The Language of Social Engineering From Persuasion to Deception

8/18/2019 The Language of Social Engineering From Persuasion to Deception

1/7

2nd International Seminar on Lingustic,

West Sumatra 22-23 August 2015

1

The Language of Social Engineering:

From Persuasion to Deception

Handoko1 and Dwi Anggreini Waskito Putri2 1 Dharma Andalas University, [email protected] Padang State University, [email protected]

ABSTRACT

Security is one of the most important aspect in information technology era. Many service providers have put their effort in developing secure system for information technology service.

Yet, in many cases the vulnarabilities are not in the system but in human side as a user.Psychological aspect of human is the most vulnarable in security since it can be manipulated,decived, and influenced. Social engineering is one of the most prominent technique ininfulencing and manipulating human psychology and thought which is delivered throughlanguage. This research is amed at analysing the advertisment, pop-up, and fake email that usedas medium for social engineering. The data are taken from internet which indicate fakeinformation. The analysis is focuses on the linguistic features and sign used in the data. The dataare analysed by using pragmatic identity method and referential identity method. The result ofanalysis shows that the deciever violates maxim quality in delivering the massage. Beside, theresult also shows that the deciver develop mental space by employing several main issues forattracting target attention, they are sexual interest, financial interest, religious interest, andgaming interest.

Key Words: social engineering, persuasion, deception, mental space

1. INTRODUCTION

Social engineering is widely used by everybody in everyday live. It happens inany level of human life, it happens in government or small business marketing, or indaily activities. As a technique in communication, social engineering can be used ingood or evil way. Cambridge Dictionary defines social engineering as the artificialcontrolling or changing of the groups within society. In further and practical definition,

social engineering is the act of manipulating or deceiving a person to take an action thatmay or may not be in the “target’s” best interest. This may include obtaininginformation, gaining access, or getting the target to take certain action. It is used in theway teachers interact with their students, in the way doctors communicate to the

patient, lawyers convice the judge, or psychologists obtain information from theirclients. It even used by man to convice their partner in love. In short, social engineeringis a social and psychological phenomenon that involves human interaction from babiesto politicians and everyone in between.

As a technique in interpersonal interaction, social engineering is not just singleand spontaneous action but it covers collection of the action which includes planing,frameworking, and executing the action. Many people bealive that social engineering is

more than action but it is art in manipulating.


2/7

2

2. METHOD

The data are taken from internet that contain information for persuding peoplesuch as pop-up, banner-ad, and email. The data are coleected by using observationalmethod by employing note taking technique. Then the data are analysed by using

pragmatic identity method and referencial identity method. The reasearch is aimed atfiguring out the language strategy used by the deciever to gather information from thetarget.

Studying and analyzing social engineering is not as simple as it looks. Since itdeals with human, who are complex and complicated, social engineering involvesseveral studies including linguistics, semiotics, communication, and psychology. In this

reseach, the analysis is focused on linguistic and semiotic aspect of social engineering.However, in understanding the meaning of the data, some communication an

psycological concepta are also used to figure out the relationship between language anddeception.

Persuasion and Deception in Perspective of Linguistics.The main goal of social engineering is to get someone to do something. There

fore, it begins with persuasion and ends up with deception. According to TheCambridge English Dictionary, “persuasion” is the action of persuade, where persuadeis defined as to make someone do or believe something by giving them a good reason todo it or by talking to them and making them believe it . While “deception” is come from

“deceive” which is defined as to persuade someone that something false is the truth; tokeep the truth hidden from someone for your own advantage; to trick . In short,

persuasion and deception deal with truth, fact, and lying.In relation to these concept, Wierzbicka (2006), places central importance on the

evolution of the semantics of “truth,” “fact” and “lying” within Anglo culture. She notes

that “truth” and “fact” were often seen as synonymous, but the general acceptance of

cultural and societal “white lies” has led to her conclusion that:this is not to say that lying is no longer regarded in Anglo culture as something

bad, but the meaning of lying appears to have changed – roughly from saying,

intentionally, something untrue to saying, intentionally, something untrue and

presenting it as information about facts (p. 45).

By the definition above, deception is act involving linguistic manipulation includingsemantic, pragmatic, discourse. Wierzbicka constructs a semantic explication for“lying” which is closely related to the notion of “deceiving.” Thus,

When X said it X was lying. =a.

X said something like this: “I want you to know that Z” to someone

b. X knew that Z was not truec.

X wanted this someone to think that Z was true.(Wierzbicka 2006:45)


3/7

3

Wierzbicka’s semantic explication relies on truth conditions, which dealing with thenature of truth in human language production. The truth value of a sentence is whetheror not the sentence is true in the actual world.

In term of pragmatic, deception can be seen from Grice concept of converstional

implicature which focusing on cooperative principle “Make your a conversationalcontribution such as is required, at the stage at which it occurs, by the accepted purposeor direction of the talk exchange in which you are engaged” (Grice, 1975). Furthermore,Grice elaborates the principle by providing four maxims: quality (truthfulness), quantity(informativeness), relation (relevance) and manner (clarity). Grice concludes that inorder to gain truthfulness, people need to maintain the maxim. In other words, it can beassumed that verbal and textual relationships with others need to maintain acceptablestandards of truthfulness. In fact, real communication is frequently violate the maximfor various reason, including politeness and for manipulation. In many cases, deceptionis based on the violating the maxim. The foundation of deception deals with the

potential victim’s assumption of truth. Having established this foundation by simply

opening the conversation, the deceptor then manipulate the quality maxim as well as theremaining maxims to their advantage. Moreover, the speech act theory (Austin, 1962)and politeness strategy are also important to be analyzed. Since the language is consideras an action, then the the uttererance itself are consist of three types of action, they arelocutionary (lingusitic feature), illocutionary (meaning or intention), and perlucutionary(effect of utterence). In manipulating people, the speaker has to frame the target throughseries of “truth” that lead the target to believe in the primary intention.

Furthermore, the concept of mental spaces that proposed Fauconnier will help tounderstand the relation on language and deception. Fauconnier defines mental spaces as“constructs distinct from linguistic structures but built up in any discourse according to

guidelines provided by the linguistic expressions” (Fauconnier, 1994:16). Deceptiondeals with mental aspect of the targets which deliver through discourse concerning tothe certain issue, such as the detail information, problem, and virtue of the target. Inother word, the deceiver develops mental space which may influence target.

3. DICUSSION

As mention earlier that many people belive that persuasion is an art whichincludes organized actions from information gathering to execution. Informationgathering is the first step that should be done carefully in order to get as much data as

possible concerning to the target. The deciver should know about detail informationsuch as personal information, abality, interest, job, etc. Beside, the deciver also need to

provide information from third party that can be used to decive the target. For example,when deciever want to abaout someone, he or she may find information about third

party, such as a company or institution, then gather information concerning to what thecompany do, the product or service of the company, location of the company, jobopenings, contact number, executive board, mailing adress convention, and otherinformation that can be used to persuade or convince the target. All of theseinformations are important which may help other to conduct further action to exploit thetarget. In the active attack in which the deceiver has to lead the target into certain action,the deceiver has to make the action as real as it is. Below are several example ofmedium that the social engineer uses to gather information about the target.

The following ads is one of the data that shows how deciever gather information

about the target:


4/7

4

The picture above is a pop-up which appears when someone visit certain websiteor click a certain botton in a web page. The picture is claiming that the visitor iswinning amount of money. To analyze the advertisement above, it can be divided into 3

parts:

Structure Comment

ClaimCongratulation! You Won! You Won!You Won!

Claim Your Prize Award Now Up To$2.087.56. You are a Guaranteed Winnerof: $2.087.56 cash, $50 SkyAuction

Saving Certificate or $10.00 Cash

The part is an oppening message which disignedwith big and bold font. The utterance is tell thevisitor that he/she has won amount of money. Thesentence is designed with simple and atractivestructure. The deciver uses imperative sentencesthat directly pointed to the target.

The second line is highlighted with yellow colorand provides detail further information aboutamount of money and the source of the prize.

ProfilingWhere do You Want Us to Send AnyPrizes You Win?

Your prize notifications and FreeLottoentry confirmation, daily results andsponsor advertising messages will besent will be sent only by FreeLotto.

The second part is profiling section which directthe target to fill up the form. This part is the main

part and can be considered as the intention of thedeciver in order to gather information about target

personal information. Here the deciver use politeness strategy by not directly asking the targetabout his/her personal information. The deciveruses interogative sentence by offering benefit forthe target. The utterance “Where do you want us to

send any prize you want?” can be infered that the


5/7

5

YOUR EMAIL ADDRESS WILL NOTBE SHARED WITH ANYONE

speaker want to know about the detail informationof the target.

The next line consist of information that willensure the target has special concern of company

service. This utterance is used for further folow upor deliver further action that target need to do toclaim their prize. By doing so, the deciver ensurethat they have target trust and make sure that allinformation they send in the target email is true.

The last line of second part is statement that thespeaker or deciver will not share the personalinformation of the target to other. This is importantstatement in order to make sure that the target

believe about their security and privacy. However,the utterance has implication that the speaker isintended to say that their company is trustworthy.

Approval

Official Rules and FreeLotto PrivacyPolicy…. By clicking on “click to release your winning” below, I acknowledge that I

have read Sweepstake Rules & FreeLottoTerm of Use Agreement and agree to be

bound by it.

After you process your claim you willhave joined FreeLotto where you’ll get a

free chance to winning over $11 millionin daily prizes. We,ve already awardedover $93 million in prizes, and you can

become our next millionaire!

Approval stamp

The last part of the ads is the approval part that provide information about term and condition forthe privacy and policy. This information is mentionin long sentence. Generely, people in internet arerarely read the privacy policy. It delivers in longsentence in order to make target confuse andneglect the policy. By doing so the deciever makesure that the target ignore the information andconduct the following action.

The next line is confirmation that the offer from the

speaker that they will awarded the target withamout of money by clicking the button. Here thespeaker enforce the target to push the button. Infact the button is directed the target to furtherinformation gathering process and many cases the

button is linked for downloading malware, visus,and trojan which may be used for furtherexplotation.

The last line is convincing part which provide thetarget with official and approval stamp. This is dueto give mental image for the target that thenotification is legal and true.

The analysis above shows that the deciver uses persuasive language by applying threelayes. First is claim part which aim at catching target attention with imperative sentence and big bold font. The deciever uses imperative sentence as a direct statement that will lead the target toexciting feeling. The deciver also apply repetition technique in order to enforce the meaning. By

applying Fauconnier’s theory, it can be seen that repetition will create mental space tothe target mind. The actual truth conditions exist within the mental space constructed bythe language used in ads. The deciever’s communicative skill aim to construct themental space through discourse in such a way that can be accepted by the target as theactual world or convincing truth. In order to convince the target, the deciver providesdetails including policy, the prize that has been awarded to the winner, and official

signiture and stamp.


6/7

6

By analyzing the ads carefully, it can be infered that the main intention of thedeciver is not to exploit the target yet. The fist part of the ads is the attention catcherwhich create mental attention in the target’s mind. The next part is profiling which willgather target personal information. This information will be used for the next attact

either by using fake email or using the information for password cracking, hackingsocial media account, or sending pornographic link.

Furthermore, button also has important role in directing target to further attack.The site that the button jumps will drive the target to has the malicious code, virus,malware, or trojan. These dangerous codes will be injected to the computer of the targetor embeded to browser. By doing so, the diceiver makes sure that they have full accessto the target or victim. It can be seen in the ads that button is designed with simpledirective sentence “Click to Release Your Winning”. By using pragmatic analysis, themeaning and the intention of the deciever can be discovered.

Locutionary act : “Click to Release Your Winning”

Illocutionary act : Give us your personal information and passwordPerlocutionary : The target give their personal information and password

Here, the deciever violates maxim quality which can be indicated from the truthcondition. The button is not for claiming the prize but for lead the target to register orsign up for a site. If the target clicks the button and provide their personal information,the deciver will harvest the information concerning to email, password, phone number,address, and other important information. The target realize that the offer is limited, sothey would click on it soon as they get pop-up ads, which more than likely is at work.The following email is one of the further social enginering method that the deciver usesto manipulate the target.

Analyze that email. First, it contains an offer that would attract the present

These email is recived by the target when they register or signed up for the website.This email is used to direct the target providing detail information and make sure thatthe the target has been convincing by the ads. Here, the deciver makes series of action

and persuasion to gather information of the target or victim.


7/7

7

After analysing the data, it can be found there are main issues used to pesuadeand decieving the targets, among other issues are related to:

1. Sexual interest2.

Financial interest

3.

Religious interest4.

Gaming interestThese are four main issues used by the deciever to gather information and to exploit thevictim source and security.

4. CONCLUSIONLanguage is powerful tool to influence people. It can be used for good way or evil

way. The reseacrh shows that language can be used as a tool to exploit people andtaking adventage of the victim vurbarabilities. Social engineering is language skill tofind or discover people weakness and then use it to taking advantage from the victim.The deciver violates the truth condition ot maxim in order to develop mental space in

target mind and make them accept the truth that the deciver send. There are severalissues that used by the diciver to exploit victim, they are sexual interest, financialinterest, religious interest, and gaming interest.

REFERENCEAustin, John L., (1962). How to Do Things with Words. Harvard: Hardvar University

Press.Bilgrami, Akeel. (1992). Belief and meaning: the unity and locality of mental content .

Cambridge: Blackwell Publishers.Boush, David M., Marian Friestad, AND Peter Wright. (2009). Deception in the

marketplace : the psychology of deceptive persuasion and consumer self

protection. New York: Routledge.Cull, Nicholas J., David Culbert, and David Welch. (2003). Propaganda and Mass

Persuasion: a Historical Encyclopedia. 1500 to the present. ABC-CLIO:California.

Ekman, Paul. (2003). Unmasking the face. Malors Book: Cambridge.Fauconnier, Gilles. (1994). Mental Spaces: Aspects of Meaning Construction in Natural

Language. Cambridge: Cambridge University Press.Grice, Paul. (1975). Logic and Conversation. In Cole, P., and J.L. Morgan, eds. Speech

Acts. New York: Academic Press, 41 – 58).Hadnagy, Christopher. (2011). Social Engineering: The Art of Human Hacking .

Indianapolis: Wiley Publishing.Hogan, Kevin. (1996). The psychology of persuasion : how to persuade others to yourway of thinking. Louisiana: Pelican Publishing Company.

Pietarinen, Ahti-Veikko (ed). (2007). Game Theory and Linguistic Meaning . Elsevier:Amsterdam.

Richard Bandler and John Grinder. 1975. The Structure of Magic. Science and BehaviorBooks: California.

Wierzbicka, Anna. (2006). English: Meaning and Culture. Oxford: Oxford UniversityPress.

Documents

The Language of Social Engineering From Persuasion to Deception