Social Engineering & Game Theory (P1)

So, firstly what is a Gambit?

A gambit is similar to a method/script but instead of a ridged scripted series of events it more resembles an over arching strategy. Initially a gambit referred to a chess opening in which a player, more often White, sacrifices material, usually a pawn, with the hope of achieving a resulting advantageous position.

In social engineering a Gambit is is the articulation of a series of events which by design leave the social engineer in a similarly advantageous position. Gold digging, as in an attractive male/female manipulating the affections of an affluent person with the explicit goal of financial gains could be considered a Gambit, as the details are left to the "aggressor" but the over arching goal remains the same. Thus allowing it to be adapted to a variety of situations. The name of the gambit can sometimes be rather abstract of vaguely referential, it isn't always the case that the goals or engineering behind the gambit can be surmised by its name.
I have discussed with others here that there are about 8 levels of social engineering, ranging from 1 on 1 individual social interactions, say a singular conversation to broad national, international and theoretically global level events. They are detailed as such...

+1 Vs 1 Action Level is Social engineering stimulated by a single action, 
   a single encounter or conversation perhaps.
+1 vs 1 Battle Level is Social engineering that can be used to decide the result 
 of a single battle.  A battle is to be considered as gaining ground and presence in some ones permanent 
 thought processes.
+1 vs Group (2-10) Tactical Level is Social engineering that can affect two to three battles at the same time, or a group of people 
+1 vs Collective (10-100) Strategic Level - is Social engineering of an even greater scale compared to Tactical Level    Social engineering.
1 vs Organization (100-1000) War Level is Social Engineering that is capable of deciding a war. An organization can be considered to be a collage, large company or social movement.
1 vs Society (1000+) National Level is Social engineering that is capable of affecting an entire nation.
1 vs Collective Societies (2+ countries) Continental Level is Social engineering that can affect an entire continent or    multiple countries.
1 vs world Global Level is Social engineering that can decide the existence or fate of the whole world. This is purely theoretical level.

Each scale would be an order of magnitude above the previous and though some ways of thinking can apply and even still be effective, they start to break down and become less practical to implement.

Then, within each level we have a tier, a Tier would indicate the difficulty of an act or action. I will explain a bit about it here, specifically the tiers within action level social engineering.

1 Vs 1 Action Level is Social engineering stimulated by a single action, a single encounter or conversation perhaps.
Warranty Exploitation methods, this is the lowest level, lowest tier, hence my disdain. you are dealing with a scripted opponent with predefined responses, who has little or no vested interest in the product or product profits.

Examples:

1) Taking candy from a baby, a baby is easily tricked or confused, but has a vested interest in the candy and limited, but  not predefined responses. (that's right WE methods are literally easier than taking candy from a baby)

2) Convincing someone to do something they want to do, but may have repercussions, convincing someone to cheat on a bad relationship, do drugs after being clean for a while and so on.

3) Convincing someone to do something they don't want to do, but with no ethical, social or legal repercussions. like taking up smoking, or help you do something that requires effort.

4) Convincing someone to do something they neither want to do, nor will they be clean and clear after the fact, something like helping you commit a criminal act, robbery

5) Convincing someone to do something they neither want to do, nor will they be clean and clear after the fact with   distinct knowledge of unavoidable negative consequences, something like helping you commit a criminal act, armed   robbery, assault or possibly rape.

6) Convincing someone, in a single conversation to kill them selves.

7) Convincing someone, in a single conversation to kill them selves and others.

All of these would have to be committed in a single action to be considered level 1, which because of the gravity of some of the higher Tiers, could even be considered more significant than the same outcome at level 2 or 3.
You may be reading this and think, convincing someone for instance to kill themselves or others in a single interaction would be impossible. I would argue that there would be ways through coercion, say hostages or some other significant leverage to do so.

Yes, it is true Hostages would not be social engineering, but if you had such hostages you would still have to convince someone you had them, and that you would be willing to carry out your threat. If you could do this with words alone and no evidence, Then you could equally do this with out having the hostages at all. That would be social engineering.
Some Gambits are quite literally the oldest tricks in the book, as per this post about the definition of the oldest tricks in the book. Despite this, they still work well today. I'll detail a few of these tricks in this post for context.
[Backup Bluff]

Frequently People find themselves going up against an opponent which outnumbers them or otherwise has a tactical advantage. When they know that in this instance, they don't have enough of a chance in a straight-up fight, so they try to gain an advantage by out-thinking their opponent.

One way of doing this try to make the enemy think that the enemy is outnumbered or surrounded, by pretending that there are people on your side which in fact do not exist. The most basic way to do this is to lie to the enemy. For example, the Social Engineer might say "I have agents in your organization" when they are in fact all alone.
I once used security exploits to find out privileged information that only organization members should have access to, I then eluded to an organizational member, that I had internal organizational support, citing the information as evidence. leveraging the bandwagon effect to garner support.

I could use the security exploits to verify the credibility of the new contact and use that contact to leverage others within the organization. Also leverage other contacts with the initially exploited information.
From a position of no information, to a position of some, to a position of a contact and then a tree of contacts, then separate trees of contacts, it is very possible to take over an organization, using their very cooperation with you as leverage for extortion and coercion. "do as I say or I'll have it known you worked with me, you may not want to lose your job, but if you don't do as I say you will....don't worry my reach is far, If you work for me I'll keep you safe"..."you know I have other contacts and agents and haven't lost anyone else yet?" this exploits the ambiguity effect, working with you becomes the known outcome, the sure thing, yet lack of cooperation becomes ambiguous. Using the backup bluff in conjunction with the Bandwagon Technique is called the bandwagon bluff gambit

[Bandwagon Technique] : Everybody is doing it. You should do it too.

In other words, everybody is buying our product, so you should buy it too. Sometimes uses statistics to back up the   claim with numbers. A form of Appeal To Popularity. If a commercial tells you, "No wonder six million customers    purchased our product last year," they're resorting to the Bandwagon Technique. Same for ads that boast of their   product being "number 1"
"Eat shit, billions of flies cannot be wrong." ~ proverb

The bandwagon Technique is a simple action based gambit, exploiting the bandwagon effect cognitive bias and the   "Appeal To Popularity" logical fallacy.
[Spanish Prisoner]

A Con Man identifies a potential mark—someone with wealth and native. The con man convinces the mark that he serves a dethroned princess who is being held prisoner in, say, Spain. If the mark can come up with just a few hundred dollars, then a guard can be bribed and the princess can flee to the US (where the mark lives) in eternal gratitude.

The mark can easily part with a few hundred, and so, though he is wary, he falls far enough for the con man's smooth line. A week goes by. Two. The mark has come to understand that he's been tricked, but before that last spark of hope can die, the con man reappears with a letter from Her Highness. She is free and in France. Now she needs a few thousand dollars for her final passage by sea, and the mark gladly shells it out.

This is basically the premise for those Nigerian e-mail scams, which wouldn't exist if people didn't fall for them. As I have established in other posts, they are intentionally incredulous in an attempt to deter any people sound of mind and inherently suspicious. Their goal is to act as an exit gate to filter out a chance of response from everyone but the most foolish. Meaning work and energy can be put into defrauding an actual likely candidate for the ruse.

People are very suspicious of this one, mainly because of the common nature of the Nigerian e-mails. I use this personally, to proxy myself, I'll feign a position in relation to myself, a supporting role or assistant position, someone who maybe a trustee to myself. Then say feign interest to he right parties in betraying myself, if they believe the persona, I will ask for a show of trust, an action or an overt expression or statement that can be observed. To them it is a simple act that ventures nothing but a sign of cooperation.

To be continued: