Social Engineering 😈

When the security issue is not on the tech side

Martin Thoma
6 min readFeb 25, 2024

Social Engineering is the art of manipulating people. It’s not necessarily illegal, for example when children fake being sick so that they don’t have to go to school.

Social Engineers are also not doing anything illegal when they apply elicitation: A subtle form of getting information through normal conversations. Think about a friendly conversation at the airport. Maybe you think you’re flirting, but the other person wants to get more information about your employer. Just asking questions without any force.

Pretexting is giving some form of cover story or context for follow-up social engineering. It could be used for elicitation, e.g. in the movie taken in which two tourists share a taxi with a stranger to cut costs. In that context, the strangler learns where they sleep and that they are alone.

Tailgating is a very simple way to get access to a building without doing anything illegal — you just walk in after somebody else. You may even ask if they can hold it open. You could give some…

--

--

Martin Thoma

I’m a Software Engineer with over 10 years of Python experience (Backend/ML/AI). Support me via https://martinthoma.medium.com/membership