Extract from Elias Abouzeid’s article “Hacking Human Psychology: Understanding Social Engineering Hacks”
Psychologically, we carry a powerful tool called trust. Trust increases our comfort level to allow us to speak and act more freely. But what if someone could develop an algorithm that could create trust, as human relationships do?
Such an algorithm would make the human a part of the trust equation vulnerable. This kind of manipulation is known as social engineering, something that hackers rely on for 98 percent of attacks. In the FBI’s 2018 Internet Crime Report, 26,379 people reported being a victim of a social engineering attack—costing nearly $50,000,000 in losses in just one year.
A social engineer will manipulate their target using email, phone, or in-person tactics to acquire confidential information. Through observing personal mentalities, reoccurring routines, and relationships, the social engineer can develop the appearance of an individual you might naturally trust.
The Structure of Social Engineering
There are three main categories of behavior that a social engineer might use to manipulate and exfiltrate information from a target.
1) Pretext (Identity Development)
To develop a trustworthy identity, the social engineer must combine the target’s personal information, the context, and their goals. For example, this actor could be impersonating members of your IT team, a vendor, a bank representative, a new coworker, or a mutual friend. Doing this well requires dedication and time, further enforcing the credibility of the relationship.
