When a threat actor conveys authority as part of their social engineering, it could be from someone higher in the organisation or possibly IT, people tend to want to please their company and it makes it easier to get access or information from them.
Intimidation can be used by a social engineer in a number of different ways, it could be “If you dont do this, I will report you to HR” or ” If you dont let me in, the company will have X happen to it’
Consensus is used by a social engineer to give the appearance that others are able to do the task. This might be that a colleague or low level manager is able to offer the information.
Social engineers may use the short supply of something to pressure companies or individuals to take the engineer up on their offer. This may be limited amount of tools on the market, or a prize with limited availability.
Familiarity is often used by social engineers to draw compliance from an individual. This may be by making an appearance in a building for a number of days before asking for something to give the appearance of working in the organisation.
A threat actor may earn trust as part of their social engineering attack, this could be getting to know a worker at the target personally, or getting a job there to add a level of ‘trust’.
Urgency is commonly used by threat actors as part of their social engineering to get a victim or target to act quickly, this reduces the amount of time someone has to decide if it is the appropriate action or not.