Social Engineering Blogs

An Aggregator for Blogs About Social Engineering and Related Fields

Guess the Microexpression

Can you find the micro facial expression of emotion in the video below?

A microexpression is an emotional response that often occurs without our conscious awareness and reveals a person’s internal state. It is interesting to see it in an advertising campaign ad.

Click here to view the embedded video.

Take a look at this Faceology article on analytical interviewing.  Page three goes into more depth about this particular ad.

Maggie Pazian writes “We do not and cannot exactly know the cause of the microexpression without engaging Dr. Tendler [the woman in the video above] in conversation and probing into the topic that appears to have spurred the emotional reaction but there is still important information that we can glean from seeing a microexpression.

As a side note, the emotion of disgust (as seen in the video above) is one of the seven basic emotions. To learn more about disgust, take a look at this blog article on disgust and disease.

What are your thoughts on this ad as well as microexpression in general?

How To Write Phishing Emails That Get Clicked

If you’re doing physical penetration tests or testing the human component of security, it’s inevitable that you’ll come across the need to write some phishing emails.  Here are five elements to get a better click-through-ratio (CTR).

1. The Subject is the Headline

One of the first things that people see in pretty much any email software is the subject line.  This means that the subject line fulfills the same role as the headline in advertising: it pulls the reader in.  Here are some things that have worked well in the past:

State the benefit for opening the email.  Ever wonder why all those spam emails advertise “Get XXX tonite”?  It’s simple: it works.
Create curiosity by asking question.
“Break the news”  Studies have shown that advertising in the form of news is read more.  Same goes for phishing emails.

2. Make it Easy to Read

This one actually came from Mike Murray. It’s the idea that certain types of writing are easier to read and understand.  The easier an email is to read, the more likely it is to be persuasive.  So how can you write in a style that’s easier to read?  Copyblogger has some good tips.   Here are a few others:

Learn Basic (British American Scientific International Commerical) English.  It’s how to communicate in English using only 850 words (for the most part :P)
Spend some time on the “Simple Wikipedia“
Check the reading level of your emails with the Flesch-Kincaid Readability Test

3. Look Legit

Phishing emails that have poor grammar, spelling, etc. just look plain fishy.  Emails that don’t look legitimate are less likely to get clicked.  If you’ve ever seen one of the 419 emails you’ll know exactly why.  Make sure you:

Use a spell checker (if it make sense)
Verify all links and images work (if you’re using HTML)
Look at the message for any “substitution errors” (e.g. “Hello $USER”)

4. Give a Reason to Click

In order for someone to take action you need to give a reason.  The reason can vary, but if you want to increase your chances of success make sure your emails have this element.  Here are some examples:

Click here for 101 ways to make money now!
Hey, is this picture really of you?
You have notifications waiting!

5. Make it Fit

One way to trip suspicion is to send an email that is out of place.  Going back to the 419 scam emails, if Prince Njoku of Nigeria sends you an email asking for help to get money out of the country, it just doesn’t make sense. 1

Much of this will be situation-specific, so this is one place reconnaissance can be useful.  You may want to consider:

The environment the target is in:  Are they at work, at home, in the coffee shop?
How the target reads email: Does their reader support HTML, is it a mobile device?
Who the target is:  Are they a secretary, a gamer, an IT professional?

Other things you think should be added?  Feel free to leave a comment below.

Fingerprint: 563A0F3DDD93DFEC59C259554EE19DFD

Notes:

Unless of course you were in the business of helping foreign princes funnel money out of the country. ↩

No related posts.


Ask the Expert: Your Questions to Dr. Matsumoto Part 5

Humintell is happy to announce that the “Ask the Expert” series is back, with a fifth edition.

In the past we’ve posted several blogs with your (the viewer’s) questions to Humintell director Dr. Matsumoto and his answers.

Take a look at Part 1, Part 2, Part 3 and Part 4 by clicking on the appropriate links.

Ask your specific question(s) to Dr. Matsumoto in the comments section above. The questions can be related to anything: microexpressions, facial expressions of emotions in general, culture, emotion, nonverbal behavior, reading body language, recent research or detecting deception.

Please no inappropriate questions! Don’t forget we monitor all questions asked on the blog and inappropriate questions will be deleted.

We’ll select certain questions we think are interesting, interview Dr. Matsumoto and post the responses within two weeks.

Thanks for your participation!

For more information on Dr. Matsumoto, visit his website. Don’t forget to follow him on facebook and twitter.