A young woman approaches two other young women whom she does not know. They are sitting in a park, painting. In just a couple of minutes, she has one of the strangers opening up and telling her something that she claims she has never told anyone before. The stranger’s friend looks surprised at this, and the group feels a bond after that, despite not knowing one other just a few moments prior to this exchange.

The Psychology Behind Genuine Human Connection

This was a real event that happened after one of Social-Engineer’s (SECOM) classes; the Foundational Application of Social Engineering (FASE) training. The young woman who approached the two strangers was me; Shelby Dacko. The strangers? Just a couple of nice people who were enjoying some time in the park. As part of FASE homework, I went out and about with the goal of starting conversations. What this led to was a moment that stuck with me to this day; a moment of genuine connection.

What built up to this moment, though? When we break it down, there were many psychological principles that played into this exchange, some social engineering (SE) techniques, and likely some cognitive biases as well. Let’s analyze these together and see what we can learn.

Understanding the Unknown: How Cognitive Biases Shape Our Perceptions

We as humans know that cognitive biases exist. What we don’t know is which biases each person internalizes. However, knowing that they do indeed exist, we can choose to play into certain ones where ethically appropriate. For example, I was a young woman at the time of this exchange. I am short, and female. Even if it isn’t politically correct to admit to biases, I want you to tap into them for a moment. What are some assumptions you can make about me knowing this basic information?

In my mind, someone like me is probably not a physical threat. This is especially true if my approach is one where I’m smiling and showing non-dominant body language. Is this necessarily true? No. I could be a martial arts master, have a weapon, or have taken self-defense classes; any one of these would make me a potential threat to someone.

What we find, though, is that our minds and bodies don’t care about political correctness, they care about keeping us safe. We have cognitive biases for many different reasons both culturally and because of how we may have grown up or based on our various experiences. One of our base needs is to protect ourselves. Because of this, our minds may make assumptions about people quickly to assess if they are a threat or not.

Reading the Room: Leveraging Nonverbal Communication

I played into this natural bias of “not dangerous” by smiling, crouching down, and keeping an appropriate distance from the two individuals I wanted to meet. This probably aided those women in assessing that I was likely not a threat to their safety.

The Power of Rapport: Social Engineering Techniques that Build Trust

If we broke down every possible SE technique in the world, this would really have to be a running document. It would never be fully complete, as we learn more about human nature and how to use it via social engineering constantly. So, instead, today we will focus on one aspect of social engineering; rapport building.

Rapport is, at its core, the building of trust. Depending on your level of rapport, you can make requests from people. For example, if my neighbor who regularly yells at my dog asks me to help them pack up and move houses, what is my answer probably going to be? No way! If my best friend asks me though, you better believe I am taking my truck over immediately.

Step-by-Step Rapport Building Techniques

So, how can we quickly build rapport with people we don’t know? There are 10 steps that we can implement:

• Establish Artificial Time Constraints
• Accommodating Nonverbals
• Rythm, Speed, Volume, and Pitch (RSVP)
• Sympathy or Assistance Themes
• Ego Suspension
• Validate Others
• Ask… How? When? Why?
• Connect with Mutual Self Disclosure (Quid Pro Quo)
• Reciprocal Altruism
• Manage Expectations

In this blog, we will dissect one of the above. For a more detailed explanation of each technique, you can check out our Framework here.

Applying the Sympathy and Assistance Theme in Real Conversations

For now, let’s look at a technique that I used in the opening story. For this interaction, I wanted to lean into the “non-threating” theme. Now, I utilized a few techniques, but the one that stands out is the sympathy or assistance theme that was implemented. What is a sympathy or assistance theme? Well, social engineers have found, as a reliable general rule, that people like to be helpful. Using the other points listed above, such as artificial time constraints, asking someone to help you is a simple and effective way to elicit their assistance.

This is exactly what I did! I approached the two women, saying “hi” from afar so as not to scare them, stood at a distance, and crouched down slightly while smiling on the initial introduction and directly asked for their help. Then, I said something along the lines of “Hi, sorry to interrupt you, I won’t take more than a minute, but I was wondering if you guys could help me… I am taking a communications class, and we have some homework of meeting new people. I have to meet a few people and ask one or two questions; do you mind if I ask you?”

Simply asking for their assistance put the strangers in the perceived position of power in this conversation! Within a couple minutes, stranger number one was telling me all about themselves, to the point that her own friend was surprised and learning new things!

(If you noticed, many SE techniques were contained in that initial approach. This includes artificial time constraints and accommodating nonverbals.)

Learning by Doing: The Power of Practice in FASE Training

FASE is an immersive, hands-on training designed to help you both understand and leverage human behavior. It really is ideal for professionals in cybersecurity, sales, or any field requiring a solidified foundation in human behavior. In FASE, you will learn just like I did. You will have in-depth discussions on rapport building techniques, body language, and more. There is interactive homework that allows you to practice your SE skills and see real-time results!

Ready to Explore the Psychology of Influence?

For more information on this class or to hear about the experiences of those who have attended, feel free to reach out to any one of us on LinkedIn, or check out our website here. There are limited seats in this exciting class, so be sure to grab yours soon. We can’t wait to meet you!

Written by
Shelby Dacko
Human Risk Analyst, Social-Engineer, LLC

*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by Social-Engineer. Read the original post at: https://www.social-engineer.org/general-blog/inside-the-mind-of-a-social-engineer-what-fase-teaches-about-human-psychology-and-security/