Social Engineering and Psychology

For over 15 years I have been focused on this field called social engineering, and after all this time, we are at a point in human history where we will start to discuss these tactics from a psychological perspective.

I define social engineering as “any act that influences a person to take an action that may or may not be in their best interests.” (Hadnagy, Social Engineering: The Science of Human Hacking)

It is really understanding how and why all of us make decisions and what motivates us to make those decisions. Once we understand whether it is emotions, brain chemistry, or some other motivator we can be better suited to defend against the type of social engineering that is “not in our best interests.”

I will include three tips that you can immediately use to stay safe from malicious forms of social engineering in this post.

Needed More Than Ever

Since COVID-19 has created a global pandemic grinding travel, tourism, and office dwellers to a screeching halt, people in my industry have seen an alarming rise to cyber-based crimes. The scammers don’t care that you just lost your mom to COVID, or that you have been unemployed for six months, or that your kids are depressed from isolation. Actually, they are hoping to find you while you are experiencing the heavy emotional toll of these problems. They know that if you are suffering you are more likely to make a bad decision.

Science backs this up, as a study done in 2001 by Loewenstein, G. F., Weber, E. U., Hsee, C. K., & Welch, N. entitled "Risk as Feelings" actually states, “Fear causes us to slam on the brakes instead of steering into the skid, immobilizes as when we have greatest need for strength….”

A malicious actor is banking on the fact that if he can trigger that strong emotion, we will make the wrong decision.

Emotional Scams

In 2020 in the United States, we saw unemployment rates soar as high as 14.7% and in some months hit 13%, 11% and 10% — some of the highest rates in decades. Unemployment agencies were crippled under the weight of demand from families who needed help to stay afloat. Mothers and fathers were taking any odd jobs they could find, while many had to use every bit of savings. Globally we saw the stresses of import and export businesses suffering from this pandemic.

Malicious social engineers wasted no time in cashing in on this turmoil. Throughout the United States there were reported attacks in which some filed for unemployment benefits in your name, having the funds you should have received sent to their own bank account.

In other cases, it was reported that attackers called those who were recently unemployed stating they could provide quick direct deposits of government funds if they were to give over all their bank account information.

In both cases, families who had suffered now had to deal with staggering financial loss.

How These Attacks Work

Think about the emotional state of the victims in these stories: Stress levels are running high, which means adrenal glands are producing more cortisol. This can affect sleep and wake cycles, digestion, and moods. Prolonged stress can cause headaches, anxiety, and depression.

In 2015, Graybiel, Friedman, and their colleagues from MIT performed research showing how adversely long-term stress affects decision-making capabilities. Upon reviewing the research, Amy Arnsten, a professor at the Yale University of Medicine who was not involved in the research, stated, “Stress is ubiquitous, for both humans and animals, and its effects on brain and behavior are of central importance to the understanding of both normal function and neuropsychiatric disease. It is both pernicious and ironic that chronic stress can lead to impulsive action; in many clinical cases, such as drug addiction, impulsivity is likely to worsen patterns of behavior that produce the stress in the first place, inducing a vicious cycle,”

Most certainly the malicious actors do not understand neuroscience, but they do know that we all tend to make worse decisions when under stress. This is the very thing they are banking on, hoping your stress will be their win.

The logical question I get asked often when I speak on this topic, is “So what? How does this help me?”

Psychology Essential Reads

Is a Texas Bitcoin Miner Making People Sick?

What Is a Scientific Model?

There are few ways this knowledge can help you and your family stay safe.

1. If you are in a high-stress circumstance (job loss, death of a family member, loss of a relationship, etc) it is time to assess your mental state and pre-determine that you will not make decisions during this time without thought and consulting others.
2. This is where the buddy system helps out. Having a good friend whom you can call on and run decisions through may be the one thing that saves you.
3. Knowing this can help you see when others in your close circle might be at risk due to their emotions.

We will not see an end to these types of attacks anytime soon. Sadly, as people live more of their lives online, online-based attacks will increase. There is a phrase that has been attributed to Sir Francis Bacon, but we know was used by Thomas Jefferson: “Knowledge is power.” In these cases, it certainly rings true. Having knowledge of these attacks and how they work will empower you to stay safe, defend your family, friends, and places of work and not fall victim to malicious human hacking.

Till next time, stay safe.