Chocolate & Security

Is there a Relation? If Yes, then How Deep?

What if someone offered you a bar of your favorite chocolate in exchange for your computer password? What would you do? Know what you’re thinking. No Way!

Now consider this for a second. What if the person w

as appropriately dressed, had all the right credentials, was from the right organization and said your information would play an important role in a social engineering experiment that could help millions? Would you still give out your information?

Princeton psychology researchers asked a group of people to look at 300 faces and rate them on their trustworthiness, dominance and threat levels. Some common features and characteristics emerged after the results were consolidated. It turns out people tend to be more trusting of someone who have a U-shaped mouth and eyes that seem like they are surprised – eyes wide with both eyebrows arched up. On the other hand, an untrustworthy face usually has corners of the mouth turned down with eyebrows also pointing down, towards the center.

Now try this in front of a mirror. Are you essentially smiling and frowning.

This shouldn’t come as news that a person whose smiling is considered more approachable as opposed to someone who looks like their team just lost the Super Bowl.

However in 2008, the brilliant brains at the Infosec Institute managed to get more than half of the 576 office workers in Britain to give out their passwords to total strangers. Of course these strangers were appropriately attired, had all the right credentials and pretty sure had a smile on their face. Yet there was one other thing that helped these individuals. Chocolate! As a thank you for filling out the bogus survey forms, the office workers were offered a chocolate bar and more than 50% fell for it.

The clothes, the credentials and the smile makes sense – search how Frank Abagnale fooled depositors out of their money with a security guard uniform and a sign – but chocolate; it just doesn’t add up. Chocolate may seem like a sugary treat you crave when you are low on energy or just having a bad day. However, there is more to this story than just cocoa beans.

In addition to being good for your health, chocolate contains a feel good chemical called Anadamide. This chemical is naturally found in the brain and is similar to one found in marijuana. In other words when you have chocolate or even look at chocolate, you brain induces feelings of euphoria, which makes you feel good and helps you relax. This results in you letting your guard down. And it’s this momentary relapse the con artists are counting on and use. Now before going further, let’s get one thing straight, blaming chocolate in this case would be the same as saying ‘Spoons made me fat’. It’s no more the chocolate’s fault than the person falling for the con. Con artists have just found a loophole where they bypass our visceral defenses and use our senses against us to get what they want.

Thinking like a con, what is the first thing you would do, if you wanted to rob someone blind or get someone to part with their, let’s say home security systems password. Would you use a gun and the threat of violence? Or the right look, a smile and a bar of their favorite chocolate. The latter makes more sense. Al Capone/Robert De Niro once famously said ‘You get a lot more from a kind word and a gun than from a kind word alone’. This rings true to what the Infosec guys did.

So the next time you see someone with a clipboard, wearing a tie outside a subway station or in a mall saying ‘can I have two minutes of your time’, be vigilant. Only give information you’re comfortable with. And if they try to sweet talk you and offer you a gift, voucher or a chocolate, don’t fall for it. After all Facebook was created to stay in touch with friends and family, not for stalking.

Leave a Reply