The episode number 7 of the Social Engineer podcast features an interview with Harvard psychologist Dr. Ellen Langer. I have noted down some learning points extracted from her words on mindfulness. Here you are the first ones:
Minute 10 - More than 50% of current attacks to information systems are done through social engineering (from the social-engineer crew).
Minute 12 - Most of us, most of the time, are not consciously "present", in a state of "mindlessness", i.e. we set our brain in a kind of automatic pilot.
Minute 13 - The value of "empty requests" and the power of the word "because".
If we go to an office and ask the question... may I use the photocopier? We will get a less positive answer than if we use the following question: May I use the photocopier to make some copies?
Minute 14 - By using common "cultural switches", such as ...may I use the photocopier to make some copies?.. communication emitters tend to produce in communication recipients exactly the "typical or common answer".
Applied to social engineering, this means that the social engineer needs to engage the victim into a "common and known routine".
Minute 15 - "When we are not there, we are not there to realise that we are not there" - A game of words to define mindlessness.
Minute 16 - An example of "mindlessness". Try this game: Ask someone next to you to add these numbers. Tell the numbers one by one...
- one thousand
- forty ... and she will reply 1040
- one thousand ... and she will reply 2040
- thirty ...and she will reply 2070
- one thousand ...and she will reply 3070
- twenty ...and she will reply 3090
- one thousand ...and she will reply 4090
- ten ...and she will reply...
... 5000 or 4100?
"When there is something familiar, we respond typically in a mindless way. The reason we do this is because we overwhelmingly seek certainty and certainly leads to mindlessness (...) We should be learning in a more conditional way" (Ms. Langer)
Thanks to the social-engineer.org site for this great podcast!