People often fear failure or disobeying authority, and attackers exploit this fear to coerce compliance. For instance, they may impersonate the company director to request sensitive information. If a social media update reveals the director is on vacation, it creates an ideal scenario for the attack.
The victim may hesitate to question the director’s authority, making it harder to verify the request while the director is away.
Reciprocation involves responding to someone’s kindness with a similar gesture.
For instance, if someone holds the door open for you as you enter your office building, you may feel inclined to hold the next door for them in return. This could lead to a situation where you hold open a door that requires access control, prompting you to let the person in without verifying their credentials. This behavior is known as tailgating.
Humans are naturally curious. If you found a USB stick on the ground outside your office, would you plug it in? Especially if it was labeled “Salary Information – Current Updates”?
An attacker could strategically drop multiple malicious USB sticks in areas frequented by employees, hoping someone will connect them. These documents may contain harmful macros, exploits, or trick users into compromising their own security.