Social Engineering & “Influence”, by Dr. Cialdini
Posted June 3rd, 2010 by K K MookheyOver the past few years, we have completed a number of social engineering tests as part of advanced penetration testing at various organizations. Coincidentally, I recently read an excellent book called “Influence – the Psychology of Persuasion” by Dr. Robert Cialdini.and realized that it has some excellent lessons for anyone wanting to guard themselves from social engineering attacks.
Dr. Cialdini’s book is an excellent coverage of what he calls “compliance professionals” – people engaged in hard-core door-to-door selling such as second-hand car salesman, multi-level marketing (read Amway) professionals, etc. He talks about the following 6 techniques adopted by these professionals to convince people to buy things they were never going to buy in the first place. The same techniques can also afford the social engineer easy access to information, and it is worthwhile for information security professionals to examine what the other breed of “compliance professionals” is up to!