“These aren't the droids you're looking for.”

—Obi-Wan Kenobi in Star Wars Episode IV: A New Hope

You can't really talk about social engineering without talking about influence and manipulation. For all intents and purposes, this is the catalyst for all the decision-making discussed in Chapter 2. As we discovered, people do things for many reasons, but the skilled social engineer understands enough about people to be able to steer the choices made by their targets.

Let's start with definitions. In his first book, Social Engineering: The Art of Human Hacking (Wiley, 2010), Chris defined influence as “the process of getting someone else to want to do, react, think, or believe in the way you want them to.” Manipulation is much the same as influence, but it is typically described as involving devious intent and almost always being in the best interests of the manipulator.

There's one thing I want to mention before we really delve into the depths of this interesting area. Chris and I make a pretty strong distinction between what we call influence and what we call manipulation. Clearly they are very similar, and you've probably heard the terms used interchangeably. Both are actions taken by a person that produces an effect in another. But they have a different feel to them, don't they? You've probably heard about someone who's a “bad influence,” but have you ever heard anyone use the term “good manipulation”? Despite the fact that both things may ...