Social Engineering 101: Focus On Informal Conversations
from the just-don't-promise-to-protect-the-info dept
In the past, we've covered plenty of stories about social engineering to get people to admit stuff they shouldn't -- suggesting you really just need to ask people to give up personal info and they will (sometimes giving them a gift helps, but just asking alone will often do the trick). The latest study does go a little deeper, however, suggesting that the more informal the setting, the more likely people are to cough up info. For example, it found that when those asked for confidential information were promised that it wouldn't be misused they were less likely to hand over the info. Instead, if there were no promises about what would be done with the info at all, people felt that it was more informal and were more willing to give up the info. Another experiment asked people to reveal "bad" activities to a website. In one test, the website was made to look like a university website, and in another an informal site with the title "How BAD are U??" Not surprisingly, the latter got a lot more people to cough up the details of bad behavior. In that case, I'd even wonder if the "competitive" nature of the question (suggesting that you should want to be "badder" than others) also helped contribute to the openness of individuals.
Reader Comments (rss)
(Flattened / Threaded)
LOL
Bad old putty tat!
(reply to this comment) (link to this comment)
How BAD are U??
Is your comment better than THIS one?
(reply to this comment) (link to this comment)
A better experiment
This was an interesting experiment but it seems there were too many variables to derive meaningful conclusions, aside from the fact that informality gets people to reveal more about themselves.
Heavens! Is that something I didn't know already?
A better experiment (granted I didn't read the original study) would be to keep the language formal while having an informal looking website, and to have a formal looking website while asking an informal question. This would indicate whether it is the wording or the website's appearance that is driving the decision about how much to reveal.
(reply to this comment) (link to this comment)
Anybody remember those Budweiser ads (involving frogs and lizards) of 90's? I don't mind watching them everyday!
(reply to this comment) (link to this comment)
All you have to do is just ask nicely :)
If my bank asks for SSN I would run a inquiry before giving it to them. But if somebody in my "friends" list asks me nicely on facebook I would give them without worrying too much :)
(reply to this comment) (link to this comment)
hmm...
Well, I've done more than my share of social engineering(enough to have been able to write an appendix or two in Kevin Mitnick's awesome book on the subject) and while an informal conversation might be good for some types of information while hanging out on, say, a website, it doesn't help much if you're trying to gain access to *real* information. For those you play on fear, compassion and greed, and little else. Everything else from that is a game of leap frog.
(reply to this comment) (link to this comment)
Re: How BAD are U??
"""In that case, I'd even wonder if the "competitive" nature of the question (suggesting that you should want to be "badder" than others) also helped contribute to the openness of individuals."""
Unless "openness == exaggerations or outright lies", I suspect the How BAD site was no more accurate than the clean-looking site, which is to say "not very accurate at all."
(reply to this comment) (link to this comment)
Add Your Comment