If you follow cybersecurity hacker methods — or just watch Mr. Robot — you probably know that the best way to get someone’s password is to ask for it. Sure, you probably can’t just say “Hi, I’m a bad guy. Can I have your password?” But there are all sorts of tricks you can use like pretending to be in the person’s IT department, someone in management, or by making up a crisis to overcome their better judgement with a sense. But of course, as wise computer people, we are immune to such things, right? We also don’t need those kinds of tricks in our arsenal.
Is that true? It is amazing how many subtle things influence what we think are rational decisions, no matter who we are. Consider going to eat in a restaurant. Simple, right? You look at the menu, pick what you want, and order. No one is influencing you. But they are. According to a BBC article, there’s a whole industry of menu “engineering” that figures out how to get you to order pricey food.
You might not think social engineering for menus is a great skill for us. But maybe your new open source project needs collaborators. Maybe your startup company needs investors. Maybe you’d like someone to look at your resume. Maybe the same tricks that work with diners will work in those cases, too.
