The Anatomy of Social Engineering 4: Social Proof, Liking, Authority and Scarcity Flaws

The article continues to describe psychological quirks of the human brain, now focusing on four more flaws that tend to spontaneously affect one’s behavior.

3. Social Proof

The 'social proof' quirk

The ‘social proof’ quirk

The next flaw that our brains have is that we try to do and think what other people who seem like us do and think (see right-hand image). So this is why laugh tracks work. Everyone knows what a laugh track is, you’ve all seen some corny sitcom, and laugh track plays in the background, and you just sometimes also laugh too. So, laugh tracks are so effective that they even work when people who know about laugh tracks and know about this social proof flaw still fall for it. They still fall for it when they know it’s being used.

There have been a number of studies where they basically take a comedian and they have a control group where they play the comedian’s stand-up with no laugh track, no laughter. And they play the same comedian for the next trial with laugh track over. Everyone thinks in the second trial that the comedian is funnier. That’s just how the social proof flaw works.

Now, the social proof flaw also goes the other way. It’s the main reason for crowd theory. And it’s the main reason that if you’re going to have a heart attack, do not have it in a group of people. People like to act like the majority of the group. When something goes wrong, everyone is looking for what other people are doing, all at the same time, which is why when you’ve been trained in incident response and EMT stuff – not cyber incident response – you’re supposed to cut the ice, cut the anonymity, so you call 911, you get the water. It cuts the ice and it breaks the problem of human mind trying to do what other people are doing.

If you’re going to have a heart attack, do not have it in a group of people.

There have actually been a number of studies where the test subjects would go up to people and they’d fake a seizure. So they go and fake a seizure by a single person standing all alone. The single person will be like: “Oh my god, I should go down and help him.” Then they would do it to two people. It would take longer, about 30 seconds before someone would actually try and help, on average. I can imagine this to be on average: this means that some two people probably took, like, five minutes to throw up all the statistics and they’re probably sitting there laughing, being complete assholes.

Riots and the crowd theory

Riots and the crowd theory

And then you do it in a group, and no one will help, unless someone has a training to say: “Hey, you call 911, you do this, and you do that”. And so, it’s fascinating. This is also how riots work, because people on their own usually don’t go about protesting by themselves, unless you’re a Tibet monk. And they also usually don’t go off vandalizing things and burning cop cars by themselves and, obviously, trying to flip cars by themselves.

4. Liking

The flaw of 'liking'

The flaw of ‘liking’

The next flaw that the human mind falls for is liking (see right-hand image). We tend to cooperate with someone who seems to like us. And this is how “good cop, bad cop” works, and it works so well, and I don’t even need to explain that.

It’s also exploited by salesmen: after a salesman closes a deal, he or she usually asks the customer: “Do you have any friends you can recommend that would be interested in this market?” And if they say “Yes” and they give a number, they’ll be like: “Hey, I’ll give you a 50-dollar gift card if I make a sale, or give you some sort of incentive for providing that information.” And the reason they give money and they give incentive to disclose that information is that the human mind falls with this liking flaw. Because when you get a call saying “Hey, I’d like to sell you this,” as opposed to “Hey, your friend Bob told me I should call you and tell you about this great deal,” you’re actually more likely to comply with someone saying: “Hey, your friend said this and that.”

Studies on the flaw I have delved into explore how lame your flattery can be in order to be effective. And it shows that there is some sort of strange inverse bell curve, where really accurate, good flattery is pretty effective, crappy flattery is not so effective, and then absurd flattery becomes more and more effective.

It does not make any sense for how the human mind works. Like, if I were to say: “You have really nice long flowing hair” – I just made you smile, it’s kind of funny, it’s wholly absurd, but it’s a little more flattering than “Your hair looks kind of ok today.” The brain interprets the very attempted flattery as flattering itself. And if you can get the person to laugh at the same time by being absurd, it’s actually more effective than being crappy in flattering yourself.

5. Authority

The 'authority' quirk

The ‘authority’ quirk

The next thing the brain falls for is that we tend to cooperate with someone who seems to be in charge (see right-hand image). And this is so well exploited by advertisements. We’ve all seen an advertisement say, like: “I’m not a doctor, but I play one on TV.” Right away he tells you: “You shouldn’t trust me.” I think, I’m not sure, some coffee company, I think it’s Maxwell House, did this, and it sold more of the product than any other company’s advertisement of all time. And so, this is basically the case study time for marketing to create programs, and no one has been able to beat it today.

There’s also a problem that this flaw often causes people to follow orders too closely or too literally. So, in the realm of social engineering for the purpose of penetration testing, perhaps there is a small little nuance in the terminology for their policies. You might be able to exploit that nuance by either impersonating someone who has an authority, or by citing someone falsely that has authority, saying: “You need to make this happen because of this, so maybe you need to let me in the server room.”

In the case of an upcoming merger, that would work perfectly: you already established yourself as someone who seems like they have authority. So, simply establishing yourself as having some sort of seeming authority makes you more trustworthy inside the human brain.

This is why lab coats, when people are wearing them in a commercial, look like it’s legit, as opposed to a bunch of people trying to sell you a pharmaceutical drug in a lab, and they’re just wearing jeans and stuff – they obviously don’t look like they know what they’re doing. So just by looking like you know what you’re doing, looking like you belong and looking like you might seem you are in charge, you get a higher compliance rate with generic questions.

6. Scarcity

How 'scarcity' works

How ‘scarcity’ works

The last one I believe the human brain really does fall for very well is the notion of scarcity and that we tend to overvalue apparently scarce-seeming resources (see right-hand image). This is why holiday Christmas toy crazes happen: “Oh my god, they’re all sold out, I have to buy it now, because it’s worthless after Christmas.” And this is why limited time offers work so well.

There have been experiments with cookies and jars, and every single time this experiment is replicated with normal people, it gets the same results. They take the same bunch of cookies in two jars, and they put, like, 50 cookies in one jar and 20 cookies in the other. And they go over to a supermarket or some place and they say: “Hey, we’re doing a taste test sample for a company. You’re allowed to try a cookie from both jars, but you have to form up in line.” And so the line for the shorter jar is always longer, and when they try the two, they always say that the cookie from the smaller jar always tasted better. And it’s the same damn cookie, it’s just that brain makes it seem so much better.

We tend to overvalue apparently scarce-seeming resources.

And so, in other aspects of the world, censorship is actually information scarcity. If you see knowledge that has been censored, your brain values it more. It could be something that is completely false, like: “Aliens were responsible for the Moon landing.” And if I were to censor that, even if it’s completely false, and people were to discover it, and discover the fact that I censored it, they would value it greater.

This can be used for counter-intelligence purposes quite effectively. This also backfires in court rooms: when a jury is asked to ignore dismissed/invalid evidence, when they go back to make deliberation, most of the people in the room can’t stop thinking about: “Why did they dismiss it?” and can’t stop focusing on that. And there’ve actually been studies on mock trials with legit juries that were called in for jury duty just basically science-funded by the judicial system that showed that this actually backfires more often than not. And it always influences their decision.

Taking advantage of the human brain’s scarcity flaw for the purpose of personal benefit

Taking advantage of the human brain’s scarcity flaw for the purpose of personal benefit

The scarcity flaw of the human brain can be exploited to gain access (see left-hand image). For instance, if you’re doing an onsite penetration test, you could say: “I’m only here until noon, so if you don’t authorize me to fix your problem, you’ll have to wait until next month for me to return.” Good luck explaining that to your boss. Exploiting scarcity is a great tactic for getting a raise. You can say something like: “You know, Google has been asking me to interview with them, just so you know…”

Read previous: The Anatomy of Social Engineering 3: Reciprocity and Consistency Quirks

Read next: The Anatomy of Social Engineering 5: The Reality and Defenses

Like This Article? Let Others Know!
Related Articles:

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: