Social Engineering Blogs

An Aggregator for Blogs About Social Engineering and Related Fields

Facial Action Coding System FAQs

The Facial Action Coding System (FACS) is an incredibly useful tool when it comes to dealing with the face.  Despite its utility, FACS is widely misunderstood.   This post answers some of the common questions about FACS.

What is the Facial Action Coding System (FACS)?

Social Engineering: Facial Action Coding System DefinitionThe Facial Action Coding System is a scientific system designed to measure facial behaviors.  Facial behaviors include individual facial movements such as pulling the eyebrows up, as well as more general facial activities like turns and tilts of the head. 1

How is FACS Used?

FACS can be used for several different things such as:

Describing expressions of emotion
Identifying between suicidal and non-suicidal patients 2
Predicting the onset and remission of depression 3
For computer generated animations 4

What is the Relationship Between FACS and Facial Expressions?

To understand how FACS and facial expressions relate, you need to know what facial expressions really are.  Facial expressions are the way the face changes as a result of one or more facial movements (or more accurately, facial behaviors.) 5

FACS on the other hand is a system for measuring and describing one or more facial movements.  Since a facial expression is composed of facial movements, FACS is a way to accurately describe the movements in a facial expression.

What is the Relationship Between FACS and Emotions?

This is one area where there is a lot of misinformation floating around the internet.  To understand how FACS and emotions relate, you first need to understand how emotions relate to facial expressions.

There are seven emotional categories that have been scientifically proven to be universally recognizable. 6  These universally recognizable emotion categories (called the basic emotions) are associated with specific sets of facial expressions. 7

For example expressions of surprise are associated with the following movements:

The entire eyebrow is pulled up
The upper eyelids are pulled up
The mouth is opened

Since the basic emotions are associated with specific facial expressions, FACS can be used to accurately describe these expressions of emotion.

A very common misconception is that FACS is related to reading emotions.  The problem with this is that FACS is just a measurement system, and does not interpret the meaning of the movements.  It’s sort of like saying the purpose of driving a car is to go to the grocery store.  You can use a car to go to the grocery store, but driving in and of itself can be used for several different things (e.g. driving to the movies, going across country, etc.)

Some sources incorrectly assume that FACS includes emotional interpretation.  I suspect this is because they are confusing the FACS manual with the FACS Investigator’s Guide.

The FACS manual is what a FACS coder uses to learn FACS, and as a reference for coding.  The FACS Investigator’s guide contains information such as reliability studies, how FACS compares to other measurement systems, etc.  The FACS Investigator’s guide does briefly mention possible emotional interpretations for specific FACS codings, with this caveat in the preface:

It would be ideal if the person coding facial actions did not think about the possible meaning of the behavior he scores, but focused only on describing appearance. Information about th e meaning of facial behavior has been kept out of the Manual and is mentioned only in this Guide. 8

What is the Relationship Between FACS and Microexpressions?

Another common misconception about FACS is in regards to microexpressions.  A microexpression is a brief (no more than 0.5 seconds) display of one of the seven basic emotions.  So a microexpression is really nothing more than a facial expression of emotion.  Granted it is very brief, but it’s still just a facial expression.

So to the relationship between FACS and microexpressions is the same for FACS and facial expressions: FACS can be used to describe the facial expressions that constitute a microexpression, but FACS in and of itself isn’t about microexpressions

Should I Learn FACS?

The question as to whether or not you should learn FACS is really about what you want to do, and the amount of effort Social Engineering: Learn the Facial Action Coding Systemyou are willing to invest.

If you just want to get better at recognizing emotions, then FACS is probably overkill.  Instead you should consider taking microexpression training.  However if you need to be able to discern fine facial movements, then FACS is the best option.

Another thing to consider is how much time you are willing to invest.  The average person will spend at least 100 hours studying the FACS manual, and then about 12 hours to take the FACS certification.  To compare, microexpression training usually takes about an hour.

So if you want to be better at recognizing emotions, stick with microexpression training.  If however you want to be an expert on the face, then becoming a FACS certified coder is what you need to do.

Fingerprint: 51055AAE836EC974E78DC0E66E03536C

Notes:

http://www.face-and-emotion.com/dataface/facs/new_version.jsp ↩http://www.facscodinggroup.com/about/facs ↩http://www.facscodinggroup.com/about/facs ↩FACSGen 2.0 ↩What Are Facial Expressions? ↩Three Mistakes People Make about the 7 Basic Emotions ↩People sometimes mistake universally recognized to mean universally experienced.  While the basic emotions are universally experienced, they are not the only ones.  Rather basic emotions are the only universally experienced emotions that are also associated with universally recognized facial expressions. ↩The FACS Investigator’s Guide ↩

Further reading:

The Facial Action Coding System Explained
Five Tips for Reading Facial Expressions
The Truth About Microexpressions


How DMARC Combats Phishing

Interesting infographic from the Marketing Tech Blog about how DMARC (Domain-based Message Authentication, Reporting and Conformance) approaches phishing.

DMARC Infographic

Fingerprint: 45804CAD853F9B306353DE971455C18D

Further reading:

How To Write Phishing Emails That Get Clicked


How To Write Phishing Emails That Get Clicked

If you’re doing physical penetration tests or testing the human component of security, it’s inevitable that you’ll come across the need to write some phishing emails.  Here are five elements to get a better click-through-ratio (CTR).

1. The Subject is the Headline

One of the first things that people see in pretty much any email software is the subject line.  This means that the subject line fulfills the same role as the headline in advertising: it pulls the reader in.  Here are some things that have worked well in the past:

State the benefit for opening the email.  Ever wonder why all those spam emails advertise “Get XXX tonite”?  It’s simple: it works.
Create curiosity by asking question.
“Break the news”  Studies have shown that advertising in the form of news is read more.  Same goes for phishing emails.

2. Make it Easy to Read

This one actually came from Mike Murray. It’s the idea that certain types of writing are easier to read and understand.  The easier an email is to read, the more likely it is to be persuasive.  So how can you write in a style that’s easier to read?  Copyblogger has some good tips.   Here are a few others:

Learn Basic (British American Scientific International Commerical) English.  It’s how to communicate in English using only 850 words (for the most part :P)
Spend some time on the “Simple Wikipedia“
Check the reading level of your emails with the Flesch-Kincaid Readability Test

3. Look Legit

Phishing emails that have poor grammar, spelling, etc. just look plain fishy.  Emails that don’t look legitimate are less likely to get clicked.  If you’ve ever seen one of the 419 emails you’ll know exactly why.  Make sure you:

Use a spell checker (if it make sense)
Verify all links and images work (if you’re using HTML)
Look at the message for any “substitution errors” (e.g. “Hello $USER”)

4. Give a Reason to Click

In order for someone to take action you need to give a reason.  The reason can vary, but if you want to increase your chances of success make sure your emails have this element.  Here are some examples:

Click here for 101 ways to make money now!
Hey, is this picture really of you?
You have notifications waiting!

5. Make it Fit

One way to trip suspicion is to send an email that is out of place.  Going back to the 419 scam emails, if Prince Njoku of Nigeria sends you an email asking for help to get money out of the country, it just doesn’t make sense. 1

Much of this will be situation-specific, so this is one place reconnaissance can be useful.  You may want to consider:

The environment the target is in:  Are they at work, at home, in the coffee shop?
How the target reads email: Does their reader support HTML, is it a mobile device?
Who the target is:  Are they a secretary, a gamer, an IT professional?

Other things you think should be added?  Feel free to leave a comment below.

Fingerprint: 563A0F3DDD93DFEC59C259554EE19DFD

Notes:

Unless of course you were in the business of helping foreign princes funnel money out of the country. ↩

No related posts.