Jamison Scheeres, Air Force Institute of Technology
- what is social engineering
- techniques to manipulate people
- also shoulder surfing
- also dumpster diving
- trick someone into doing something
- huge threat in today’s environment
- red teams say SE is 100% effective
- current defensive techniques are not effective
- research
- successful SEs are not caught
- classification issues
- ethical issues in deceiving subjects
- psychological triggers
- authority
- reciprocation
- strong affect (phishing)
- overloading (buffer overflow for humans)
- deceptive relationships
- integrity/consistency
- principles of persuasion
- authority
- consistency
- liking
- reciprocity
- scarcity
- social proof
- resistance to persuasion
- inoculation theory
- self-efficacy
- forewarning
- “dispelling the illusion of invulnerability” (2002, Sagarin)
- methodology
- compared psych triggers to principles of persuasion
- determine relationship between illegitimate persuasion & social engineering
- military vulnerable to authority due to strict hierarchy of authority
- conclusions
- strong relationship between principles and triggers
- illegitimate persuasion = social engineering
- been trying to install resistance in the wrong way
- solution is to demo to the individual they are personally vulnerable
- security people must social engineer their people
- future research
- develope measurement
- compare/validate various means of resistance training