Social Engineering

The art of hacking people.

June 15-16, 2017

Susan Sons,

What is it?

From Wikipedia: Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

Susan's definition:  Social engineering is the practice of using applied psychology to shape others' behavior outside a controlled (lab, clinic, etc.) setting.

Thinking Like a

Social Engineer

Social Engineering needn't be cynical.

  • Talking your way out of a fight.
  • Keeping disaster survivors calm and sane.
  • Talking down a hostage situation.
  • Getting things done under an incompetent supervisor, without making him or her feel like you are a threat.
  • Making sure everyone leaves a negotiation satisfied with the results.
  • De-escalating an argument.

Life is a game in which the one with the best questions wins.

  • What's the goal here?

  • What's the lesson?

  • What's the best use of my time?

  • Who has access?

  • What do they want?

  • What have I learned?

  • What do they expect?


Information Leakage


Assumptions and accustomed patterns



Using and Sharing This Work:

Creative Commons License  "Social Engineering: the art of hacking people" by Susan Sons is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


Please credit Susan Sons and the IU Center for Applied Cybersecurity Research when using this presentation.

Permissions beyond the scope of this license may be available; send inquiries to


The most current version of this presentation is available from

Social Engineering

By Susan Sons

Social Engineering

Trying to give the basic ideas behind social engineering, plus a little practice, in 50 minutes or less. Tall order!

  • 1,490