There’s a fine but clear line between ethical and unethical persuasion, says Joe Gray, a security consultant from the “Advanced Persistent Security” blog and podcast. Gray recently appeared on the CyberWire’s Hacking Humans podcast to discuss the distinction between influence and manipulation.
Influence, he says, is the practice using fair and honest persuasive tactics to guide someone to a mutually beneficial conclusion through their own free will. Manipulation, on the other hand, uses dishonest, underhanded methods to exploit someone for the advantage of the manipulator and has become social engineering:
“I look at it from the perspective of, are they doing this ethically? Are they just trying to hit the high notes and do what they're supposed to do? Or are they going underhanded to try to manipulate? Because I see a distinct difference between influence and manipulation, manipulation being a little bit more on the malicious side, influence being more of the idea of, I'm going to give you this information and have you form the opinion of your own cognition.”
According to Gray, both ethical and unethical persuaders rely heavily on Robert Cialdini’s six principles of persuasion to accomplish their goals. For example, when he wants to establish his credibility, Gray will say he is operating under the authority of some leader in the organization. This is a psychological tactic meant to improve his standing in the mind of the targeted individual and can be used either harmlessly or deceitfully.
When asked what people can do to recognize when someone is trying to manipulate them, Gray replied:
“Be cognizant of what people are asking, even if they're not truly asking. It may be something to build a rapport. I'm not saying go off and be rude to people because that does no one any good. But just be cautious about it. Like, from the perspective of emails, if you get an email that just seems too good to be true or it's unsolicited, it's out of context, it's not the right timing, misspelled words or something, forward it to your information security team or actually reach out to your information security team.”
A large portion of human interaction is persuasion in some form or another. New-school security awareness training can help people resist malicious influence by teaching them to detect when persuasion turns into manipulation.
Hacking Humans has the story: https://thecyberwire.com/podcasts/cw-podcasts-hh-2018-09-13.html
Free Phishing Security Test
Did you know that 91% of successful data breaches started with a spear phishing attack?
Cyber-attacks are rapidly getting more sophisticated. We help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. Find out what percentage of your employees are Phish-prone™ with our new, improved free test.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: