top of page

What do these shoes have to do with Cybersecurity?

  • Writer: Anna Collard
    Anna Collard
  • Nov 2, 2021
  • 4 min read

Updated: May 9, 2022


Nothing really.

However, they do link to a story about human emotions and particularly how flattery is really effective as a psychological lever used by con artists to get their marks participating in their scams.


Let me tell you what happened…


I bought these shoes just a few weeks ago and really like them a lot. (For anyone who cares: yes I admit they are not the real Golden Goose, but a much cheaper South African rip-off version. Don’t judge me please.)


A week ago, after a lovely lunch with one of our clients, - my first face-to-face meeting with customers in 18 months - I walked past a supermarket feeling pretty happy with myself and the world. I was not rushed, nor stressed, or anxious, just generally in a pretty good space.


So when this young guy called out to me “Hey nice shoes” I instantly felt flattered because as mentioned above, I really love these shoes. Receiving his compliment, made me stop and say thanks. The young man had light brown hair, was very skinny, and was well dressed. At first glance, he appeared like a European tourist, so when he asked where I got them from I happily supplied the details of the local store. He nodded and complimented me some more and then came a bit closer and in a serious voice asked:

“Tell me, are you judgmental?”

Here he directly linked into my ego again, because obviously, I don’t want to be seen as “judgmental”. By protesting that no, I don’t consider myself so, I believe he also framed my mind to switch off my “judgmental” or critical thinking. But that’s just a theory.


He then proceeded to tell me a sad story about how he just recently came out and that his highly conservative parents threw him out of the house. That he’s been living on the streets and hasn’t eaten anything proper in days and that he would give anything for a bottle of coca-cola. Feeling bad for him, but not willing to give him any money I offered to buy him some food in the supermarket. He was really polite and seemed genuinely grateful so I agreed to pay for some of the essentials he needed. In we went together.


At some point, I felt a bit uncomfortable as he came a bit too close to me and invaded my personal space, but I’m generally quite sensitive to this, so discounted this feeling as my own issue. He started loading his basket with more and more stuff. After about 10 minutes, I realized he was taking advantage, but at that point, I was so deep into it that I couldn’t admit this to myself. I also didn’t want to cause a scene, so just asked him to hurry up so I could get back to work. Begrudgingly, I paid way more than I would have ever given him in cash. As I walked out the door I realized he took me for a ride and probably also tried to steal my phone when he came so uncomfortably close to me and my handbag.


On my walk back to the office, I reflected on this bizarre experience and realized that I just fell for a typical street con. And this despite me preaching security awareness for a living. I felt like a double face-palm was in order.

So what did I do wrong here?

  1. Firstly, he got me through plain old flattery. Flattering our ego is a good way to build rapport. Rapport building is one of the techniques social engineers use to get us to lower our inhibitions and make us trust them. Note to self: receiving compliments about shoes is obviously a weakness I have and which I should watch out for more.

  2. Interestingly enough, another way of creating rapport and trust is by sharing (or pretending to share) something personal or private. When someone confesses something to you, it releases oxytocin (the cuddle, feel-good hormone) and makes us more likely to share something in return. This is a very common and effective technique used by social engineers.

  3. He caught me in a moment of relaxation. This I found quite interesting, as we often warn that people are most likely to be tricked when stressed or anxious. When it comes to “empathy” feeling rushed highly influences how we react. According to the famous seminary experiment about the Good Samaritans: “The amount of "hurriedness" induced in the subject has a major effect on helping behaviour”. In simple terms, if I was more in a rush or more stressed to make it back to the office on time, I probably would have just waved him off.

  4. I felt something wasn’t right but I was so deep in it, that I was too ashamed or embarrassed to stop it. Apparently, this happens to a lot of victims and scammers work with that. Having to admit to ourselves that we are being scammed, is a big hit to our ego. We don’t like being seen as stupid, so we rather play along.


What I find interesting is that I should know a lot of this stuff as it is literally my job to warn people about these types of tricks, yet I still fell for it. Changing security culture or human nature is really not an easy task. Sharing stories from the real world though helps to raise awareness and bring across principles that apply both in the real and digital world. Even if they are a bit embarrassing. Feel free to make nice comments about my shoes though anytime.

Comments


Image by kylefromthenorth
Join My Mailing List

Thanks for submitting!

About Me
Anna 22 formal.jpg

I'm a creative security awareness content developer and founder with a demonstrated history of working 20+ years in the cybersecurity industry. Originally from Munich, Germany, I've been living in Cape Town, South Africa for the last 20+ years. Successfully grew bootstrapped startup Popcorn Training to US acquisition and scaled team in a hyper-growth environment under the new ownership as the regional MD of KnowBe4 Africa.

Since 2021 I've moved into an evangelist role at KnowBe4, driving cyber awareness across the African continent with a special focus on cyberpsychology, security culture, metaverse, Web3 security, and the intersection of mindfulness on cyber.

I'm a Member of the World Economic Forum’s Global Future Council on the Future of Metaverse for the 2023-2024 term as well as a member of the WEF Metaverse Initiative Governance Working Group and Security Skills Development Group. 

 

I'm a founding member and on the Mido Cybersecurity Academy advisory board, aimed at underserved communities in South Africa to bridge the cyber skills divide.

I'm a certified business analyst and have an MSc in Cyberpsychology from the University of Applied Sciences in Vienna. I hold multiple security certifications, including CISSP, CISA, CIPP/IT, ex PCI DSS QSA, ISO 27001 Implementer, and auditor.

Im also a Yoga Alliance certified Yoga Teacher Trainer (YTT 500) and certified Trauma Sensitive Yoga Facilitator.

Awards / Recognitions:

- Top 20  Women in Cyber of the World 2024 

- Top 100 Influential Women in Tech South Africa 2024
- Women in Cyber People’s Choice Award 2023
- IFSEC Global Influencer in Security for 2022.
- UK’s IT Security Guru 21 Most Inspiring Women in Cyber in 2021
- Top 100 Women in Cyber 2020 and 2021 globally by Cyber Defence Magazine.
- ISACA South Africa President Award for 2020
- Women in Tech Innovations Africa 2020 Award for Southern and Central Africa at Africa Tech Week
- Top 50 Women in Cybersecurity – Africa 2020

 

© 2024

  • LinkedIn
  • X
bottom of page