-
Authority and Trust
- People tend to obey authority figures, even if they are asked to perform objectionable acts.
-
While not universal, common defining characteristics of authority figures used by attackers include:
- Age (Older people are more easily viewed as figures of authority)
- Height (Taller people are typically viewed as figures of authority)
- Deep voice
- A badge, ID, or other token of authority
-
Intimidation
-
Intimidation techniques, such as bullying and threats, rarely work on their own, and are highly dependent on the mental state of the target (victim).
- However, intimidation techniques can be applied concurrently with techniques founded in other principles, such as urgency and authority.
- In these cases, social engineering attacks that may have otherwise been unsuccessful instead meet their aim (obtaining access to systems or information).
-
Consensus and Social Proof
- People will do things that they see other people doing, and are much less likely to question their decision.
- For example, a robbery may occur in broad daylight, with many witnesses, and yet no one calls emergency services.
-
Scarcity
- Scarcity, real or imagined, will generate demand.
- For example, a discount price or promotional deal may be available for a "limited time only" to encourage sales.
-
Urgency
- Many security mechanisms that would otherwise stop the attacker or con artist, like lacking ID or being unable to positively answer security questions, can be overcome by instilling in the target a sense of urgency; without the victim's swift action, the task cannot be completed.
- Urgency is also a common sales tactic.
-
Familiarity and Liking
- People are more easily persuaded by other people that they like.
-
In order to appear more familiar to their target, con artists perform simple tricks, such as:
- Mimicking and/or mirroring body language
- Appearing aggreable and open
- Taking a similar stance on conversational issues