Mind games: how social engineers win your confidence

Brian Brushwood, founder of Scam School, demonstrates the four simple psychological mechanisms underlying social engineering mind games.

Social engineering and mind games expert Brian Brushwood has not come by his knowledge in the traditional manner of school or business training. Brushwood is the host of the Internet video series Scam School, a show he describes as dedicated to social engineering in the bar and on the street.

In addition to his passion for teaching people about social engineering cons, Brushwood is also a touring magician who frequently performs on college campuses and has appeared on the Tonight Show. He first became interested in social engineering years ago as a means to enhance his performance and pull off secret moves successfully. Brushwood said his understanding and use of the term social engineering goes beyond the security industry perception.

"When I use the phrase, I am actually talking about an older version of it. Social engineering just basically means the application of social science to the solution of social problems," he said. "In other words, it's getting people to do what you want by using certain sociological principles."

Also read 9 Dirty Tricks: Social Engineers' Favorite Pick-Up Lines

These days, Brushwood uses social engineering techniques so frequently he admits it is sometime hard to "turn it off." Here Brushwood explains the four basic psychological tactics social engineers use to gain trust and get what they want, and how security pros can arm their staff against this type of deception.

1. Social engineers are confident and in control of the conversation

According to Brushwood, one of the first steps to pulling off something deceptive is to act confident. For example, someone trying to get into a secure building might forge a badge or pretend to be from a service company. The key to getting in without being challenged is to simply act like you belong there and that you have nothing to hide. Conveying confidence with body posture puts others at ease.

"People running concert security often aren't even looking for badges," said Brushwood. "They are looking for posture. They can always tell who is a fan trying to sneak back and catch a glimpse of the star and who is working the event because they seem like they belong there." (See how this tactic played into another scammer's attempt to get into the Super Bowl for a massive prank.)

Another way to gain the upper hand is to seem in charge through conversation, said Brushwood.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags social engineering

More about Xerox

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joan Goodchild

Latest Videos

More videos

Blog Posts