Internet Mind Games
The art of linguistic programming, and social engineering Internet traffic. Fact or fiction?

By RSnake (7/22/1998)

   Everyone is well aware that to sell a product you need more than the product itself. A spark of interest needs to be created between the potential customer and the product itself. Linguistic programming and social engineering is the latest craze in Internet commerce, but what does it all mean?

   It all started, off the Internet, in advertising. Psychologists studied the reactions people gave to proper stimulus. People, like any creature, respond in a fairly predictable manner to any controlled stimulus.

   Enter Neuro-Linguistic Programming (NLP). NLP is a theory comprised mainly of mapping patters in human thought, and striving for discernable predictability in those patterns. It is more or less considered to be a trendy version of hypnosis. NLP advocates also believe it increases awareness, and while one increases awareness in oneself, it is easier to achieve a closer approximation of what people as a whole would do in any certain situation. Of course there are many variations on these theories, put into practice.

   It has been pointed out, in the field of modern English, that, for example, certain people use a certain types of language. Police officers, lawyers, car salesmen and reporters tend to use "passive" sentence structure, for instance. It is noticing subtleties in the general populous that makes human prediction closer to a measurable, statistically important field, and less of a pseudo-science.

   Con artists, since the dawn of gullibility, have been able to predict what the human eyes will see, what the human ears will hear and what the human mind will think. Selling something in such a way that consumers are unable to see is believed to be the most advanced form of advertising. Just as the Japanese have experimented in using subliminal messages in department stores to stop shop-lifters, the new advertising agents are working hard at experimenting with on-line deception.

   On some pay sites, webmasters have come to be able to predict how traffic moves in relation to what they want. By phrasing a question, "Would you like to visit my advertisers?" people will most often click "Yes" because the typical response of someone looking for any particular material is positive. Without even reading the question, consumers instantly assume that "Yes" must be the right answer. This is where social engineering comes into play.

   Social Engineering is the technique by which to force a response, or to gain information out of otherwise unwilling individuals. Social engineering is often look down upon as being the lowest form of hacking, while some say it should be used in every day life, by everyone. Some people chalk social engineering to be nothing more than saying "Please" and "Thank you", but skilled social engineers tell a different tale.

   One man, on a bet, through a few well-said lies, found himself in one of the largest banks in Europe's vaults all alone. One website, by changing the 404 (file not found) format, and a few small scripts, was able to coerce three quarters of all the traffic who hit the site to believe that they would be prosecuted if they did not sign up for the subscription the website. Yet another site convinced it's traffic that they were sending secured information by having the text "SECURED SITE" blink.

   Numerous times hackers have posed as temp workers and uncovered valuable information. It is becoming more common knowledge that the weakest part of a company is most often it's secretaries, because they know the most amount of important knowledge without ever really understanding what it means. Industrial espionage agents are all very qualified in social engineering. By asking someone to hold a door for them, they can often times find themselves in the most restricted parts of normally secure companies.

   There is another case in which an e-mail spammer also owned an anti-spam organization, and with the e-mail addresses gained from the anti-spam e-mail list, he was able to spam even more people. Only after being thrown off the backbone was he stopped. People believed the words of the anti-spam homepage, without having any real proof.

   A rational person could simply say that NLP and social engineering is simply being an effective manipulator and liar. Won't that be oversimplifying? Is there more to it?

   The on-line adult industry was estimated at $132 million this year, and by the year 2000 it is estimated to increase to $800 million. A significant proportion of the money to be made in this industry (which happens to be the largest most prominent on the internet) is through free sites, using banners to advertise. Ignoring the fact that 50% of all internet traffic is searching for porn (just try to imagine a town where 50% of all the stores sell pornography) it is simple to see that there is something to be sold there that is attractive. The means by which these banners are sold, however, in itself, is perhaps the greatest social experiment.

   Some of these banners appear to be small windows, with scrollbars and parts of pictures, or stories, and as the individual intends to click on it to view the rest of the story, or picture, they inadvertently open the link. Other banners are animated to force the viewer to notice them more. Still others appear to be thumbnailed images, that normally when clicked on would open a larger picture, but in reality just opens the page to be marketed.

   Trickery, deceit, smoke and mirrors. But what about NLP? As an experiment the next time someone says they have to do something, tell them they have to help you with something else. Emergencies aside, more often than not, by giving them a direct command pleasantly, you can divert their current thought. This is the NLP theory, more than hypnosis, or thought re-direction, it is trying to predict the human mind. Using color schemes, making icons that the user can identify with, making it fun, adding bells and whistles all adds to the percentage of people who will spend money on the internet. Electronic commerce depends on NLP and social engineering to keep the traffic routed properly and keep the people interested.

   Most of all, these techniques help ease people's minds about spending money on items that they don't need, and in some cases, don't even want. Because much of what is to be bought on the internet is site on seen, it is easy to sell little for a lot. Vaporware is not common, but it is also not unheard-of. It is difficult to sell something that is not there, with something that has nothing to do with the so-called product in the real world, but electronically, it is becoming more and more possible.

   So why is web commerce any different then real commerce? Simply put, beyond the physical nature, verses the electronic, it comes down to semantics and anomalies. One website administrator reported that five months after he had closed down his website, he got a check from the banner program for hits made on a page that no longer had even a DNS entry. The users had stored his page in cache and has never cleaned it since first visiting the site. Comparing the internet, where you can make money off sites that don't exist on banners that you have deleted nearly half a year prior, to the real world is really comparing apples and oranges. That is not to say there are no similarities. Quite contrary in fact.

   Many of the NLP and social engineering techniques are well applied to real world situations as well as internet swindling. Unfortunately, it is a technique that is so often used, and so diverse, it is difficult to have a grasp on its size or complexity. Each scheme is equally devious, and is likewise aimed to hurt the consumers. The theories of NLP and social engineering may be in doubt, or may be seriously skewed, but the market effect is undisputed.

   Internet consumer beware! Know what you are getting into before you buy. Often times, the subscribing process is so ambiguous, people forget to copy down unsubscribe information. Even more often, consumers forget the URL where they bought the subscription to in the first place. Protect yourself by writing down the e-mail address, URL, your username, password, and any other vital unsubscribing information and save it in a safe place. Often sites like these make it as difficult as possible to unsubscribe and a few seconds of writing can save you a lot of trouble with your credit cards.

   Is this a big enough problem to worry about? Know your sources. If it is an untrustworthy site, or looks shoddy, chances are that you could get ripped off. That is not to say that one can't protect oneself by knowing with whom one is dealing, and by reviewing their reputation. Asking around, if in doubt and shopping around may even lead to a better deal. Above all else, consumers should be aware that most certainly computers CAN lie, and everything seen through a browser should be taken with a grain of salt. Cyber-con artists exist, and are here to stay.