SlideShare una empresa de Scribd logo

Social Engineering: Frames and Frame Control

Social Exploits
Social Exploits
TecnologíaEmpresariales
1 de 23
Social Engineering: Frames, Framing, and Frame Control Mike Murr mike@socialexploits.com http://www.socialexploits.com http://www.twitter.com/SocialExploits
What This Talk is About • Framing – Constructs used to give meaning to information – Defining the current situation (“here and now”) – Cognitive context • Fundamental to social engineering – Control the frame, control the meaning of an interaction – Messages are dependent on meaning • And consequently emotions • A hacker stole your PII, We lost your PII, Your PII was lost Social Engineering: Framing and Frame Control – © Social Exploits 2010 2
Social Engineering • Social engineering is persuasion – Goal is to affect behavior – Increase likelihood of compliance – More than pretending to be help desk – Not reconnaissance • This is not mind control – Nothing is 100% effective, always have free will – People can accept or reject frames – Still highly effective though • Ethics (is a relative term) – These are tools – How you use the tools is your decision – Reflection of character – Personal responsibility Social Engineering: Framing and Frame Control – © Social Exploits 2010 3
Frames • Frames are constructs used to give meaning – Personal interpretation – Highlight certain aspects, ignore others – Each person has their own • Frame constructs (not exhaustive) – Beliefs • “Design” of the frame • Cultural, Biological, Life Experience – Mental models of reality • Help organize thoughts, set expectations • Defines boundaries (what is emphasized and ignored) • Form the “shape” of the frame • A representation / implementation of beliefs Social Engineering: Framing and Frame Control – © Social Exploits 2010 4
Framing • Framing (to frame, set a frame, etc.) – Asserting a frame – Persuade others to accept our frame over theirs • Metaframe – Focused more on underlying aspects of situation (or beliefs) – Also known as master frames • Reframe – Assert a new frame over an existing frame • People often play frame games – Get others to accept / understand a frame – Can relate to power or influence (controlling meaning) – Natural part of interpersonal communication Social Engineering: Framing and Frame Control – © Social Exploits 2010 5
Communicating a Frame • 3 major components – Linguistic, paralinguistic, nonverbals • Nonverbals (and paralinguistic) are key – Play a majority role of a message’s influence • Often trusted more than verbal • More difficult to fake – Various tactics to hold attention • What we focus on sets the frame • Strong facial expressions • Varied tone / tempo • Hand gestures / movement (esp. large ones) Social Engineering: Framing and Frame Control – © Social Exploits 2010 6
Sources for Frames • Useful for identifying elements of influential frames • Cultural – Collectivist vs. individualist – Familiar ideas and concepts • Biological – Primal and evolutionary motivations – Strong emphasis around survival and replication • Mental models – Pay attention to what people say (and how they say it) – Note attributes / properties / characteristics Social Engineering: Framing and Frame Control – © Social Exploits 2010 7
Linguistic Tools (1) Social Engineering: Framing and Frame Control – © Social Exploits 2010 8 Relating Frames Metaphors • Frames resemble each other (not literally) • A firewall is a security guard at the front door Analogies • Useful for emphasizing similarities • Frames elements are similar • Can be used to suggest agreements in areas not explicitly stated • An IDS is like a “computer burglar alarm” Contrast • Useful for emphasizing differences • Frames do not agree • Can be used as motivation / rationale for new behavior • Unlike an IDS which can only detect, an IPS can block traffic
Linguistic Tools (2) Social Engineering: Framing and Frame Control – © Social Exploits 2010 9 Framing Content Feeling • Describes frames in terms of emotions • I hate a poorly tuned IDS Stories • Uses a narrative to set the frame • Often has a theme or metaphor basis • Tell a story about how an IDS prevent an incident and saved $$$ Spin • Describes a frame in terms of positive or negative • Similar to emotional valence • An IPS is a great way to detect and respond to incidents Jargon • Describes a frame using familiar terminology • Using terms such as Asset Value, ALE, SLE, ROI, etc.
Linguistic Tools (3) Social Engineering: Framing and Frame Control – © Social Exploits 2010 10 Framing Structure Argument • Frame in terms of rationale • Supported by evidence • Our anti-virus costs the least, offers the most features Categorizing • Describe frame in terms of included or excluded categories • This isn’t your parent’s anti-virus, it’s enterprise grade Repetition • Emphasize aspects of frame by repeating specific elements • Protect, Protect, Protect, that’s what our anti-virus does for your data Lists • Organize content into easy to remember chunks • Often three elements • We can sum up our anti-virus in three words: Safe, Fast, Reliable
Useful Frames: Interpersonal Social Engineering: Framing and Frame Control – © Social Exploits 2010 11 Being helpful • You are helping them • Offer help • They are helpful people • Ask them to help you out Avoiding blame • Provides emotional justification for behavior • Can make accepting related frames easier Team members • Working towards a common goal • Can solidify using “us vs. them”
Useful Frames: “Cialdini 6” Social Engineering: Framing and Frame Control – © Social Exploits 2010 12 •Tend to be influenced by authority positions •Vendor XYZ is the international leader in host-based IDS Authority •We tend to be influenced by those we like •Sales person identifies similar hobbies / interests Liking •Looking to others to determine correct behavior •Government agencies worldwide use our software Social Proof •Value is tied to (lack of) availability •Only available to select enterprise customers Scarcity •Obligation to return what others provide (favors) •Vendor buys lunch Reciprocity •Pressure to remain consistent with prior commitments •You’ve already stated information protection is a top concern Commitment and Consistency
Useful Frames: General Social Engineering: Framing and Frame Control – © Social Exploits 2010 13 Simplifying • Reduce complexity • Easier to understand Loss Aversion • Loss is a stronger motivator than potential to gain • Depends on relative value Credibility • Increases believability • Emphasis on truth and what is real Certainty • People crave certainty • Provides stability, clarity • Increases trust • Facilitates rapport • Reduces unknown
Frame Warfare (1) Social Engineering: Framing and Frame Control – © Social Exploits 2010 14 • Understand a person’s interpretation • Doesn’t guarantee acceptance of a frame Acknowledging a frame • Hold an interpretation as true • Leads to persuasion • Implies understanding a frame Accepting a frame • Refuse to accept an interpretation as true • May or may not understand a frame Rejecting (denying) a frame
Frame Warfare (2) Social Engineering: Framing and Frame Control – © Social Exploits 2010 15 • Merge interpretations together • Accepting one can lead to accepting the other • This is an art Combining frames • Link interpretations together • Frames agree and are related • Traditionally associated w/politics • Useful for transitioning frames • Useful for behavior motivation Aligning frames
Frame Alignment Patterns Social Engineering: Framing and Frame Control – © Social Exploits 2010 16 Bridging •Frames are similar in basis, different in specifics •Data theft is on the rise, maintain personal freedom, buy our id. product Amplification •Increase focus or emphasis on what is important •Simultaneously decreases emphasis on other points •Provide a safe learning environment for your family, buy our firewall Extension •Increase the “boundaries” of the frame •This anti-virus can help protect your id. by stopping malware Transformation •Use existing elements with a new frame •Change frame by replacing meaning of elements •This “little malware incident” demonstrates people are the cause of problems •They can’t be trusted •Our IPS fixes human problems
Reframing Patterns (1) Change intent behind behavior • Remove a firewall rule to facilitate a business process Redefine by using similar words • Different meaning / implication • Data theft vs. data loss Change specificity (chunk size) • Increase • Our detection mechanisms alerted us in real time • Decrease • On the whole, this is part of the cost of running a business Social Engineering: Framing and Frame Control – © Social Exploits 2010 17
Reframing Patterns (2) Change context • Changing scope / size • Only lost information on 1% of our customers • Changing environment • Data was copied from one machine to another • Change role / perspective • We are helping protect our customers by working with law enforcement to help locate, arrest, and convict the suspect Alternating Frames • Switch between frames • Meet unrelated / opposite goals • Blame someone else, and accept responsibility Social Engineering: Framing and Frame Control – © Social Exploits 2010 18
Building Your Framing Skills Understanding •Reading •Thinking •General learning Observation •Observe and analyze your and others’ frames Priming • Mental preparation • Conscious thought influences unconscious response Infield Work • Assert frames • Assess reactions and changes Reflection • Keep a journal • Look for patterns Social Engineering: Framing and Frame Control – © Social Exploits 2010 19
Parting Thoughts • Useful beyond just social engineering – Interpersonal communication – Vital component of leadership • “Through framing, we create the realities to which we must then respond” – Fairhurst 2010 Social Engineering: Framing and Frame Control – © Social Exploits 2010 20
Books (1) • The Power of Framing (Fairhurst) • Introducing NLP (O’Connor) • Sleight of Mouth (Dilts) • Mind-Lines (Hall) • Influence: Science and Practice (Cialdini) Social Engineering: Framing and Frame Control – © Social Exploits 2010 21
Books (2) Social Engineering: Framing and Frame Control – © Social Exploits 2010 22
Questions? • Feel free to email me at mike@socialexploits.com • Blog: www.socialexploits.com • Twitter: twitter.com/SocialExploits • Upcoming conferences – Next conference: SANS London 2010 Social Engineering: Framing and Frame Control – © Social Exploits 2010 23

Recomendados

Gap Analysis Methods And Models Powerpoint Presentation Slides
Gap Analysis Methods And Models Powerpoint Presentation SlidesGap Analysis Methods And Models Powerpoint Presentation Slides
Gap Analysis Methods And Models Powerpoint Presentation SlidesSlideTeam
 
Short Term And Long Term Planning PowerPoint Presentation Slides
Short Term And Long Term Planning PowerPoint Presentation Slides Short Term And Long Term Planning PowerPoint Presentation Slides
Short Term And Long Term Planning PowerPoint Presentation Slides SlideTeam
 
Business Alignment PowerPoint Presentation Slides
Business Alignment PowerPoint Presentation SlidesBusiness Alignment PowerPoint Presentation Slides
Business Alignment PowerPoint Presentation SlidesSlideTeam
 
Business Proposal For Venture Capital Powerpoint Presentation Slides
Business Proposal For Venture Capital Powerpoint Presentation SlidesBusiness Proposal For Venture Capital Powerpoint Presentation Slides
Business Proposal For Venture Capital Powerpoint Presentation SlidesSlideTeam
 
Self discipline
Self disciplineSelf discipline
Self disciplineVikrant Sirohi
 
List Of Achievements PowerPoint Presentation Slides
List Of Achievements PowerPoint Presentation SlidesList Of Achievements PowerPoint Presentation Slides
List Of Achievements PowerPoint Presentation SlidesSlideTeam
 
Systems thinking
Systems thinkingSystems thinking
Systems thinkingMaripaz Señorita
 
051104_The_Minto_Pyramid_Principle.pdf
051104_The_Minto_Pyramid_Principle.pdf051104_The_Minto_Pyramid_Principle.pdf
051104_The_Minto_Pyramid_Principle.pdfssuser8c8e25
 

Recomendados

Gap Analysis Methods And Models Powerpoint Presentation Slides
Gap Analysis Methods And Models Powerpoint Presentation SlidesGap Analysis Methods And Models Powerpoint Presentation Slides
Gap Analysis Methods And Models Powerpoint Presentation SlidesSlideTeam
 
Short Term And Long Term Planning PowerPoint Presentation Slides
Short Term And Long Term Planning PowerPoint Presentation Slides Short Term And Long Term Planning PowerPoint Presentation Slides
Short Term And Long Term Planning PowerPoint Presentation Slides SlideTeam
 
Business Alignment PowerPoint Presentation Slides
Business Alignment PowerPoint Presentation SlidesBusiness Alignment PowerPoint Presentation Slides
Business Alignment PowerPoint Presentation SlidesSlideTeam
 
Business Proposal For Venture Capital Powerpoint Presentation Slides
Business Proposal For Venture Capital Powerpoint Presentation SlidesBusiness Proposal For Venture Capital Powerpoint Presentation Slides
Business Proposal For Venture Capital Powerpoint Presentation SlidesSlideTeam
 
Self discipline
Self disciplineSelf discipline
Self disciplineVikrant Sirohi
 
List Of Achievements PowerPoint Presentation Slides
List Of Achievements PowerPoint Presentation SlidesList Of Achievements PowerPoint Presentation Slides
List Of Achievements PowerPoint Presentation SlidesSlideTeam
 
Systems thinking
Systems thinkingSystems thinking
Systems thinkingMaripaz Señorita
 
051104_The_Minto_Pyramid_Principle.pdf
051104_The_Minto_Pyramid_Principle.pdf051104_The_Minto_Pyramid_Principle.pdf
051104_The_Minto_Pyramid_Principle.pdfssuser8c8e25
 
Example Presentation About Myself Interview PPT PowerPoint Presentation Slides
Example Presentation About Myself Interview PPT PowerPoint Presentation SlidesExample Presentation About Myself Interview PPT PowerPoint Presentation Slides
Example Presentation About Myself Interview PPT PowerPoint Presentation SlidesSlideTeam
 
Top 100 Diagrams in Editable Powerpoint
Top 100 Diagrams in Editable PowerpointTop 100 Diagrams in Editable Powerpoint
Top 100 Diagrams in Editable PowerpointAurelien Domont, MBA
 
Design Tools for Systems Thinking
Design Tools for Systems ThinkingDesign Tools for Systems Thinking
Design Tools for Systems ThinkingPeter Vermaercke
 
Mental models (The Fifth Discipline)
Mental models (The Fifth Discipline)Mental models (The Fifth Discipline)
Mental models (The Fifth Discipline)Ruhi Beri
 
Introduction to Systems Thinking
Introduction to Systems ThinkingIntroduction to Systems Thinking
Introduction to Systems ThinkingAcquate
 
Audit Of Business Systems With Checklist Powerpoint Complete Deck
Audit Of Business Systems With Checklist Powerpoint Complete DeckAudit Of Business Systems With Checklist Powerpoint Complete Deck
Audit Of Business Systems With Checklist Powerpoint Complete DeckSlideTeam
 
Business Value of Agile Methods: Using ROI & Real Options
Business Value of Agile Methods: Using ROI & Real OptionsBusiness Value of Agile Methods: Using ROI & Real Options
Business Value of Agile Methods: Using ROI & Real OptionsDavid Rico
 
Pod handler
Pod handlerPod handler
Pod handlerAmerica's Promise Alliance
 
Building Wealth
Building WealthBuilding Wealth
Building WealthKeahiahi Long
 
Problem solving skills
Problem solving skillsProblem solving skills
Problem solving skillsBinay Roy
 
Current State Vs Future State Info Graphics
Current State Vs Future State Info GraphicsCurrent State Vs Future State Info Graphics
Current State Vs Future State Info GraphicsSlideTeam
 
Digital Change PowerPoint Presentation Slides
Digital Change PowerPoint Presentation Slides Digital Change PowerPoint Presentation Slides
Digital Change PowerPoint Presentation Slides SlideTeam
 
Vuca Victims And Vuca Masters
Vuca Victims And Vuca MastersVuca Victims And Vuca Masters
Vuca Victims And Vuca MastersShawn Grubb
 
Self Introduction Model PowerPoint Presentation Slides
Self Introduction Model PowerPoint Presentation SlidesSelf Introduction Model PowerPoint Presentation Slides
Self Introduction Model PowerPoint Presentation SlidesSlideTeam
 
Decision making & cynefin framework
Decision making & cynefin framework Decision making & cynefin framework
Decision making & cynefin frameworkIqtidar ul Hasan
 
Developing Project Management Leadership
Developing Project Management LeadershipDeveloping Project Management Leadership
Developing Project Management LeadershipGus Sabatino
 
Summary Of Accomplishments PowerPoint Presentation Slides
Summary Of Accomplishments PowerPoint Presentation SlidesSummary Of Accomplishments PowerPoint Presentation Slides
Summary Of Accomplishments PowerPoint Presentation SlidesSlideTeam
 
Transformation Plan Powerpoint Presentation Slides
Transformation Plan Powerpoint Presentation SlidesTransformation Plan Powerpoint Presentation Slides
Transformation Plan Powerpoint Presentation SlidesSlideTeam
 
Worst PPT Presentation Ever
Worst PPT Presentation EverWorst PPT Presentation Ever
Worst PPT Presentation EverJennifer McMahon
 
Frame Your Campaign To Win
Frame Your Campaign To WinFrame Your Campaign To Win
Frame Your Campaign To WinResource Media
 
YSJ CPD Framework, UKPSF and Mahara ePortfolios
YSJ CPD Framework, UKPSF and Mahara ePortfoliosYSJ CPD Framework, UKPSF and Mahara ePortfolios
YSJ CPD Framework, UKPSF and Mahara ePortfoliosPhil Vincent
 
Layers and meaning: reflections on digitality
Layers and meaning: reflections on digitalityLayers and meaning: reflections on digitality
Layers and meaning: reflections on digitalityJenny Weight
 

Más contenido relacionado

La actualidad más candente

Example Presentation About Myself Interview PPT PowerPoint Presentation Slides
Example Presentation About Myself Interview PPT PowerPoint Presentation SlidesExample Presentation About Myself Interview PPT PowerPoint Presentation Slides
Example Presentation About Myself Interview PPT PowerPoint Presentation SlidesSlideTeam
 
Top 100 Diagrams in Editable Powerpoint
Top 100 Diagrams in Editable PowerpointTop 100 Diagrams in Editable Powerpoint
Top 100 Diagrams in Editable PowerpointAurelien Domont, MBA
 
Design Tools for Systems Thinking
Design Tools for Systems ThinkingDesign Tools for Systems Thinking
Design Tools for Systems ThinkingPeter Vermaercke
 
Mental models (The Fifth Discipline)
Mental models (The Fifth Discipline)Mental models (The Fifth Discipline)
Mental models (The Fifth Discipline)Ruhi Beri
 
Introduction to Systems Thinking
Introduction to Systems ThinkingIntroduction to Systems Thinking
Introduction to Systems ThinkingAcquate
 
Audit Of Business Systems With Checklist Powerpoint Complete Deck
Audit Of Business Systems With Checklist Powerpoint Complete DeckAudit Of Business Systems With Checklist Powerpoint Complete Deck
Audit Of Business Systems With Checklist Powerpoint Complete DeckSlideTeam
 
Business Value of Agile Methods: Using ROI & Real Options
Business Value of Agile Methods: Using ROI & Real OptionsBusiness Value of Agile Methods: Using ROI & Real Options
Business Value of Agile Methods: Using ROI & Real OptionsDavid Rico
 
Problem solving skills
Problem solving skillsProblem solving skills
Problem solving skillsBinay Roy
 
Current State Vs Future State Info Graphics
Current State Vs Future State Info GraphicsCurrent State Vs Future State Info Graphics
Current State Vs Future State Info GraphicsSlideTeam
 
Digital Change PowerPoint Presentation Slides
Digital Change PowerPoint Presentation Slides Digital Change PowerPoint Presentation Slides
Digital Change PowerPoint Presentation Slides SlideTeam
 
Vuca Victims And Vuca Masters
Vuca Victims And Vuca MastersVuca Victims And Vuca Masters
Vuca Victims And Vuca MastersShawn Grubb
 
Self Introduction Model PowerPoint Presentation Slides
Self Introduction Model PowerPoint Presentation SlidesSelf Introduction Model PowerPoint Presentation Slides
Self Introduction Model PowerPoint Presentation SlidesSlideTeam
 
Decision making & cynefin framework
Decision making & cynefin framework Decision making & cynefin framework
Decision making & cynefin frameworkIqtidar ul Hasan
 
Developing Project Management Leadership
Developing Project Management LeadershipDeveloping Project Management Leadership
Developing Project Management LeadershipGus Sabatino
 
Summary Of Accomplishments PowerPoint Presentation Slides
Summary Of Accomplishments PowerPoint Presentation SlidesSummary Of Accomplishments PowerPoint Presentation Slides
Summary Of Accomplishments PowerPoint Presentation SlidesSlideTeam
 
Transformation Plan Powerpoint Presentation Slides
Transformation Plan Powerpoint Presentation SlidesTransformation Plan Powerpoint Presentation Slides
Transformation Plan Powerpoint Presentation SlidesSlideTeam
 
Worst PPT Presentation Ever
Worst PPT Presentation EverWorst PPT Presentation Ever
Worst PPT Presentation EverJennifer McMahon
 

La actualidad más candente (19)

Example Presentation About Myself Interview PPT PowerPoint Presentation Slides
Example Presentation About Myself Interview PPT PowerPoint Presentation SlidesExample Presentation About Myself Interview PPT PowerPoint Presentation Slides
Example Presentation About Myself Interview PPT PowerPoint Presentation Slides
 
Top 100 Diagrams in Editable Powerpoint
Top 100 Diagrams in Editable PowerpointTop 100 Diagrams in Editable Powerpoint
Top 100 Diagrams in Editable Powerpoint
 
Design Tools for Systems Thinking
Design Tools for Systems ThinkingDesign Tools for Systems Thinking
Design Tools for Systems Thinking
 
Mental models (The Fifth Discipline)
Mental models (The Fifth Discipline)Mental models (The Fifth Discipline)
Mental models (The Fifth Discipline)
 
Introduction to Systems Thinking
Introduction to Systems ThinkingIntroduction to Systems Thinking
Introduction to Systems Thinking
 
Audit Of Business Systems With Checklist Powerpoint Complete Deck
Audit Of Business Systems With Checklist Powerpoint Complete DeckAudit Of Business Systems With Checklist Powerpoint Complete Deck
Audit Of Business Systems With Checklist Powerpoint Complete Deck
 
Business Value of Agile Methods: Using ROI & Real Options
Business Value of Agile Methods: Using ROI & Real OptionsBusiness Value of Agile Methods: Using ROI & Real Options
Business Value of Agile Methods: Using ROI & Real Options
 
Pod handler
Pod handlerPod handler
Pod handler
 
Building Wealth
Building WealthBuilding Wealth
Building Wealth
 
Problem solving skills
Problem solving skillsProblem solving skills
Problem solving skills
 
Current State Vs Future State Info Graphics
Current State Vs Future State Info GraphicsCurrent State Vs Future State Info Graphics
Current State Vs Future State Info Graphics
 
Digital Change PowerPoint Presentation Slides
Digital Change PowerPoint Presentation Slides Digital Change PowerPoint Presentation Slides
Digital Change PowerPoint Presentation Slides
 
Vuca Victims And Vuca Masters
Vuca Victims And Vuca MastersVuca Victims And Vuca Masters
Vuca Victims And Vuca Masters
 
Self Introduction Model PowerPoint Presentation Slides
Self Introduction Model PowerPoint Presentation SlidesSelf Introduction Model PowerPoint Presentation Slides
Self Introduction Model PowerPoint Presentation Slides
 
Decision making & cynefin framework
Decision making & cynefin framework Decision making & cynefin framework
Decision making & cynefin framework
 
Developing Project Management Leadership
Developing Project Management LeadershipDeveloping Project Management Leadership
Developing Project Management Leadership
 
Summary Of Accomplishments PowerPoint Presentation Slides
Summary Of Accomplishments PowerPoint Presentation SlidesSummary Of Accomplishments PowerPoint Presentation Slides
Summary Of Accomplishments PowerPoint Presentation Slides
 
Transformation Plan Powerpoint Presentation Slides
Transformation Plan Powerpoint Presentation SlidesTransformation Plan Powerpoint Presentation Slides
Transformation Plan Powerpoint Presentation Slides
 
Worst PPT Presentation Ever
Worst PPT Presentation EverWorst PPT Presentation Ever
Worst PPT Presentation Ever
 

Destacado

Frame Your Campaign To Win
Frame Your Campaign To WinFrame Your Campaign To Win
Frame Your Campaign To WinResource Media
 
YSJ CPD Framework, UKPSF and Mahara ePortfolios
YSJ CPD Framework, UKPSF and Mahara ePortfoliosYSJ CPD Framework, UKPSF and Mahara ePortfolios
YSJ CPD Framework, UKPSF and Mahara ePortfoliosPhil Vincent
 
Layers and meaning: reflections on digitality
Layers and meaning: reflections on digitalityLayers and meaning: reflections on digitality
Layers and meaning: reflections on digitalityJenny Weight
 
Both necessity and arbitrariness of the sign: information
Both necessity and arbitrariness of the sign: informationBoth necessity and arbitrariness of the sign: information
Both necessity and arbitrariness of the sign: informationVasil Penchev
 
Ontological and historical responsibility. The condition of possibility
Ontological and historical responsibility. The condition of possibilityOntological and historical responsibility. The condition of possibility
Ontological and historical responsibility. The condition of possibilityVasil Penchev
 
Creativity reframed in a loaf of bread!!!
Creativity reframed in a loaf of bread!!!Creativity reframed in a loaf of bread!!!
Creativity reframed in a loaf of bread!!!Hema Singh
 
Phil Vincent TELIC Introduction
Phil Vincent TELIC IntroductionPhil Vincent TELIC Introduction
Phil Vincent TELIC IntroductionPhil Vincent
 
E opowerpointblackhatfinal
E opowerpointblackhatfinalE opowerpointblackhatfinal
E opowerpointblackhatfinalMatt Kendall
 
Legal Aspects of Social Media
Legal Aspects of Social MediaLegal Aspects of Social Media
Legal Aspects of Social MediaPhil Vincent
 
"Possible Worlds and Substances“ by Vladislav Terekhovich
"Possible Worlds and Substances“ by Vladislav Terekhovich"Possible Worlds and Substances“ by Vladislav Terekhovich
"Possible Worlds and Substances“ by Vladislav TerekhovichVasil Penchev
 
Four Frames of Leadership - Cohort 14
Four Frames of Leadership - Cohort 14Four Frames of Leadership - Cohort 14
Four Frames of Leadership - Cohort 14Nicole Williams
 
A Formal Model of Metaphor in Frame Semantics
A Formal Model of Metaphor in Frame SemanticsA Formal Model of Metaphor in Frame Semantics
A Formal Model of Metaphor in Frame SemanticsVasil Penchev
 
Dynamic presentations lisa akesson 2017
Dynamic presentations lisa akesson 2017Dynamic presentations lisa akesson 2017
Dynamic presentations lisa akesson 2017Matt Kendall
 
Twitter for Training
Twitter for TrainingTwitter for Training
Twitter for TrainingPhil Vincent
 
19th Annual SEDA Conference - Open Badges Workshop
19th Annual SEDA Conference - Open Badges Workshop19th Annual SEDA Conference - Open Badges Workshop
19th Annual SEDA Conference - Open Badges WorkshopPhil Vincent
 
Preliminary Revision
Preliminary RevisionPreliminary Revision
Preliminary Revisionsmoky_stu
 

Destacado (20)

Frame Your Campaign To Win
Frame Your Campaign To WinFrame Your Campaign To Win
Frame Your Campaign To Win
 
YSJ CPD Framework, UKPSF and Mahara ePortfolios
YSJ CPD Framework, UKPSF and Mahara ePortfoliosYSJ CPD Framework, UKPSF and Mahara ePortfolios
YSJ CPD Framework, UKPSF and Mahara ePortfolios
 
Layers and meaning: reflections on digitality
Layers and meaning: reflections on digitalityLayers and meaning: reflections on digitality
Layers and meaning: reflections on digitality
 
Both necessity and arbitrariness of the sign: information
Both necessity and arbitrariness of the sign: informationBoth necessity and arbitrariness of the sign: information
Both necessity and arbitrariness of the sign: information
 
Ontological and historical responsibility. The condition of possibility
Ontological and historical responsibility. The condition of possibilityOntological and historical responsibility. The condition of possibility
Ontological and historical responsibility. The condition of possibility
 
Creativity reframed in a loaf of bread!!!
Creativity reframed in a loaf of bread!!!Creativity reframed in a loaf of bread!!!
Creativity reframed in a loaf of bread!!!
 
Phil Vincent TELIC Introduction
Phil Vincent TELIC IntroductionPhil Vincent TELIC Introduction
Phil Vincent TELIC Introduction
 
E opowerpointblackhatfinal
E opowerpointblackhatfinalE opowerpointblackhatfinal
E opowerpointblackhatfinal
 
Interesting talks
Interesting talksInteresting talks
Interesting talks
 
Legal Aspects of Social Media
Legal Aspects of Social MediaLegal Aspects of Social Media
Legal Aspects of Social Media
 
"Possible Worlds and Substances“ by Vladislav Terekhovich
"Possible Worlds and Substances“ by Vladislav Terekhovich"Possible Worlds and Substances“ by Vladislav Terekhovich
"Possible Worlds and Substances“ by Vladislav Terekhovich
 
Four Frames of Leadership - Cohort 14
Four Frames of Leadership - Cohort 14Four Frames of Leadership - Cohort 14
Four Frames of Leadership - Cohort 14
 
A Formal Model of Metaphor in Frame Semantics
A Formal Model of Metaphor in Frame SemanticsA Formal Model of Metaphor in Frame Semantics
A Formal Model of Metaphor in Frame Semantics
 
Dynamic presentations lisa akesson 2017
Dynamic presentations lisa akesson 2017Dynamic presentations lisa akesson 2017
Dynamic presentations lisa akesson 2017
 
Twitter for Training
Twitter for TrainingTwitter for Training
Twitter for Training
 
Melbourne noir
Melbourne noirMelbourne noir
Melbourne noir
 
Open Badges
Open BadgesOpen Badges
Open Badges
 
19th Annual SEDA Conference - Open Badges Workshop
19th Annual SEDA Conference - Open Badges Workshop19th Annual SEDA Conference - Open Badges Workshop
19th Annual SEDA Conference - Open Badges Workshop
 
Preliminary Revision
Preliminary RevisionPreliminary Revision
Preliminary Revision
 
SLR Cameras
SLR CamerasSLR Cameras
SLR Cameras
 

Similar a Social Engineering: Frames and Frame Control

Trust from a Human Computer Interaction perspective
Trust from a Human Computer Interaction perspective Trust from a Human Computer Interaction perspective
Trust from a Human Computer Interaction perspective Sónia
 
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Kimberley Dray
 
Feldman1psychlife ppt ch12
Feldman1psychlife ppt ch12Feldman1psychlife ppt ch12
Feldman1psychlife ppt ch12coutsron
 
CSA Fall Summit 2017
CSA Fall Summit 2017CSA Fall Summit 2017
CSA Fall Summit 2017Chad Hoffmann
 
Enterprise social networking v1.2
Enterprise social networking v1.2Enterprise social networking v1.2
Enterprise social networking v1.2James Sutter
 
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...i_scienceEU
 
Ppt perception and individual Decision Making
Ppt perception and individual Decision MakingPpt perception and individual Decision Making
Ppt perception and individual Decision MakingDeni Triyanto
 
The Best from the UX Summit in Chicago
The Best from the UX Summit in ChicagoThe Best from the UX Summit in Chicago
The Best from the UX Summit in ChicagoLina Angel
 
Sorry, Your Mum Is Not a Valid Test Participant
Sorry, Your Mum Is Not a Valid Test ParticipantSorry, Your Mum Is Not a Valid Test Participant
Sorry, Your Mum Is Not a Valid Test ParticipantMichael Rawling
 
SRVision 2019, Utrecht: Swarming and Cynefin
SRVision 2019, Utrecht: Swarming and CynefinSRVision 2019, Utrecht: Swarming and Cynefin
SRVision 2019, Utrecht: Swarming and CynefinJon Stevens-Hall
 
Simone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trustSimone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trustnois3
 
Enterprise Data World Webinar: A Strategic Approach to Data Quality
Enterprise Data World Webinar: A Strategic Approach to Data Quality Enterprise Data World Webinar: A Strategic Approach to Data Quality
Enterprise Data World Webinar: A Strategic Approach to Data Quality DATAVERSITY
 
Oscon2015 150724001540-lva1-app6891
Oscon2015 150724001540-lva1-app6891Oscon2015 150724001540-lva1-app6891
Oscon2015 150724001540-lva1-app6891Gerald Mayfield
 
Building a Successful Organization By Mastering Failure
Building a Successful Organization By Mastering FailureBuilding a Successful Organization By Mastering Failure
Building a Successful Organization By Mastering Failurejgoulah
 
Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...
Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...
Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...Jon Stevens-Hall
 
A design space for Trust-enabling Interaction Design
A design space for Trust-enabling Interaction DesignA design space for Trust-enabling Interaction Design
A design space for Trust-enabling Interaction DesignSónia
 
Communication and Its Barrier (Google)
Communication and Its Barrier (Google)Communication and Its Barrier (Google)
Communication and Its Barrier (Google)Pulkit Bordia
 
Session 4 - Lectures in Leadership (Relating).pptx
Session 4 - Lectures in Leadership (Relating).pptxSession 4 - Lectures in Leadership (Relating).pptx
Session 4 - Lectures in Leadership (Relating).pptxssuserde1c26
 

Similar a Social Engineering: Frames and Frame Control (20)

Trust from a Human Computer Interaction perspective
Trust from a Human Computer Interaction perspective Trust from a Human Computer Interaction perspective
Trust from a Human Computer Interaction perspective
 
Lessons from lockdown webinar, 8 September 2020
Lessons from lockdown webinar, 8 September 2020Lessons from lockdown webinar, 8 September 2020
Lessons from lockdown webinar, 8 September 2020
 
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
 
Feldman1psychlife ppt ch12
Feldman1psychlife ppt ch12Feldman1psychlife ppt ch12
Feldman1psychlife ppt ch12
 
CSA Fall Summit 2017
CSA Fall Summit 2017CSA Fall Summit 2017
CSA Fall Summit 2017
 
Enterprise social networking v1.2
Enterprise social networking v1.2Enterprise social networking v1.2
Enterprise social networking v1.2
 
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
Social life in digital societies: Trust, Reputation and Privacy EINS summer s...
 
Ppt perception and individual Decision Making
Ppt perception and individual Decision MakingPpt perception and individual Decision Making
Ppt perception and individual Decision Making
 
The Best from the UX Summit in Chicago
The Best from the UX Summit in ChicagoThe Best from the UX Summit in Chicago
The Best from the UX Summit in Chicago
 
Sorry, Your Mum Is Not a Valid Test Participant
Sorry, Your Mum Is Not a Valid Test ParticipantSorry, Your Mum Is Not a Valid Test Participant
Sorry, Your Mum Is Not a Valid Test Participant
 
Social engineering and indian jugaad
Social engineering and indian jugaadSocial engineering and indian jugaad
Social engineering and indian jugaad
 
SRVision 2019, Utrecht: Swarming and Cynefin
SRVision 2019, Utrecht: Swarming and CynefinSRVision 2019, Utrecht: Swarming and Cynefin
SRVision 2019, Utrecht: Swarming and Cynefin
 
Simone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trustSimone Borsci - Deceptive design, user experience and trust
Simone Borsci - Deceptive design, user experience and trust
 
Enterprise Data World Webinar: A Strategic Approach to Data Quality
Enterprise Data World Webinar: A Strategic Approach to Data Quality Enterprise Data World Webinar: A Strategic Approach to Data Quality
Enterprise Data World Webinar: A Strategic Approach to Data Quality
 
Oscon2015 150724001540-lva1-app6891
Oscon2015 150724001540-lva1-app6891Oscon2015 150724001540-lva1-app6891
Oscon2015 150724001540-lva1-app6891
 
Building a Successful Organization By Mastering Failure
Building a Successful Organization By Mastering FailureBuilding a Successful Organization By Mastering Failure
Building a Successful Organization By Mastering Failure
 
Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...
Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...
Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...
 
A design space for Trust-enabling Interaction Design
A design space for Trust-enabling Interaction DesignA design space for Trust-enabling Interaction Design
A design space for Trust-enabling Interaction Design
 
Communication and Its Barrier (Google)
Communication and Its Barrier (Google)Communication and Its Barrier (Google)
Communication and Its Barrier (Google)
 
Session 4 - Lectures in Leadership (Relating).pptx
Session 4 - Lectures in Leadership (Relating).pptxSession 4 - Lectures in Leadership (Relating).pptx
Session 4 - Lectures in Leadership (Relating).pptx
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Último (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Social Engineering: Frames and Frame Control

  • 1. Social Engineering: Frames, Framing, and Frame Control Mike Murr mike@socialexploits.com http://www.socialexploits.com http://www.twitter.com/SocialExploits
  • 2. What This Talk is About • Framing – Constructs used to give meaning to information – Defining the current situation (“here and now”) – Cognitive context • Fundamental to social engineering – Control the frame, control the meaning of an interaction – Messages are dependent on meaning • And consequently emotions • A hacker stole your PII, We lost your PII, Your PII was lost Social Engineering: Framing and Frame Control – © Social Exploits 2010 2
  • 3. Social Engineering • Social engineering is persuasion – Goal is to affect behavior – Increase likelihood of compliance – More than pretending to be help desk – Not reconnaissance • This is not mind control – Nothing is 100% effective, always have free will – People can accept or reject frames – Still highly effective though • Ethics (is a relative term) – These are tools – How you use the tools is your decision – Reflection of character – Personal responsibility Social Engineering: Framing and Frame Control – © Social Exploits 2010 3
  • 4. Frames • Frames are constructs used to give meaning – Personal interpretation – Highlight certain aspects, ignore others – Each person has their own • Frame constructs (not exhaustive) – Beliefs • “Design” of the frame • Cultural, Biological, Life Experience – Mental models of reality • Help organize thoughts, set expectations • Defines boundaries (what is emphasized and ignored) • Form the “shape” of the frame • A representation / implementation of beliefs Social Engineering: Framing and Frame Control – © Social Exploits 2010 4
  • 5. Framing • Framing (to frame, set a frame, etc.) – Asserting a frame – Persuade others to accept our frame over theirs • Metaframe – Focused more on underlying aspects of situation (or beliefs) – Also known as master frames • Reframe – Assert a new frame over an existing frame • People often play frame games – Get others to accept / understand a frame – Can relate to power or influence (controlling meaning) – Natural part of interpersonal communication Social Engineering: Framing and Frame Control – © Social Exploits 2010 5
  • 6. Communicating a Frame • 3 major components – Linguistic, paralinguistic, nonverbals • Nonverbals (and paralinguistic) are key – Play a majority role of a message’s influence • Often trusted more than verbal • More difficult to fake – Various tactics to hold attention • What we focus on sets the frame • Strong facial expressions • Varied tone / tempo • Hand gestures / movement (esp. large ones) Social Engineering: Framing and Frame Control – © Social Exploits 2010 6
  • 7. Sources for Frames • Useful for identifying elements of influential frames • Cultural – Collectivist vs. individualist – Familiar ideas and concepts • Biological – Primal and evolutionary motivations – Strong emphasis around survival and replication • Mental models – Pay attention to what people say (and how they say it) – Note attributes / properties / characteristics Social Engineering: Framing and Frame Control – © Social Exploits 2010 7
  • 8. Linguistic Tools (1) Social Engineering: Framing and Frame Control – © Social Exploits 2010 8 Relating Frames Metaphors • Frames resemble each other (not literally) • A firewall is a security guard at the front door Analogies • Useful for emphasizing similarities • Frames elements are similar • Can be used to suggest agreements in areas not explicitly stated • An IDS is like a “computer burglar alarm” Contrast • Useful for emphasizing differences • Frames do not agree • Can be used as motivation / rationale for new behavior • Unlike an IDS which can only detect, an IPS can block traffic
  • 9. Linguistic Tools (2) Social Engineering: Framing and Frame Control – © Social Exploits 2010 9 Framing Content Feeling • Describes frames in terms of emotions • I hate a poorly tuned IDS Stories • Uses a narrative to set the frame • Often has a theme or metaphor basis • Tell a story about how an IDS prevent an incident and saved $$$ Spin • Describes a frame in terms of positive or negative • Similar to emotional valence • An IPS is a great way to detect and respond to incidents Jargon • Describes a frame using familiar terminology • Using terms such as Asset Value, ALE, SLE, ROI, etc.
  • 10. Linguistic Tools (3) Social Engineering: Framing and Frame Control – © Social Exploits 2010 10 Framing Structure Argument • Frame in terms of rationale • Supported by evidence • Our anti-virus costs the least, offers the most features Categorizing • Describe frame in terms of included or excluded categories • This isn’t your parent’s anti-virus, it’s enterprise grade Repetition • Emphasize aspects of frame by repeating specific elements • Protect, Protect, Protect, that’s what our anti-virus does for your data Lists • Organize content into easy to remember chunks • Often three elements • We can sum up our anti-virus in three words: Safe, Fast, Reliable
  • 11. Useful Frames: Interpersonal Social Engineering: Framing and Frame Control – © Social Exploits 2010 11 Being helpful • You are helping them • Offer help • They are helpful people • Ask them to help you out Avoiding blame • Provides emotional justification for behavior • Can make accepting related frames easier Team members • Working towards a common goal • Can solidify using “us vs. them”
  • 12. Useful Frames: “Cialdini 6” Social Engineering: Framing and Frame Control – © Social Exploits 2010 12 •Tend to be influenced by authority positions •Vendor XYZ is the international leader in host-based IDS Authority •We tend to be influenced by those we like •Sales person identifies similar hobbies / interests Liking •Looking to others to determine correct behavior •Government agencies worldwide use our software Social Proof •Value is tied to (lack of) availability •Only available to select enterprise customers Scarcity •Obligation to return what others provide (favors) •Vendor buys lunch Reciprocity •Pressure to remain consistent with prior commitments •You’ve already stated information protection is a top concern Commitment and Consistency
  • 13. Useful Frames: General Social Engineering: Framing and Frame Control – © Social Exploits 2010 13 Simplifying • Reduce complexity • Easier to understand Loss Aversion • Loss is a stronger motivator than potential to gain • Depends on relative value Credibility • Increases believability • Emphasis on truth and what is real Certainty • People crave certainty • Provides stability, clarity • Increases trust • Facilitates rapport • Reduces unknown
  • 14. Frame Warfare (1) Social Engineering: Framing and Frame Control – © Social Exploits 2010 14 • Understand a person’s interpretation • Doesn’t guarantee acceptance of a frame Acknowledging a frame • Hold an interpretation as true • Leads to persuasion • Implies understanding a frame Accepting a frame • Refuse to accept an interpretation as true • May or may not understand a frame Rejecting (denying) a frame
  • 15. Frame Warfare (2) Social Engineering: Framing and Frame Control – © Social Exploits 2010 15 • Merge interpretations together • Accepting one can lead to accepting the other • This is an art Combining frames • Link interpretations together • Frames agree and are related • Traditionally associated w/politics • Useful for transitioning frames • Useful for behavior motivation Aligning frames
  • 16. Frame Alignment Patterns Social Engineering: Framing and Frame Control – © Social Exploits 2010 16 Bridging •Frames are similar in basis, different in specifics •Data theft is on the rise, maintain personal freedom, buy our id. product Amplification •Increase focus or emphasis on what is important •Simultaneously decreases emphasis on other points •Provide a safe learning environment for your family, buy our firewall Extension •Increase the “boundaries” of the frame •This anti-virus can help protect your id. by stopping malware Transformation •Use existing elements with a new frame •Change frame by replacing meaning of elements •This “little malware incident” demonstrates people are the cause of problems •They can’t be trusted •Our IPS fixes human problems
  • 17. Reframing Patterns (1) Change intent behind behavior • Remove a firewall rule to facilitate a business process Redefine by using similar words • Different meaning / implication • Data theft vs. data loss Change specificity (chunk size) • Increase • Our detection mechanisms alerted us in real time • Decrease • On the whole, this is part of the cost of running a business Social Engineering: Framing and Frame Control – © Social Exploits 2010 17
  • 18. Reframing Patterns (2) Change context • Changing scope / size • Only lost information on 1% of our customers • Changing environment • Data was copied from one machine to another • Change role / perspective • We are helping protect our customers by working with law enforcement to help locate, arrest, and convict the suspect Alternating Frames • Switch between frames • Meet unrelated / opposite goals • Blame someone else, and accept responsibility Social Engineering: Framing and Frame Control – © Social Exploits 2010 18
  • 19. Building Your Framing Skills Understanding •Reading •Thinking •General learning Observation •Observe and analyze your and others’ frames Priming • Mental preparation • Conscious thought influences unconscious response Infield Work • Assert frames • Assess reactions and changes Reflection • Keep a journal • Look for patterns Social Engineering: Framing and Frame Control – © Social Exploits 2010 19
  • 20. Parting Thoughts • Useful beyond just social engineering – Interpersonal communication – Vital component of leadership • “Through framing, we create the realities to which we must then respond” – Fairhurst 2010 Social Engineering: Framing and Frame Control – © Social Exploits 2010 20
  • 21. Books (1) • The Power of Framing (Fairhurst) • Introducing NLP (O’Connor) • Sleight of Mouth (Dilts) • Mind-Lines (Hall) • Influence: Science and Practice (Cialdini) Social Engineering: Framing and Frame Control – © Social Exploits 2010 21
  • 22. Books (2) Social Engineering: Framing and Frame Control – © Social Exploits 2010 22
  • 23. Questions? • Feel free to email me at mike@socialexploits.com • Blog: www.socialexploits.com • Twitter: twitter.com/SocialExploits • Upcoming conferences – Next conference: SANS London 2010 Social Engineering: Framing and Frame Control – © Social Exploits 2010 23