as paving the way to manipulation. Indeed, targets of manipulation often feel shame, anger, and resentment. Consequently, manipulating people is not a productive technique in security training.
Original source: YouTube.
Incentives are at the core of understanding human behavior. Indeed, they are at the very core of understanding why people do what they do. For this reason, understanding incentives will help us learn how to motivate people to what we want them to do.
For us to clearly understand this we need to have an understanding of what an incentive is. An incentive is: “something that incites or has a tendency to incite to determination or action “
For the purposes of social engineering, it is easy to break the incentives into three separate categories:
With the target and the objective in mind, identify which incentive will be the central motivator of the manipulation. You can read a good form of this concept in the posting The 3 Motivations of People, Material, Social and Ideological.
Financial incentives are the most common incentives due to their predominance in the economy and various government programs. A decent description of this was posted on knowledgerush.com and can be read here. Many scams take the approach of manipulation of financial incentives by promising large financial gain with minimal effort or cost. See Advance fee fraud and Lottery.
One example of such a scheme that worked for many years was Bernard Madoff.
Social Incentives relate to what would commonly be viewed as peer pressure. In other words, a person’s desire for their community to accept and respect them. A wonderful study about the effects of social incentives and the power they carry can be found in the paper Social Incentives: The Causes and Consequences of Social Networks in the Workplace written by Oriana Bandiera, Iwan Barankay and Imran Rasul.
However, these concepts are not new at all, as can be found documented in an US Air Force study from 1975 Management of Social Incentives in Air Force Technical Training written by the US Air Force. Companies often use social incentive programs instead of financial programs because they successfully drive employee behavior at a lower cost. Because different incentives drive different people, it’s important to understand what social aspects matter to the target.
The desire for peer acceptance is a commonality among humans. Social engineers will often use this “built-in” desire to make people feel a sense of obligation into performing some act or thinking a certain way, making it easier for the social engineer to achieve their goals. We call this Social Validation. We know this works by just looking at the life of teenagers. How many PSA’s, school meetings and commercials warn of the dangers of smoking, drug use and the like… yet the fact that all of our friends do it can make us ignore all that counsel and “give it a try”.
Ideological incentives have to do with how one looks at themselves, as opposed to how social incentives relate to how others see them. Other ways to think about ideological incentives would be moral or ethical incentives. The most common source of Ideological incentive is religion, followed closely by common child stories such as Grimms’ Fairy Tales and common philosophers such as Aristotle. A common method to obtaining gain from another through manipulation of Ideological incentives is the pervasive “Will Work For Food” sign held by distraught looking individuals in high traffic areas.
When engaging in SE and intending to utilize incentives as part of the attack, it is important to obtain enough information about your target to know which type of incentive they will be most responsive further how to approach the chosen incentive.