Motivational Triggers

(OBJ 5.6)

6 main types of Motivational Triggers

Six main types of motivational triggers that social engineers use

• Authority
  • Most people are willing to comply and do what you tell them to do if they believe it is coming from somebody who is in a position of authority to make that request
  • Example: An attacker pretending they are a manager or an important client that has authority
• Urgency
  • Compelling sense of immediacy or time-sensitivity that drives individuals to act swiftly or prioritize certain actions
  • "Most people want to be helpful"
  • You may be tempted to swipe your access badge to hold the door for someone carrying heavy stuff
  • Insert USB malware before scanning for viruses
  • They use this sense of urgency to get the organization's employees to ignore or bypass their normal security procedures
• Social Proof
  • Psychological phenomenon where individuals look to the behaviors and actions of others to determine their own decisions or actions in similar situations
  • Example: People spreading the word about my new website, they all think it is legitimate
    • If I can get likes and shares, people will most likely want to check that
    • The first friend is influencing the second friend and so on
  • "Inherent need by the people to be included"
  • An attacker wants make you believe that everybody else is doing something, so that thing must be a good thing to get involved with.
• Scarcity
  • Psychological pressure people feel when they believe a product, opportunity, or resource is limited or in short supply
  • Often use when you are trying to get people to "act quickly"
  • "Sign-up now, we only have 5 more spots open!"
    • This is a classic line
  • They will click the link on the email, and now the attack will be able to breach their privacy
• Likability
  • It is associated with being nice, friendly, and socially accepted by others
  • Most people want to interact with people they like, and social engineers realize this
  • Can be
    • Sexual attraction
    • Pretending to be a friend
    • Common interest
  • Example:
    • Start conversation with the team about sports or a specific band or favorite TV show
    • Use that to gain trust and be seen as likelihood
• Fear
  • Feeling afraid of someone or something, as likely to be dangerous, painful, or threatening
  • These types of attacks generally are focused on "if you don't do what I tell you, then this bad thing is going to happen to you”
  • Example:
    • Ransomware encrypts your files, but you can pay some ransom or the attacker will steal and leak all your data.