Blind Obedience to Authority… Isn’t

By

Stanley Milgram's shock experiment is one of the more well known demonstrations of the power of authority.  In the original experiment Milgram had test subjects apply electric shocks in increasing intensity to a participant who was located in another room. Despite cries of pain from the other participant, the test subjects continued to apply electric shocks at the direction of the experimenter. In reality there were no electric shocks, and the participant in the other room was a confederate … [Read more...]

Summer Reading for Social Engineers

By
Social Engineering: Summer Reading 2012

It's summer time... Which means warm weather, margaritas, and lazy summer afternoons.  To help fill in the gaps, here is a list of classic readings for every social engineer. Nonverbal Communication Everyone agrees that nonverbal communication plays a huge role in social engineering.  Here are some of the original texts that changed the field of nonverbal communication. Silent Messages By: Dr. Albert Mehrabian Chances are you've probably heard someone say something like "words are … [Read more...]

Facial Action Coding System FAQs

By
Social Engineering Definition

The Facial Action Coding System (FACS) is an incredibly useful tool when it comes to dealing with the face.  Despite its utility, FACS is widely misunderstood.   This post answers some of the common questions about FACS. What is the Facial Action Coding System (FACS)? The Facial Action Coding System is a scientific system designed to measure facial behaviors.  Facial behaviors include individual facial movements such as pulling the eyebrows up, as well as more general facial activities … [Read more...]

How DMARC Combats Phishing

By
Social Engineering: Phishing Email

Interesting infographic from the Marketing Tech Blog about how DMARC (Domain-based Message Authentication, Reporting and Conformance) approaches phishing. … [Read more...]

How To Write Phishing Emails That Get Clicked

By
How to Write Phishing Emails that Get Clicked

If you're doing physical penetration tests or testing the human component of security, it's inevitable that you'll come across the need to write some phishing emails.  Here are five elements to get a better click-through-ratio (CTR). 1. The Subject is the Headline One of the first things that people see in pretty much any email software is the subject line.  This means that the subject line fulfills the same role as the headline in advertising: it pulls the reader in.  Here are some things … [Read more...]