The pitfalls of trust: all you need to know about social engineering
Social engineering expert Richard De Vere explains how this particular type of threat can be used to turn our human inclination to trust against us and what that means for businesses
The natural inclination to trust is a fundamental part of life and business. You would not be able to form business relationships, secure investment, serve customers and keep staff without it. But, there are increasing instances where our human instinct to trust something can lead to us being taken advantage of, and social engineering is a prime example of this.
Richard De Vere is the founder of The Antisocial Engineer and head of social engineering for business solution company Ultima. He has spent his career highlighting the many ways that trusting strangers can make a business vulnerable to threats – both physically and online.
What is social engineering?
“Social engineering is a professional name for scams and crime where there is an element of human manipulation,” De Vere explains.
In cases where social engineering is used, fraudsters turn our most human instincts against us to access information, physical spaces or systems for financial gain. To do this, they might present themselves as a trusted - or trustworthy - individual and source of information.
De Vere illustrates this with a standard example from outside the business world. A parent gets a text message from a phone number they don’t recognise. The text reads ‘Mum/Dad, I’ve just been mugged so I’m borrowing my friend’s phone. Could you send some money to their online bank so I can get home?’
“That particular scam works on people’s desire to care for their offspring,” says De Vere. “It’s very human.” And, he says, it is an impulse which all of us have – to use social cues and our understanding of people to influence others’ behaviour.
By understanding how people build trust, you can then learn to dress and speak appropriately. You can start to orchestrate trust
In a business setting, a social engineer could be the slick salesperson who has learned to talk with a smile and turns up to meetings in an expensive suit with a polished pitch deck of slides. “A lot of people probably don’t know this form of manipulation is called social engineering, they’re just sick of sending out emails which don’t get through to people and they’ve started to think about the psychology behind it.”
This situation can be classed as social engineering, rather than simply good sales technique, if the person is explicitly looking to trick you for their own nefarious purposes and to line their own pockets.