You need a new chair for your desk. You’re looking for features such as arm rest and good back support. Soft but not too soft, and of course it has to be height adjustable. You proceed to look online for the best deal…what’s the next thing you do before making the purchase? Usually, check the reviews, especially if it’s a pricey item. How many reviews do you usually need to read before making the purchase? While that answer may vary from person to person, we’re all interested in the opinion of others.

But why are we so interested in the opinions of people we don’t even know? According to psychologist Robert Cialdini it’s because of social proof. In his book, Influence: The Psychology of Persuasion, Dr. Robert Cialdini states, “Social Proof – People will do things that they see other people are doing. For example, in one experiment, one or more confederates would look up into the sky; bystanders would then look up into the sky to see what they were seeing.”

According to the Social Proof Theory, a person who does not know the proper behavior for a certain situation will look to other people to imitate what they are doing and to provide guidance for his actions. This principle not only affects us when deciding about a purchase, but also in many areas of life. Social proof is in our nature as humans.  It therefore goes without saying that it is highly effective when used in social engineering. Let’s take a closer look at social proof in social engineering.

The Power of Social Proof

Social proof is so powerful because it is directly tied to our need to belong and to be accepted by others. It’s innate for humans to avoid social punishment such as ridicule or ostracization as a means of survival. So rather than risk rejection, we will follow others even when we know they are wrong.

This was demonstrated in a famous experiment by Solomon Asch which showed three lines to a group of people and asked them which was the shortest. What the experiment subjects did not know was that everybody else was working with the experimenter. When they all chose the wrong answer, most subjects also chose the wrong answer rather than face being different. Dr. Asch thought that the majority of people would not conform to something obviously wrong, but seventy-five percent conformed at least once, 5% conformed every time. This experiment proves the power that social proof can exert on any one of us without realizing we are under its effects.

Social Proof in Social Engineering

In marketing, Social Proof is the engine that drives people to act and purchase a certain product (even if they don’t need it). It means the product has been tested and approved by others thus it must also be good for us. The same principle applies in social engineering. A social engineer can use social proof by feeding the target information they want them to believe is socially acceptable. In fact, the social engineer can use this to convince them what path they desire the target to take. An example of this is telling the target that all the other employees have already taken the desired action.

We did an in-person elicitation in PASE (Practical Application of Social Engineering) where the student decided to use the survey method offering to enter “participants” in a raffle. They carried a clipboard with pages full of fictitious names and phone numbers to show that many other people had chosen to participate. The student was shocked to see how many people complied. This method is so effective that we discourage students from using it so that they can put into practice other principles of influence learned in the course.

How Will You Use It?

With just about anything, you can use it for good or bad. Social proof can be a powerful tool to motivate others to follow a positive course of action. You can also use social proof to grow your business. Sadly, threat actors are also aware of principles of influence, and they use them to manipulate their victims. At Social-Engineer LLC, we get into the attacker perspective to provide realistic testing for our clients while adhering to our code of ethics. By doing this, we “leave them better for having met us.” How will you use social proof?

Written by: Rosa Rowles

*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by Social-Engineer. Read the original post at: https://www.social-engineer.org/social-engineering/social-proof-in-social-engineering/