The Trust Equation
The Trust Equation
Trust forms the foundation of all social engineering attacks. Understanding how trust is built and exploited helps in developing defenses:
Building False Trust:
- Familiarity: Using known names, referencing mutual connections, or demonstrating knowledge of internal processes
- Professional Appearance: Well-crafted communications, official-looking documents, and appropriate jargon
- Gradual Escalation: Starting with innocuous requests before moving to sensitive ones
- Social Validation: Providing references or testimonials from supposedly satisfied others
- Reciprocal Disclosure: Sharing "confidential" information to encourage reciprocal sharing
Trust Indicators Exploited:
- Official logos and branding
- Professional email signatures
- Technical terminology and acronyms
- Reference numbers and case IDs
- Callback numbers and physical addresses