Skip to main content
Principles of Influence

Scarcity and The Social Engineer

By January 27, 2014No Comments

Scarcity

To understand how scarcity works for the social engineer, let’s first look at the concept in social psychology.  It is described as people’s tendency to place a higher value on resources that are not in great supply. Marketing often tries to exploit this phenomenon by promoting the idea of scarcity in their sales and specials and a good example of this ploy’s success is the frenzy that is Black Friday. 141 million people shopped on Black Friday in 2013­-the U.S. population is roughly 315 million.

We have seen the carnage unfold on the news as shoppers compete for limited goods in a limited amount of time. In this instance, both time and items are made scarce, compelling many bargain seekers to get up before dawn and stampede through each other with sometimes freakish aggression. Whatever one might want to achieve by utilizing scarcity, it’s clear that people can be steered by their belief in and fear of shortage.

Is It Just For Shopping?

Since scarcity can be applied to anything that people value, it is an effective influencing tool. Even if there is not actually any shortage or limit to a certain resource, if you can make someone believe that there is, you can create a situation favorable to your aims. The anxiety and hope created by the impending acquisition can cloud the reason and behavior of individuals that want what you have.

Social proof can play a role in the effect scarcity has on people as well. When many people begin to want something, this desire can often gain momentum, which speeds up an actual shortage or fuels fears of a perceived shortage. In the video below the announcer uses language designed to play on collector’s fears about missing out…”avoid disappointment and future regret.” He’s just looking out for you, you know?

Finally, it’s important to stress that scarcity does not always have to apply to “real” items. Time and attention are also things that easily become commodities depending on their value to the target.  Don’t miss out on the chance to use this valuable tool!  Social engineers know this and have figured out that by using scarcity, they can get people to “take an action that is NOT in their best interest.”

As professional social engineers, we employ creative uses of scarcity and what we have found is that it can be a powerful form of influence in a social engineering engagement.

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now