What is Social Engineering?

When I tell people what I do I get a lot of mixed reactions.  I’ve heard everything from “that’s cool” to “that’s creepy”.  This is probably because there are a lot of different definitions of social engineering out there. A lot of these definitions come close to the point, but they usually miss a few key items.  Here is the definition I use when people ask me “what is social engineering?”

Social engineering is the attempt to manipulate human behavior

There are three key parts to this definition, and I see a lot of people confuse them.

Attempt: Because No One has a 100% Compliance Rate

The reason I use the word “attempt” when defining social engineering is because despite what anyone tells you, there is no persuasion tactic, technique, or otherwise that is 100% effective 100% of the time.  There are just too many variables, and quite frankly people aren’t machines.  This doesn’t mean you can’t have a high “hit ratio”, but it will never be perfect.

Manipulate: Skillfully Influencing Others

The term manipulation basically means controlling or influencing, usually in a clever or skillful manner.  The catch is that manipulation has a negative connotation, since it’s usually associated with deception.  Strictly speaking, social engineering doesn’t require deception.  Although the truth of the matter is that while deception is not required it is often used.

Human Behavior: It’s About Results

The only real way to tell if you’re successful at influencing someone is by their actions.  This is why social engineering is all about manipulating behavior.  How you decide to go about manipulating behavior is a different story.  The point is that whether you change beliefs, or trigger an automatic pattern of behavior, the end result is still the same: you see it by the way people behave.

Hopefully this helps shed some light on one of the more commonly asked questions: what is social engineering?

Fingerprint: F961564009FE7121EF04599303EABC70

Comments

*

*