Understanding Pretexting and Authority

Social engineering is a deceptive practice that manipulates individuals into divulging confidential information or performing certain actions. One of the ways in which social engineering is executed is through a practice known as pretexting. Pretexting involves setting up a situation in which the attacker tricks the target into disclosing private information which the target would not otherwise disclose. One of the methods used by attackers to create a pretext is to pretend to be an authority figure.

To some extent, the willingness to obey authority figures is a necessary component of the functioning of any society because it ensures that structures are followed. Extreme disregard for authority can even be dangerous, as demonstrated by the often reckless and destructive behaviors displayed by those with antisocial personality disorder. There is of course the other extreme in which individuals feel so compelled to obey authority figures that they are willing to engage in actions which they know are wrong or which make them uncomfortable.

Stanley Milgram’s experiment demonstrated that individuals will obey authority figures even when they are requested to do things that they are uncomfortable with doing. Milgram was interested in conducting this experiment following the Holocaust in Germany. Milgram noticed that during the Nuremberg trials that Nazis who engaged in acts of genocide defended their actions by claiming they were being obedient and following orders. Milgram decided to conduct an experiment to see how far individuals would go in obeying an authority figure.

In the experiment, Milgram had participants read a list of questions to a respondent. If the respondent answered incorrectly, the participant was requested to give an electric shock to the respondent. The participants were told to increase the voltage with each wrong answer. The participants did not know that the respondent was not really being shocked. As far as the participants knew, they were truly electrocuting the respondent. Participants who were clearly distressed at inflicting pain, still continued with the experiment. Two-thirds of the volunteers were prepared to administer a potentially fatal electric shock.

The implications of Milgram’s experiment were disturbing, but it demonstrated the power that authority figures have. Though the participants in the experiment were clearly distressed at the pain they believed they were inflicting, they were willing to continue doing so because they were being told to do so by an authority figure. Hackers can exploit this tendency to obey authority figures by pretending to be authority figures and use this pretense to coerce individuals into doing giving information.

One way in which cybercriminals exploit this reliance on authority is by posing as law enforcement to steal information and money. In another situation, employees as Snapchat were tricked into sending payroll information to someone who impersonated Snapchat’s CEO.

Defending against these types of attacks require vigilance. Firstly, it is important to never send money or personal information to strangers. If a request is coming from an authority figure, it is important to confirm the identity of the authority figure before complying with any requests. Hackers exploit authority because they know that it is an effective method of manipulation, but by understanding the tactics used and adopting proactive security measures, individuals and businesses can defend themselves against these deceptive attacks.