Social Engineering and How to Avoid It on IMVU

Gipper
by Gipper · 24 posts
7 years ago in White Hat Activities
Posted 7 years ago · Author
Introduction

Hello! As many of you are aware, the modern age has brought with it endless opportunities to exchange information in all its forms...as well as exploit one and another's psychological scripts (also known as fixed action patterns - explained later) to influence that information exchange to one's advantage. Practitioners of this skill are known as social engineers, as opposed to con artist, as they once were. The format of this post will have two parts in each technique description. First, the act of executing the attack - black hat, to put you in the mind of a social engineer and help you think as they do. This is NOT to help you carry out your own attacks! XD

Second, the act of defending - white hat. This is the critical thinking mindset you should erect to prevent being manipulated. If you want to be very cautious, it is recommended you engage this mode of thought any time you meet someone you suddenly really like. There is nothing wrong with a best friend, but skilled social engineers know how to become your best friend almost immediately, and that is when the trouble begins. Indeed, when this new best friend happens to coincide with a recent spot of trouble or happens to need a favour is a time to do some critical thinking about them. So, without further adieu, let us examine the flaws that an engineer might exploit and how they might exploit them!

Techniques

1.) Mimicry


Black Hat Approach

First, and foremost, we establish rapport! This one is a bit harder on IMVU, as it primarily involves body language. However, there are other ways to mimic someone (do not be too obvious). What the attacker does on IMVU, then is mimic typing style. Look at the phrasing they use, the way they type. How long their sentences are, even. Look at what emojis they use frequently. You, as the attacker, would subtly incorporate this into your typing style. Again, do not be too obvious, as it might be noticed. If you can execute this properly, you will build greater rapport without them being the wiser. They will like you and not know why.

In real life, this is accomplished with monitoring the target's body posture, his breathing, his tone. This is also known as mirroring. You are mirroring them to convince them you are like them.


White Hat Approach

This one is easy to counter now that you know it can be used against you. Again, if you find yourself liking someone too quickly, check if their typing matches yours shortly after meeting them. Do they use the same words you do in the same manner? Psychological studies reveal that this happens naturally over time as people grow to like each other. They mimic one another. It is when this happens too fast that something is wrong. The social engineer works fast. They generally want you to like them, take your resources, and get out.

2.) The Theory of Names


Black Hat Approach

To continue our discussion about similarity and convincing your target that you are like them, we come to the name. In real life, having the same first name as someone automatically earns you subconscious bonus points with them. You hear your first name all the time and pay special notice to it. Familiarity breeds contempt sometimes, but it breeds liking in the social engineering realm almost always. On IMVU, if you have someone specific in mind, look at their screen name, and make an alternate account (more on their use later) with similar characters/words. Use their name frequently in conversation. Not too often, but slightly more often than you use the names of others. :D As a quick example of similarity, VampireWolf666 and Guest_xXDragonWolf666Xx would likely get on quite well. One of them is a victim.

White Hat Approach

It is likely that a smart attacker would choose a name only similar and not the same as yours. He would introduce himself as John, knowing your name is Johnny. Anyone who claims to have the same name as you (or if their account name is similar to yours) might be out to get your credits, your time, or your services.

3.) Interests and Hobbies


Black Hat Approach

Our last technique discussed for making your target like you is to describe yourself similarly in the interests section. If he likes IT, you do, too. With practise, you can fake your way through talking about any hobby. Improvisation and strip phrases such as "yeah" are key here. Also, people rarely probe you too much if you just blindly agree with them (this CAN backfire, so be careful). Mirror your target. Like what they like, or at least pretend to. If you find you cannot, there is always the idea of being an information sponge. Actively listen and ask specific questions about their passions. "I cannot go a day without listening to [some band]" "Oh, what song is your favourite?"

White Hat Approach

You may assume a pattern that just knowing about these techniques is usually a "good enough" blanket approach to combat them. Well, awareness does help in the main, certainly, but remember that there are very sophisticated ways of executing these not discussed here, so keep that guard up if you suspect you are being played. That said, this one is not hard to combat. In real life, salesmen will focus on your interests very nearly always. They will try to connect to them in various ways and enjoy listening to you talk about them. Someone who does this too much or seems very interested in what you have to say about a topic could genuinely like you or have that in common, but be sure to take that liking in context.

4.) The Reciprocity Norm


Black Hat Approach

Quid pro quo. A favour for a favour, as it were. Do something for the target. Something small and easy for you. He will feel obligated to repay you in some way. Often what you want can be a much bigger favour than what you gave. This is called the reciprocity norm. Do you want a gift? It is often good practise to give a small gift (600Cr) to the target and wait. Be sure to fill your gift list with only more expensive gifts beforehand, so you are guaranteed to profit when they obey the reciprocity norm.

White Hat Approach

Something of course suspicious here is if someone gives you a service or gift randomly, then asks for a return considerably larger. It is almost certain they are using the reciprocity norm to leverage gains from you. It is also unlikely someone would be that blatant about it, unless they are an amateur engineer. Be careful of the overgifter. These people are not necessarily using con artist tactics on you, but may have poor self-esteem or perceived social standing and feel the need to compensate for this. Evolutionarily, in the long run, this overgifting is a disadvantage. In the short-term, it COULD indicate a ploy is being used. The key thing here is if they want larger returns on your part.


5.) Exploiting F.L.A.G.S or Fear, Lust, Anger, Greed, and Sympathy


Black Hat Approach

Your emotions. You have seen them, I am sure. Emotional people on IMVU. They often boot with no provocation, may harbour egotistical/delusional thoughts about themselves, or make themselves known in other ways. Well, they are not the only ones vulnerable to attacks on the emotional state. Everyone is. The attacker thus learns what his subject is most prone to.

Do they empathise with others? Do they have a need to be complimented? Do they become enraged easily? Are they very dissatisfied with their standing and want something that you can proffer (or claim to proffer)? The attacker here watches his target for a bit and learns their weakness. It is often one if not more of the above. He uses anger to turn friends against each other. He uses a sympathy ploy to extract a gift (NEVER ask for a gift directly - this is a common mistake). For fear, he uses subtle intimidation. Perhaps he implies or lays a false trail of evidence that he holds power or influence. Perhaps he drops a name. These are subtle intimidation ploy...or greed ploy if you seek such influence.

White Hat Approach

The best approach here is to take a break. Walk away from the computer. Type a "BRB" and think. Let the emotion leave you, then you have a clear mind to approach the problem. A social engineer wants you to be emotional so your decisions are quick and, thus, poor. Said decision will often be to their favour, as well. Keep yourself level-headed and give yourself a breather if you find yourself being flattered, angered, or if your new friend is very flirty. Throw up some red F.L.A.G.S.


6.) Creating a Problem and Creating Its Solution to Extract a Favour


Black Hat Approach

This attack is one of the most common you might encounter from a social engineer. You start by gaining rapport, of course. This can be done in a few ways, detailed above. Making a problem is easy. Once you have gained your target's trust, you can simply invent a problem that sounds reasonable enough to exist, although this is risky, as they might know you are lying. IMVU frequently changes things for the worse, though, making this a valid attack. A more sophisticated attack vector is to be aware of a problem that will actually occur (or you cause) and be ready with a solution. Example: Room darkeners are pretty annoying, but not everyone knows about them. I ran across a moderator who believed a blackened room was due to server maintenance (it was me - I feel bad). One could exploit such an instance by having the victim enter a certain "command" to reset their room and turn the blackening effect off. Creativity is key here.

Once the problem is solved, trust is earned, and it sets you up for future attacks. Now they owe you a favour, too. ;D

White Hat Approach

If you know someone who frequently has answers at conveniently proper moments, you might be dealing with a social engineer. Again, though, they rarely stick around. The only reason one might in this case is the set up. You might trust them for their "expertise". Funny how they often seem to show when you need them, though, eh? This user who has been hassling you, but has been h4c|<7d by your new friend who came to your rescue...maybe they are one in the same person on two different accounts.

7.) Door-in-the-Face


Black Hat Approach

Asking for something ridiculous, or high-balling, is a fast route to what you really want. In terms of money, asking for a million Euros when you would really only need 100,000 is the name of the game here. It is another technique so subtle, you would really need to be told about it. At least, it was for me before I knew about it. Never saw it coming, and neither will your target. They just assume you are greedy, a trick which could be used to feign a weakness to greed ploys, if done right. That is advanced counter-social engineering, though. Ask for more than you expect to receive, then reduce your demand, which will seem like a favour and invoke the reciprocity norm. :)

White Hat Approach

In negotiations, most people know not to low-ball, but they are less knowledgeable of the high-ball technique. Your con artist will likely start off ridiculously high when they ask a request, then immediately reduce their needs through clever wordcraft. When that happens, you know you have a trick being pulled on you and chances are that others have at least been attempted. I would back away immediately and not let them know how they failed, lest they refine their approach next time.

8.) Foot-in-the-Door

Black Hat Approach

So, you have your target liking you, he has already done a favour, but you do not have what you truly want. Say a full furry outfit, or room bundle, or whathaveyou. Well, here we talk about building commitments. This is for the long-term con, which is risky, and rare. You can do this in the short-term, though, if you play your cards right. Start by using the above techniques to get a target to do something for you. Or, simply ask a small favour/invent your own technique. That one act, once done, engenders a fixed-action-pattern (remember those?) of doing things for you in the future. Example: A signature on a form. Making someone sign an official-looking petition can lead to them taking action for whatever cause is detailed on the petition. You just need to keep escalating the requests gradually. The more yeses to small favours, the likelier you will get a yes to a big one.

It is common in this regard to ask leading questions that are simple. Modern law enforcement in interrogation is sometimes careful to avoid these as they can be complained about later in court proceedings. With leading questions, too, your wording is important. Be sure to be partially assumptive when phrasing the question. Example: "Did the blue car hit the red one," should instead be, "How fast was the blue car going when it hit the red one?" Again, just an example. Altering a target's memory of an event is a bit advanced and is beyond the scope of this post.

White Hat Approach

Someone might ask you for a head, then a skin, then a few more accessories toward an outfit. Soon, they are asking for 20,000 credits! Just think of a multi-tiered pyramid. Are their requests slowly increasing in size, moving up the pyramid levels? If so, you have a con artist on your hands...or someone with a very poor understanding of social etiquette. Guess which is more likely! Maybe unfriend and block. :D To defend against leading questions, practise making them in your mind. Be sure you are not saying anything that can be used against you later.

Conclusion

While this post, in the main, does not take a position on the use of such techniques, I would like to end it by inserting a few statements to help guide you. Of course, no one can control what your hands do when you are given a hammer. You hold it and you choose how to swing it. The tool in this case is the trust of your fellow humans. You have the choice as to what to do with it. The purpose of this was to highlight how to defend yourself against the sometimes malicious denizens of the digital world.

The Internet breeds an attitude of perceived-invulnerability and IMVU is no exception. Someone you might wrong cannot punch you in the face if you are discovered, and because of this, it is more tempting to plunder their psyche for your own satisfaction. I am hoping that you are all more savvy practitioners of mental ninjitsu and know now how to avoid its many, many traps. The warriors of old Japan were masters of stealth and in today's age, the social engineer is, as well. You will find use of these tips not only online, but in sales, and negotiations, as well. The best minds of those fields also know perfectly how to bring you, entrance you, and get your pocketbook, all without you being the wiser. At least, they did. Research and be vigilant. Please use this information responsibly and have fun online. :D
Posted 6 years ago
Thanks for this post, it was an enjoyable read!

A. Orange
Posted 6 years ago
This is amazing.. Ive watched so many men/women do this to gain relationships rather than gifts/info/etc.. I just never realized how "easy" it can be to get close to someone to your own advantage.. This is a great read that I feel so many need to read as a way to protect themselves!
Posted 6 years ago
This was an extemely interesting read. Very enlightening! Thank you for posting this!
Posted 6 years ago
Interesting Read..As most 99% on IMVU are out to gain for themselves and I find that the same percentage are fake. I guess it's all on someones perception and how they take it as some will take one sentence and each will have a different interputation of it and out of say 10 people only 1 will understand what you are meaning.


Esbeth
Posted 6 years ago
Most people on IMVU social engineer, IMVU is pretty much built on that foundation, with the majority of the community trying to be popular. Well to be honest most of the internet is in my opinion lol. In IMVU, even moreso if you are a developer. This is not a new thing but it can be a dangerous thing for those that don't understand it and a really evil tool for those that seek to use it in a really bad way.

You can't really avoid it though, you will encounter it and fall for it at least once in your life at IMVU, I don't care how smart you are lol. A good social engineer, and there are many, can trick the most intelligent of people.

End thoughts: If its too good to be true, it probably isn't, and truth is more than likely not apart of whatever is going on lol. :panda6:
Posted 6 years ago
Thank you so much for the enlightening post! Tbh I hadn't realised I've been a victim of social engineering before until now, thanks to you!
A very good imvu friend of mine had been randomly gifting me and no matter how much I insisted I don't need or want her to buy me anything, she did that three-four more times. I thought she just really likes to spoil her friends and is a generous person, however soon after, she said she's out of credits and wanted me to send her a certain amount.. I gave her the credits at once of course cause I sort of felt guilty like "she wouldn't be out of credits if she hadn't gifted me" but now I certainly recognize the Red flag!
Posted 6 years ago · Author
Glad it helped. Sympathy is my big one, too. I have to check myself often. ^_^
Posted 6 years ago
Very good read. The vast majority of "hacking" is either a friend knowing your password or falling victim to social engineering techniques. Not as much someone breaking or figuring out your password.
Posted 6 years ago
Never thought of it that way, that's pretty cool thanks :D

Create an account or sign in to comment

You need to be a member in order to leave a comment

Sign in

Already have an account? Sign in here

SIGN IN NOW

Create an account

Sign up for a new account in our community. It's easy!

REGISTER A NEW ACCOUNT
Select a forum Protection     Help & Support     Introductions     Mafia News     IMVU News General Discussion     IMVU Lounge        IMVU Series / Roleplaying        Social Games     Mafia Market     Mafia Tools        Premium IMVU Tools        Off Topic Tools     Off Topic     Contests Creator Corner     Graphics Design        Photoshop        GIMP     Basic Creator Help     Catalog And Product Showcase     3D Meshing        3Ds Max        Sketchup        Blender Gangsters with Connections     White Hat Activities        Google Hacking        Trackers Programming Corner     Coding        Python        .Net (C#, VB, etc)        Flash        JAVA        Autoit        Batch        HTML & CSS        Javascript        PHP        Other        IMVU Homepage Codes           General           About me Panel           Messages Panel           Special Someone Panel           Visitors Panel           New Products Panel           Rankings Panel           Wishlist Panel           My Badges Panel           Outfits Panel           Url Panel           Groups Panel           Slideshow Panel           My Room Panel           Sandbox panel           Layouts     Help & Requests Free Credits     Approved Methods     Submit Methods Free Money     Approved Methods     Submit Methods Adult Corner     Get Mafia AP Here     AP Lounge        AP Social Games        Casual Dating Tips     IMVU Slave Market & Escorts