Social Engineering — How Hackers Manipulate Passwords

What would you say if someone walked up to you and asked for your email password? You would probably immediately say no, even if you knew the person. You may allow only your most intimate associate, such as a mate, to have that information. So how do hackers manipulate people into giving out login credentials on a daily basis? Welcome to the world of social engineering.

Social Engineering: Infiltration Doesn’t Come Cheap

It can be expensive and time consuming for a hacker to develop a way into a secure system. It is far easier to manipulate someone into giving away his credentials. Not easy, just easier.

That’s why psychologists studied 1,208 individuals to learn some of the methods that prove to be effective in getting a person to reveal login information.

One of the methods used in the study was to give the user a reward. After first receiving a piece of chocolate, half of the users were asked for passwords during an interview. Others were asked about the password first, and then given the chocolate when the interview was over (fair is fair).

Over 43% who received the chocolate first were willing to give away login credentials. In fact, almost half of people who were given the chocolate immediately—before being asked the question—gave away their password, while just under 40% caved when the reward was provided early in the interview, and long before the question was asked.

People Cave to the Idea of Reciprocity

When an incentive is provided, many people reciprocate without considering whether the trade is equal. Even the timing of the reward or gift is crucial to how likely a person is to respond. Don’t get us wrong—nearly 1 in 3 people in the control group gave out their credentials without any “gift,”—but a reward increases the likelihood of a positive response. Clearly, the reward does not have to be much.

Knowing this, calls for employee training that encourages your staff members not to trust freebies online, especially if there is something required in return. Employees need to be taught never to share passwords.