Blind Obedience to Authority… Isn’t

Stanley Milgram's shock experiment is one of the more well known demonstrations of the power of authority.  In the original experiment Milgram had test subjects apply electric shocks in increasing intensity to a participant who was located in another room. Despite cries of pain from the other participant, the test subjects continued to apply electric shocks at the direction of the experimenter. In reality there were no electric shocks, and the participant in the other room was a confederate … [Read more...]

How DMARC Combats Phishing

Interesting infographic from the Marketing Tech Blog about how DMARC (Domain-based Message Authentication, Reporting and Conformance) approaches phishing. … [Read more...]

How To Write Phishing Emails That Get Clicked

If you're doing physical penetration tests or testing the human component of security, it's inevitable that you'll come across the need to write some phishing emails.  Here are five elements to get a better click-through-ratio (CTR). 1. The Subject is the Headline One of the first things that people see in pretty much any email software is the subject line.  This means that the subject line fulfills the same role as the headline in advertising: it pulls the reader in.  Here are some things … [Read more...]

What is Social Engineering?

When I tell people what I do I get a lot of mixed reactions.  I've heard everything from "that's cool" to "that's creepy".  This is probably because there are a lot of different definitions of social engineering out there. A lot of these definitions come close to the point, but they usually miss a few key items.  Here is the definition I use when people ask me "what is social engineering?" Social engineering is the attempt to manipulate human behavior There are three key parts to this … [Read more...]

10 Principles for Successful Social Engineering

Do you know what makes a social engineering attempt successful?  Much of the current literature focuses on various tools and tactics such as NLP, framing, weapons of influence, trust etc.  However what makes a person comply isn’t a particular method or approach, but how effectively you use specific principles. The power of a social engineering tactic stems from the fact that these principles are (often) built into the tactic itself.  So if you want to succeed at social engineering, you need … [Read more...]

Social Proof Explained

Social proof is one of the most powerful weapons of influence that Cialdini talks about in his book Influence: Science and Practice. This technique so powerful that everyone uses social proof, often without even realizing it. The idea behind social proof is that in ambiguous situations (especially social ones), we tend to look to others to determine what behavior is appropriate. By looking to someone else for guidance, we are essentially allowing their behaviors to influence ours. While … [Read more...]