Social Engineering: Good Triggers and Bad Triggers
Call them shortcuts. Call them rules of thumb. Call them heuristics. Herein I will call them triggers.
We all have these triggers, we all use them, and, in fact, we all need them to survive in today’s world. Robert Cialdini gives an excellent description of these triggers in his book “Influence: Science and Practice.” He writes:
“You and I exist in an extraordinarily complicated environment, easily the most rapidly moving and complex that has ever existed on this planet. To deal with it we need shortcuts. We can't be expected to recognize and analyze all the aspects in each person, event, and situation we encounter in even one day. We haven't the time, energy, or capacity for it. Instead we must very often use our stereotypes, our rules of thumb, to classify things according to a few key features and then to respond to them without thinking when one or another of these features is present.”¹
The above description involves good triggers; the ones we need to survive and thrive in today’s world. However, when these automatic responses are exploited against us, they become bad triggers.
The “science” of exploiting triggers is called social engineering; though it has many other names: influence, persuasion, deception, propaganda, marketing, advertising, etc. Cialdini contrasts good triggers and bad triggers:
“Most individuals in our culture have developed a set of trigger features for compliance, that is, a set of specific pieces of information that normally tell us when compliance with a request is likely to be correct and beneficial. Each of these trigger features for compliance can be used like a weapon (of influence) to stimulate people to agree to requests.”²
But if we’re dependent on automatically responding to triggers, how can we effectively recognize and counter bad triggers?
While there are other ways to counter bad triggers, I will describe one example method, which I developed. It involves adding a new, good trigger based on skepticism.
For some years now, I’ve been experimenting on my family. When watching television, I point out examples of social engineering in advertising.
Take for example, the common phrase “no product is better.” While people often take this to mean the advertised product is “best” my son now immediately points out that it means all the competing products are all equal. “If their product is the best, they’d say it’s the best.” He also triggers on specific words in claims as in “Emerging science suggests that Zap-o-Zit may reduce acne.” He often spots the phrases “results may vary” and “results not typical” in advertising’s fine print.
Such simple recognition based on skepticism has, for my family, mapped directly to our daily computer-based routines. Claims that trigger skepticism are now automatically suspect both on television or online.
Of course the key does not lie in this or any other specific method. It lies in knowing these bad triggers exist, in understanding how they work, and in methodically treating all claims with a modicum of healthy skepticism.
When it comes to the using the Web, nothing is quite like content. Internet users spend more time online viewing news or entertainment content than on sending e-mail, shopping or searching for information. A study conducted by Nielsen/ NetRatings logged a 37 percent rise in the amount of time spent viewing online videos and news. Overall, nearly half of time spent online in 2007, 47 percent, is made up of viewing content. The study sites the explosion of web content, like social networking sites, along with an increase in online speeds as factors in the increase.
Term of the Month
The Hosts File is a file stored on your computer that is used to look up the Internet Protocol (IP) address of a device connected to a computer network. Some spyware changes your Hosts File in order to redirect you from a site you intended to visit to sites that the spyware company wants you to see.
Source: Anti-Spyware Coalition Glossary
You already know the paid versions of Lavasoft’s anti-spyware software have vital real-time protection to relieve the burden of constant malware attacks. But Ad-Aware 2007 Plus and Pro versions also include built-in privacy and security tools, for example, the Hosts File Editor. You can use the Hosts File Editor to take control of your Web navigation by blocking advertisement sites, reversing browser hijack entries, assisting with parental controls, and creating navigation shortcuts. To use the Hosts File Editor in Ad-Aware 2007, from the “Tools and Plug-ins” tab, select “Tools” and then click “Hosts File Editor.” New users can find more specific directions in the Ad-Aware 2007 Product Manual.
Creating strong online passwords is one piece of the security equation. If you are wondering just how secure that password you have created really is, Lavasoft News has come across a website you can use to rate passwords, to help you learn how to create better ones. Try out the “Password Strength Meter” on Securitystats.com. Remember, even though the site will not store the passwords you enter, test a password similar to one you might use (not your real password), as the site advises.