by Natsuya Uesugi
The success of a social engineering mission to gather information from a target is closely tied to how the target responds to you. If you are speaking with the target and trying to get them to give you information or take an action that will be beneficial to your goal you will need to be able to read the target’s emotions. This can be done through microexpressions or subtle facial movements. People react based on their emotions, our body language and facial movements reflect how we feel. For example a real smile can be discerned from a fake smile by reading the expression. You want to make sure when you are in a social engineering encounter that you can read your target accurately.
The FBI, law enforcement and even lawyers are trained in reading facial expressions. You can watch people react and know if they are telling the truth and what they are feeling. Like mentioned earlier a fake smile looks different than a real one and can usually be discerned by the placement of the eyes in the expression. In a real smile the eyes are narrower where in an expression of anger the eyes are glaring forward so they stare through you.
The main expressions that we display in facial movements are a few in number but I wanted to talk about anger, sadness and surprise as well as happiness. Anger and contempt can be a sure sign that our social engineering tact is not working and we need to back down and back out of the situation. Surprise can possibly be a better expression and can get the target to take an action, kind of like fear. If the target is afraid something might happen the social engineer can play on those fears and potentially get the target to warm up to the goal.
Sadness on the other hand is a tactic that we sometime see in movies and in commercials on TV. We have all seen the animal cruelty commercials or the starving children in underdeveloped countries and the commercials try to get you to react to help. These commercials might cause a reaction of sadness and get you to pick up the phone and pledge money to help a child find food or shelter. This is just another example of playing on a target’s emotions.
A social engineer who is trying to elicit a reaction from a target should be able to read the target’s body language as the interaction is happening to let them know the success or failure of the ruse. If a negative reaction is encountered which is seen in the person’s face which is an automatic reaction based on their emotions which is not easily faked, the social engineer can gauge the conversation.
These miniscule movements of the facial muscles like the raising of the eyebrows in surprise or the tightening of the lips in anger are natural and go across cultures, they can be seen around the world. If your target is warming up to the social engineer’s story this will be visible in their facial expressions.
Social engineers like car salesman and psychologists have to be able to read their target and adjust their message accordingly to get the right reaction that will lead to the goal. A psychologist will have the best interest most likely of the target at heart where the car salesman is trying to sell the latest model of car. The purpose might be different but it is all social engineering. Facial expressions are a telltale sign of how a person is feeling and can be a good way of determining if the interaction is going well or not.
Microexpressions are just another tool that a social engineer has in their toolkit when they are striving towards the goal of information gathering.