Social engineering relies heavily on the five ‘Principles of Influence’ established by behavioural psychologist Robert Cialdini. These principles are also commonly used in sales and marketing.

Here’s an overview:

• Liking: People tend to give more credibility to those they like than to those they do not. To exploit this, social engineers try to appear trustworthy and attractive, and they pretend to share similar interests.
• Reciprocity: People naturally feel inclined to return a favour. Social engineers exploit this by offering something small, like advice, making you feel obligated to give something in return.
• Commitment and Consistency: Once we make a decision, we often feel compelled to stick with it. Attackers take advantage of this by first getting you to agree to small requests before asking for something bigger
• Social Proof: We are more likely to support a product or initiative if people we trust have endorsed it. Attackers may use social networks to exploit this by claiming that your online friends have already approved an action, product or service.
• Authority: People tend to trust experts or those in authority more than others. Attackers might use phrases like “according to experts” or “science proves” to persuade you to agree to something.

From face-to-face interactions exploiting trust, to sophisticated online schemes that trick people into revealing sensitive information, these tactics can take many forms. Below is a list of some kinds of attacks illustrating the diverse strategies used to manipulate individuals:

• Phishing - spear phishing // smishing // vishing
• Pretexting
• Tailgating
• Baiting (USB)
• CEO fraud
• Romance scam

For our protection from social engineers, we humans have a powerful weapon: our brain! It’s sufficient just to take a moment to think critically.

• Is this request question realistic?
• Who is the sender of the message?
• Why am I getting this call out of the blue?