Social Engineering 101: Focus On Informal Conversations

from the just-don't-promise-to-protect-the-info dept

In the past, we’ve covered plenty of stories about social engineering to get people to admit stuff they shouldn’t — suggesting you really just need to ask people to give up personal info and they will (sometimes giving them a gift helps, but just asking alone will often do the trick). The latest study does go a little deeper, however, suggesting that the more informal the setting, the more likely people are to cough up info. For example, it found that when those asked for confidential information were promised that it wouldn’t be misused they were less likely to hand over the info. Instead, if there were no promises about what would be done with the info at all, people felt that it was more informal and were more willing to give up the info. Another experiment asked people to reveal “bad” activities to a website. In one test, the website was made to look like a university website, and in another an informal site with the title “How BAD are U??” Not surprisingly, the latter got a lot more people to cough up the details of bad behavior. In that case, I’d even wonder if the “competitive” nature of the question (suggesting that you should want to be “badder” than others) also helped contribute to the openness of individuals.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Social Engineering 101: Focus On Informal Conversations”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: How BAD are U??

“””In that case, I’d even wonder if the “competitive” nature of the question (suggesting that you should want to be “badder” than others) also helped contribute to the openness of individuals.”””

Unless “openness == exaggerations or outright lies”, I suspect the How BAD site was no more accurate than the clean-looking site, which is to say “not very accurate at all.”

Roger (user link) says:

A better experiment

This was an interesting experiment but it seems there were too many variables to derive meaningful conclusions, aside from the fact that informality gets people to reveal more about themselves.

Heavens! Is that something I didn’t know already?

A better experiment (granted I didn’t read the original study) would be to keep the language formal while having an informal looking website, and to have a formal looking website while asking an informal question. This would indicate whether it is the wording or the website’s appearance that is driving the decision about how much to reveal.

ehrichweiss says:


Well, I’ve done more than my share of social engineering(enough to have been able to write an appendix or two in Kevin Mitnick’s awesome book on the subject) and while an informal conversation might be good for some types of information while hanging out on, say, a website, it doesn’t help much if you’re trying to gain access to *real* information. For those you play on fear, compassion and greed, and little else. Everything else from that is a game of leap frog.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...