Skip to Main Content
Social Engineering: The Art of Human Hacking
book

Social Engineering: The Art of Human Hacking

by Christopher Hadnagy
December 2010
Beginner content levelBeginner
404 pages
11h 8m
English
Wiley
Content preview from Social Engineering: The Art of Human Hacking

3.2. The Goals of Elicitation

Reviewing the definition for elicitation can give you a clear path of what your goals are. Really, though, you can boil it down to one thing. A social engineer wants the target to take an action, whether that action be as simple as answering a question or as big as allowing access to a certain restricted area. To get the target to comply, the social engineer will ask a series of questions or hold a conversation that will motivate the target to that path.

Information is the key. The more information that you gather, the more successful the attack will be. Because elicitation is non-threatening it is very successful. Count how many times in a week you have meaningless little conversations with someone at a store, coffee shop, or elsewhere. The whole methodology of holding conversations is steeped in elicitation and it is used in a non-malicious way daily. That is why it is so effective.

In one episode of the popular British television show The Real Hustle, the hosts demonstrated the ease of many social engineering attacks. In this episode the goal was to draw a target into a game of luck that was rigged. To do so someone had a partner who acted as a complete stranger play a role in being interested and conversational with the attacker. This conversation draws in the surrounding people, which made eliciting proper responses from the target very easy. This is one method that works well.

Whichever method is used, the goal is to obtain information then ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Security in Computing

Security in Computing

Shari Lawrence Pfleeger, Charles P. Pfleeger, Jonathan Margulies

Publisher Resources

ISBN: 9780470639535