Teresa is worried that the software she wants to download may not be trustworthy, so she searches for it and discovers many postings claiming that the software is legitimate. If she installs the software and later finds it is malicious and that malicious actors have planted those reviews, what principle of social engineering have they performed?

Consensus, sometimes called social proof, is a social engineering principle that leverages the fact that people are often willing to trust groups of other people. Here, the attackers have planted false information that the software is trustworthy, thus allowing targets to “prove” to themselves that they can safely install the software. Scarcity uses a perception that something may not be available or is uncommon and thus desirable. Familiarity takes advantage of the trust that individuals put into people and organizations they are already familiar with. Trust-based attacks exploit a perception of trustworthiness.