Este é o meu primeiro post no fórum e estou encaminhando uma parte da newsletter mensal que recebo do site social-engineer.org.
Como a engenharia social e os seus aspectos psicológicos é o meu tema de estudo e pesquisa na universidade, envio uma pequena contribuição sobre este assunto linkando o mesmo com o tipo de vestimenta ideal a ser utilizada em um ataque e qual a vulnerabilidade da psicologia humana pode ser explorada com tal técnica.
Forte abraço,Enclothed Cognition - We Are What We Wear
One aspect of social engineering that we have not discussed much in the annals of this journal is how clothing affects us as social engineers. Some of the questions that might come up are:
1. Is clothing really that important?
2. What affect can clothing have on the target?
3. What affect can clothing have on the social engineer?
Is Clothing Really That Important?
Now of course clothing in itself is important, but what role does it play for you as a social engineer? Imagine this scene… A young man approaches the front desk and identifies himself as a tech support representative called to fix a server issue.
What did that young man look like? What was he wearing? In your mind, you probably pictured his outfit based on what you have seen with support reps in the past. Was he wearing khaki’s? A Polo shirt? Did he have a small bag with some tools and laptop in it?
How about this scene? You are sitting on a bench like table in your doctors office waiting to be seen by your doc… you are trying to figure out how to describe the problem you are having and your doctor comes in and greets you.
What did your doctor look like? Was the doctor wearing a white coat? Did the doc have pens or other utensils in his pocket?
This is important to ponder as if your doctor walks in the office with jeans and t-shirt on, you may wonder about his credentials. You may even feel inclined to view him as less knowledgeable and not trustworthy. This leads us to the next question….
What Affect Can Clothing Have on the Target?
Picturing that scene above shows that we have some expectation for the clothing to match the job. If we went to the mechanic and he was wearing a 3-piece suit we would be leery to leave our car with him. If we went to a restaurant and the chef was dressed like the plumber… would you eat there?
It is obvious that we have these expectations rooted in us. We want, maybe even as far as we need the person to match our expectation in dress in order to make the whole package acceptable.
How do we use this as a social engineer? If we are going to be doing any onsite social engineering endeavors it is vital that we research what the local people expect your pretext to be wearing. It is important to be aware of the little nuiances that your target expects.
In our podcast with Ellen Langer, a noted doctor and psychologist, she spoke about what she calls mindlessness. Mindlessness is the state most people operate in, if we remove a person from that state of mind we make them think about their jobs. As social engineers we do not want people to be removed from their mindless state and notice us… our dress, if fitting their expectations, can kept that mindless and us happy.
But what about us…..
How Can Clothing Affect the Social Engineer?
This is where things get really interesting. A group of scientist got together in Northern University and did an amazing piece of research. Hajo Adam & Galinsky collected willing participants and showed them two white coats.
The first white coat was one commonly worn by a doctor and then another one that a painter would wear. The first control was to find out how this group viewed the two different coats.
Most participants felt that the white coat worn by a doctor showed focus, attentiveness, carefulness and responsibility. Where as a painters coat did not resemble these traits.
They ran three experiments: 1. They tested if there was a difference in whether the participants wore a lab coat or not or 2 & 3. The tested not only if they wore a lab coat but changing the frame of what it stood for.
To quote the study: “Overall, we hypothesize that wearing a piece of clothing and embodying its symbolic meaning will trigger associated psychological processes. “
It appears their hypothesize is correct. Again to quote this study on the term they coined, “Enclothed Cognition”:
“The current research provides initial support for our enclothed cognitionperspective that clothes can have profound and systematic psychological and behavioral consequences for their wearers. In Experiment 1, participants who wore a lab coat displayed in- creased selective attention compared to participants who wore their regular clothes. In Experiments 2 and 3, we found robust evidence that this influence of clothing depends on both whether the clothes are worn and the symbolic meaning of the clothes. When the coat was associated with a doctor but not worn, there was no increase in sustained attention. When the coat was worn but not associated with a doctor, there was no increase in sustained attention. Only when a) participants were wearing the coat and b) it was associated with a doctor did sustained attention increase. These results suggest a basic principle of enclothed cognition: It involves the co-occurrence of two independent factors—the symbolic meaning of the clothes and the physical experience of wearing them. “ - Adam, H., & Galinsky, A.D., Enclothedcognition, Journal of Experimental Social Psychology (2012), doi:10.1016/ j.jesp.2012.02.008
Do you need to re-read that? This is a very important study for social engineers. When the participants wore a coat that they felt or were convinced was a doctors coat it increased their ability to “pretext”, act or be like a doctor.
This study shows us that what we wear can and does affect our actions when we are in an engagement. But does this just apply for onsite social engineering?
For decades sales professionals have talked and written books on concepts like “Dress for Success” and shows like “What Not To Wear”. The concepts promote that what we wear affects or nonverbal and verbal communications. Yes, even when we are on the phone it can have an affect. Many telesales agencies will make their employees dress professional when they will never meet their customers face to face because it has been proven to help promote a professional atmosphere.
What Can You Do?
As a social engineer, take this research seriously. Are you planning a phone elicitation gig for a client next week, try dressing the part of your pretext on the phone. Notice how it makes you feel and act.
Each day as we begin to understand the human psyche more deeply we are able to see where and how people are so easily tricked, influenced and duped. Understanding this helps us to plan and educate ourselves, our families and our companies to be able to escape from mindlessness and become critical thinkers.
written by: Chris "loganWHD" Hadnagy
There are currently 1 users browsing this thread. (0 members and 1 guests)