Question

Describe the main tactics used by social engineers when profiling a person,

a. Persuasion

b. Intimidation

c. Coercion

d. Extortion

e. Blackmailing

Provide an example/scenario for each tactic.

Answer 1

Social engineering is a process of psychological manipulation of people leading them to perform certain actions or divulge confidential information. The techniques of social engineering are based on cognitive biases.

While profiling a person, the social engineers use the following tactics:

a) Persuasion: Social engineers use persuasion as a profiling technique because this technique is subtle and therefore hard to detect, proving it to be a very powerful technique. In order to use persuasion the social engineer needs to be likeable or in a position of authority. These people are keen observers and they catch one's exact weakness to persuade them in doing a certain task. For example, many fraud companies sell their products to people by persuading them about it's scarce availability and fake reputation.

b) Intimidation: Here the attacker pretends to be someone influential and tries to push and bully the victim to cooperate. For example, a boss tries to intimidate an employee who refuses certain favours, by refusing his/her job sanctions.

c) Coercion: When attackers trick and force a person to reveal information about their encrypted messages and other private details, it is the use of coercion. For example, sending spam mails, text messages to people from whom personal details such as bank account details needs to be extracted.

d) Extortion: Extortion could be in the form of deceiving people with fake identities of the attackers or threatening them if the required information is not revealed by the victims. For example, social engineers are seen attacking high ranking officers to extort them for company resources such as funds, employee data or intellectual property.

e) Blackmailing: In this technique, a social engineer pretends to be a friend in the beginning and in the process learns all secrets of the victims which he/she later uses to blackmail the victim for the actual required information or money. For example, attackers using social networking sites to make friends with potential victims.