Social Engineering And Menus | Hackaday

If you follow cybersecurity hacking methods – or just watch Mr. Robot – you probably know that the best way to get someone’s password is to ask for it. Of course, you probably can’t just say “Hello, I’m a bad guy. Can I have your password? But there are all kinds of tricks you can use like pretending to be in a person’s IT department, someone in management, or inventing a crisis to overcome better judgment with meaning. But of course, as savvy computer scientists, we’re immune to such things, aren’t we? We don’t need these kinds of tricks in our arsenal either.

Is it true? It’s amazing how many subtle things influence what we think are rational decisions no matter who we are. Consider going out to eat. Simple, right? You look at the menu, choose what you want and order. No one influences you. But they are. According to a BBC article, there is an entire industry of menu “engineering” determining how to get you to order expensive foods.

You might not think social engineering for menus is a great skill for us. But maybe your new open source project needs collaborators. Maybe your start-up needs investors. Maybe you would like someone to review your resume. Maybe the same tricks that work with diners will work in these cases as well.

Not just menus

These are not just menus. Grocery stores have a whole science of where to put things like milk to make sure you have the chance to buy other things. They also know which places are selling things. Casinos are wise too. Highly visible slots often pay more than those hidden in a corner. Unless they are visible from high profit table games where they might annoy the big players.

TV show Brain training games did an experiment on the “decoy effect”. They offered moviegoers the choice of a small $ 3 popcorn or a large $ 7 popcorn. They hardly sold any big popcorn, and when asked, customers complained about the cost of a big one. They later offered three choices to similar customers. The small and the large were still the same, but they included an average size of $ 6.50. Everyone wanted the size medium but would realize that they could get the size large for just 50 more and did so. The way the menu options were presented reduced the results from small to large and consumers were no more savvy.

Back to your regular menu

As the popcorn experience shows, our sensitivity to menu prices is inexplicable. Dishes that use longer words on a menu tend to cost more and diners don’t care. Restaurants will also put the more expensive items on top, so when you get to the cheapest items, they look more reasonable.

So what is it that attracts diners? Simple things like fonts and color can seemingly make big changes. Italics conveys quality, and ironically, ornate writing can be difficult to read, but can make things look better. Apparently, wine labeled with a hard-to-read typeface scored higher than the same wine in a more readable bottle.

Studies show that people associate round characters with sweet foods and angular characters with salty foods. It doesn’t make sense, but it is apparently true.


Obviously, French fries don’t sell as well as “thick crispy fries”. The Penn and Teller show, Bullshit! did an episode about it where diners saw themselves being served horrible food in an upscale restaurant and loved it because the waiter sold everything. The store brand whipped topping was hand whipped mousse, for example. Most people ate the inexpensive local food as if it was a five-star meal.

Menu experts claim that descriptive language can increase sales by 27%. Stanford found that “sweet and sizzling green beans” were ordered 23% more often than “green beans”. It goes without saying, but it’s strange that even if you know it’s hyperbole, it still affects you.

Consider this text from the description of a McDonald’s Quarter Pounder:

… Hot, deliciously juicy and cooked to order. It’s seasoned with just a pinch of salt and pepper, sizzling on a flat-iron grill, then topped with chopped onions, tangy pickles and two slices of melting American cheese on a sesame seed bun.

A flat iron grill? Do other places have non-tangy pickles or cheese that won’t melt on a hot burger? Does the McDonald’s chef over there pinch some seasoning in your burger? But it still works. You’re probably ordering one on your phone right now.

Images and videos are a mixed bag. Sometimes diners associate images of food with poor quality. In addition, there is the fear that the food you see in the image – which is often not really food as you will see in the video below, as the food is difficult to photograph well – will be better than the food that arrives at your table. If you’ve eaten at a fast food restaurant, you know it’s not unlikely at all.

So what?

You might think that this kind of social engineering is reserved for the trader or restaurateur. But how often do you choose a tool like, say, Chrome over a comparable tool like Firefox? If you want people to use your work, maybe a little social engineering is in order.

We have all seen great projects and businesses falter while lesser ones thrive. Without naming names, operating systems, Linux distributions, publishers, programming languages, and video formats have all seen this effect. So when you’re writing your next big IoT library, maybe it shouldn’t be about “functions that let you control devices using network requests.” Maybe it should be “a robust and secure library that makes it easy to take control of devices from anywhere in the world, simplifying and enhancing your high tech lifestyle.” Sure, it sounds silly, but it’s been proven to work.

Source link

James F. So