Over the span of 23 years and 44 seasons, the reality television show Survivor is perhaps one of the greatest and most iconic social experiments of all time. At least to me it is. In case you’re not familiar with Survivor, I’ll provide a brief summary. In the show, 16-20 random strangers are stranded on a deserted island and forced to work together to survive. While braving the elements they compete in various physical or mental challenges. At the same time, they are voting people off the island one by one. At the end of each season, only one player can earn the million-dollar prize and the title of sole survivor.
Different Facets to the Game
There are different facets to the game. If you were to ask a Survivor fan what they think the most important facet is to get far, you’ll likely get very mixed answers. Some say that the physical portion of the game is the most important, such as with winning challenges. Others think that the strategic game is the most important. For instance, crunching numbers and knowing who to vote off and when. Though these two facets are important in getting further than most, the third facet is perhaps the most important…and that is the social game. At its core, Survivor is a social experiment. In fact, taking this one step further…you could say that Survivor is in essence, a social engineering experiment.
As a professional social engineer, I’ve come to appreciate the power of the social game even more and have analyzed how good players use it to their advantage. Some of the rapport building techniques and influence tactics I use on a daily basis often parallel the ones used in a game, such as Survivor. In this article, I’ll break down a couple of those methods and the similarities in connection to my work in vishing (voice phishing).
Rapport Building Techniques
In a game like Survivor, contestants need to build rapport and trust with their tribemates. This is fundamental to getting further in the game. There are many methods a player can choose to build a connection with a teammate. Similarly, when vishing for clients, building trust with a target is very important. It will often increase your chances of getting the information you want while on the job. Here are some of the techniques I use in my job that are also valuable on Survivor:
Validate others
This technique is very useful in building rapport. People typically respond well to others who demonstrate they value and respect them. This can be done by showing your attention is undivided, listening sincerely when they speak, and validating what they have said. Even complimenting the other person is very effective.
One of the best “validating qualities” to have in Survivor is being a good listener. This helps in building relationships and bonds with fellow tribemates. In fact, being a good listener is very important throughout the time on the island. These bonds build trust, which is like currency in the game. If your tribemates trust you, they will likely be more open to working with you and not vote you out. At least for the time being.
Validating while vishing
Similarly, validating others can be a huge advantage when vishing for a client. When conversing with a target, listening to every detail they mention is very important. Perhaps they mentioned they are behind on their work or annoyed at the new boss. Taking the time to validate their feelings shows them we are listening. It builds trust with the target and makes us more likeable. If the target feels they can trust us, they may be more likely to divulge sensitive information that they normally would never give out. With sensitive data, like their usernames or passwords, we can now gain access to internal systems. This scenario shows how a malicious attacker could compromise a target and breach security defenses.
Ego Suspension
A common human trait is that people like to be right, or at least feel like they are. Many also like to feel like they have a measure of control in a given situation. The technique of ego suspension does essentially what it is called. It involves suspending your ego. As a result, the person you are speaking to does not view you as a threat to their own ego. This may help someone to feel more open to your requests when you speak to them.
In Survivor, there are often many big personalities jumbled together as it makes for great television. Navigating around and working with these can be a challenge for many contestants. This is especially the case as emotions run high from lack of sleep, food, etc. Sometimes biting your tongue or letting someone else take the driver seat is more important in a game like Survivor. This avoids ruffling the feathers of fellow tribemates, when even a small inconvenience could be the difference between someone working with you or plotting against you.
Ego suspension and vishing
When it comes to vishing, ego suspension is a very powerful tool when speaking with a target. We never know what the person may be like on the other end. Sometimes we come across employees that may challenge what we say or a supervisor/manager that just wants to feel respected. I’ve had to use ego suspension many times in cases like this. Sometimes just saying, “I don’t know, I’m just doing what my manager said,” is better than trying to find the “perfect response” or correcting them. Presenting yourself as a compliant employee and giving the target the respect, they desire is better than challenging their authority.
Influence Techniques
In Survivor, it is important to cash in on the trust you’ve built with your tribemates. Use it to your advantage without being blatantly obvious, of course. As social engineers, we try to follow up on the trust we’ve built with our target in a similar way. We emulate the methods a malicious attacker may use to influence their target in the real world…but in an ethical manner. Using certain influence techniques makes this process a lot easier.
Obligation
Obligation has to do with actions one feels they need to take due to some sort of social, legal, or moral requirement, duty, contract, or promise. A sense of obligation can be created with something as little as a compliment to a legitimate act of service on another person’s behalf. Once this is created, the other person may feel compelled to take some sort of action to reciprocate.
In Survivor, obligation can be used in multiple ways, but it’s important for it to be executed carefully. Often a contestant will find themselves voting alongside a tribemate they’ve built trust with. By voting the direction their tribemate wanted, a contestant could create a sense of obligation. Then, that tribemate may feel compelled to vote in their direction the next time.
Contestants have also tried to use obligation by choosing carefully who to take on a reward with them, such as a spa day or banquet. They do this hoping to get in their tribemate’s good graces, and to be paid back by not voting them out. Obligation must be used carefully though, as it can easily backfire. A contestant should be careful to not sell too hard the sense of obligation, as if forcing it. It is most effective if they can influence their tribemate in a way that they come to that conclusion on their own.
The role of obligation in vishing
Similarly, using obligation on a vishing call should be done with skill. Even something as small as a compliment or treating your target kindly can be enough to create a sense of obligation. However, if done incorrectly, it can come across as insincere or fake. A common way to use obligation on a vishing call is by way of “reverse social engineering”. It may first involve convincing the target of a “problem” they have that they’re unaware of. Perhaps an unknown error with their computer. Then the caller presents themselves as the “savior” to the target’s problem. They may pose as an authority figure from IT who can remedy the situation. By presenting themselves as the solution the target didn’t know they needed, a sense of obligation is created. Then, the target may be more willing to comply with the caller to show their gratitude.
Social Proof
This influence tactic plays on the psychological phenomenon that occurs when people are in unfamiliar situation and mirror the behavior of others or the masses. A person may assume that a “popular decision” amongst a larger majority must be the correct decision. Think of it like the bandwagon effect.
In a game like Survivor, no one wants to be left out of the majority. If you are, it could mean you’re on the chopping block and might be going home. Therefore, social proof is a powerful tool that can be used to convince the other contestants that you have the numbers and get them to vote in your direction, even if that is not necessarily true. Social proof can also come in handy by making a tribemate feel they are with the majority, while secretly plotting to vote them out. Both uses of this influence tactic are found many times in the show.
Vishing and social proof
In a vishing call, a social engineer can use social proof to feed their target information that they want them to believe is socially acceptable. For example, if we pose as an HR rep, we could convince the target that the rest of their department has “already taken a survey,” and they are simply next on our list. Often, this is enough to pacify any concern the target may have, as the idea of making the “popular decision” leaves them feeling comfortable with the call.
Leave them feeling better
At Social-Engineer LLC, a motto we constantly keep at the forefront is “Leave them feeling better for having met you.” As professional social engineers, it is important to stay true to a code of ethics when we make vishing calls. This involves not using fear tactics or threats. In fact, we do everything in our power to make sure our target feels good when they end the call. This promotes a better atmosphere for education and training rather than a slap on the wrist. Our hope is that, even if our target later finds out they didn’t pass the test, we at least left them feeling better for having met us.
Our motto and Survivor
Believe it or not, this motto is also very important for a good Survivor player. It may be a game of backstabbing or deceit on the surface, but it’s also a game about building relationships. The beauty of the game is that once there are only 2-3 contestants left standing, the winner of a season is determined by the 7-8 contestants most recently voted out! They make up what is known as “The Jury,” and thus another big part of Survivor is known as “Jury Management.” This involves keeping track of who was sent to The Jury (voted out) and how they were treated.
Inevitably, a contestant will likely have betrayed more than a handful on The Jury, either advertently or inadvertently. This is why “leaving them feeling better for having met you” is such an important idea for any Survivor player to keep in mind. How did they treat the people they voted out? Did they deliberately make promises they knew they couldn’t keep? In my opinion, this is why the social game mentioned earlier is the most important. A physical player can win their way to the end. A strategic player can calculate or backstab their way to the end. But none of that matters if The Jury simply doesn’t like them as much as the other contestants they’re sitting next to. By building relationships and leaving the people they vote out “feeling better,” contestants can increase their chances of winning if they make it to the finals.
Conclusion
Reality television and the job of a professional social engineer may seem like two totally different worlds. That being said, seeing the overlap between them in entertainment (from television to movies) is an amusing way to become more familiar with the tactics of social engineering. It also puts into perspective how these tactics may be used in the real world. As we become aware of them, we may even start to pick up on people who try to use these tactics on us!
When it comes to the techniques we discussed in reference to Survivor, they are not a guarantee of a contestant getting further in the game, just as they don’t guarantee a vishing call to go the way we want as professionals. The social experiment is full of all sorts of unpredictability, and sometimes it just comes down to the luck of the draw. However, using the tactics we talked about can most certainly increase a contestant’s chances. This has been the case for many players that have won the game. It can help them find their footing and bring them one step closer to outwitting, outplaying, and outlasting, all the rest.
In the real world, malicious actors use many of the techniques discussed in this article to deceive their target. Just one unsuspecting victim of social engineering could compromise sensitive data and easily bring down an entire company. This is why, at Social-Engineer LLC, we simulate attacks that real, malicious actors make to give our clients an accurate representation of what to protect themselves against. Through proper training and education, they can help their employees to safeguard themselves against being influenced by a malicious party. You can learn about how real-life attackers use these methods and what we can do to protect ourselves using the Social Engineering Framework.
Written by: Josten Peña
Images:
https://www.etonline.com/sites/default/files/styles/max_1280x720/public/images/2020-03/115093_32791b.jpg?h=cad4df64&itok=JhOHZxUg
https://wwwimage-tve.cbsstatic.com/base/files/106307_d09378b.jpg
https://www.tvinsider.com/wp-content/uploads/2022/12/survivor-43-jury-1003×570.jpg