Social Engineering Confirmation Bias workflow

The image below shows the role confirmatory bias can play in social engineering exploits. Two situations are depicted. In the first, the insider desires access to information supplied by the outsider’s created (deceptive) scenario, as depicted in the R2 (orange) feedback loop. The second is where the insider desires to be helpful to the malicious outsider in need as depicted in the R3 (green) feedback loop. Both loops portray the reinforcing of trust in the outsider’s authenticity and the subsequent desire to access information or to be helpful. 

Unintentional Insider Threats: Social Engineering - US CERT CMU/SEI-2013-TN-024