Tina Packer, the Founding Artistic Director of Shakespeare & Company in Lennox, Massachusetts, once said “OK, you start the scene crying, but you’re clearly not feeling sad right now, are you? So what do we do when we’re not feeling the emotion we need to be for a scene? We breathe and fake it until it starts actually happening.” And she was right on. In fact, that actor was crying within seconds, just by breathing and copying the non-verbal behaviors of weeping. This is an extreme example. Tina is a very highly regarded teacher and director, and the person weeping was a classically trained actor. However, the idea still worked. Replicating behaviors led to having the palpable experience.

As social engineers interacting with people on adversarial simulation engagements, or even in our daily lives, it is important to understand how we are affecting the people we encounter. While a social engineer won’t generally need anything as intense as Tina’s example, there is value to the technique behind it. For most of us, it is impossible to know what every single behavior indicates. One of the best ways to understand a behavior on the fly is to try it out and see how it makes you feel. You should receive instant feedback about the person you are speaking to’s state of mind and be able to adjust (or not adjust) your tactics accordingly. There is a two-fold advantage to this as well; by practicing behaviors you see in the wild you can add them to your repertoire to be used in a future social engineering engagement. But first, let’s talk about Gary…

Gary’s Adventure pt. 1

Gary is on his first onsite social engineering engagement. His goal is to get into his client’s corporate headquarters and leave some flash drives with malware on them lying around.

Gary, in preparation for this engagement, has watched a TED-Talk about non-verbal behavior. He learned that people like smiles, eyebrow flashes, and waist-height open-palm gestures. Armed with this knowledge, he approaches the guard at the security desk. “Excuse me,” Gary says to the guard, smiling and giving a quick eyebrow flash. “I am late for a meeting on the third floor, and I have left my badge in the building I usually work in” (more smiles and open palm gestures). “Could you help me out? I’m afraid I may be fired if I miss this.” Gary then misreads the guard’s curious head tilt as a positive sign and is quite shocked when the police are called on him.

Science vs Gary

Poor Gary, he has no idea what went wrong. So he decided to go home and do more research. While Gary is figuring himself out, we’ll dissect what happened and the science behind what might work better. Gary was correct in his belief that people like friendly, non-threatening non-verbal behaviors. However, he got in trouble because of the incongruity between his words and actions. Let’s explore some tactics that could help him out in the future.

Studies have shown that, not only do we make the corresponding face when we are feeling an emotion but, to some extent, making the facial expression linked to an emotion can cause the corresponding feeling as well. This idea can be expanded to other non-verbal behaviors as well. When you replicate a behavior that you are seeing, you should be able to get a sense of whether it is linked to comfort or discomfort.

Replicating behaviors is very useful for several reasons. First, it can help you determine whether or not your actions are having the desired effect. And second, you can figure out if a situation is causing stress to the people around you. Here, we should also note that you can never be 100% certain what is causing the comfort or discomfort, only that it is happening. Which can give you information about which areas you should explore if you would like to try and figure out what is causing the stress. Also, by practicing the facial expressions associated with specific emotions you will get better at noticing them in others.

Approach or Avoidance

Other studies have also found that some behaviors and facial expressions can trigger approach or avoidance. For example, when we see a hurt bunny rabbit, we want to help it but when we see a snarling racoon foaming at the mouth, we’d rather leave it alone. In human beings, expressions of fear signal submission, sadness elicits empathy, and both tend to cause an approach reaction in people. This is extremely useful information for a social engineer trying to employ an assistance theme. On the other side of the coin, expressions of anger tend to trigger avoidance. Knowing this can be a very powerful tool in helping you accomplish your goals. A large part of social engineering is causing people to feel things so they don’t stop and think. We can achieve this just by feeling – or even appearing to feel – things ourselves.

Gary in the Wild pt. 2

Since Gary’s first misadventure he has decided he should read a more thoroughly about non-verbal behavior. He has read books by Joe Navarro, Mark Bowden, and Chase Hughes to name a few. Gary has also been practicing his own non-verbals. He does this so his actions and words can match and not set off any alarms in his targets’ minds. On his next foray into onsite engagements, he knows that, even though people like friendly non-verbals, they dislike incongruity.

So this time, as Gary approaches the security station, he urgently checks his pockets, lets the facial expressions of fear and sadness play across his face, and uses his same pretext on the security guard. “I left my badge in my building… I have to get – I’m gonna get fired… and I have a meeting in 3 minutes… I don’t know what to do. Can you help me?” The staccato speaking rhythm comes easily; as soon as he started making the associated facial expressions, Gary began to feel the emotions. He can also see signs of the same emotions on the guard’s face; that’s good, he’s empathizing! “I’m not supposed to….” the guard trails off. Still, an expression of sadness, a waist-height open-palm gesture to non-verbally ask for help, and… five minutes later he is walking around the fifth floor of the building dropping malicious USB devices marked “bonuses.”

Try It Out

Practicing and replicating behaviors can have many advantages. These advantages include understanding the emotional states of the people around you, being able to employ specific non-verbals to your advantage in situations, and even noticing easy-to-miss flashes of micro-expressions. When you read about a behavior, when you see a new behavior, and even when you want to feel more natural with a behavior already in your arsenal, take the time to try it out.

Sources
https://www.bc.edu/bc-web/schools/mcas/departments/theatre/special-programs/monan-professorship-in-theatre-arts/tina-packer.html#:~:text=Tina%20Packer%20is%20the%20Founding,currently%20celebrating%20its%2036th%20season.
https://www.youtube.com/watch?v=1zpf8H_Dd40
https://www.verywellmind.com/understanding-emotions-through-facial-expressions-3024851#citation-5
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2852199/
https://www.jnforensics.com/
https://truthplane.com/home/people/mark-bowden/
https://www.chasehughes.com/

Images
https://www.cxservice360.com/5-tips-build-rapport-customers/
https://www.scienceofpeople.com/microexpressions/

*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by Social-Engineer. Read the original post at: https://www.social-engineer.org/general-blog/replicating-behaviors/