Social Engineering: How Hackers Manipulate People and Learn Your Secrets in Five Minutes (Part 2)

Real hackers rarely start by writing code — they start with a conversation. In the second part of our breakdown, we dive into the psychology of manipulation and explore how social engineering actually works in the real world.

You’ll learn what pretexting is and why a well-crafted cover story can be more powerful than any virus. We’ll break down techniques for building instant trust (rapport), show how to “read” people using the DISC framework, and explain how secrets can be extracted through elicitation — without asking a single direct question. Learn how not to fall victim to a “chameleon” and how to spot a professional manipulator before it’s too late.

The Chameleon in the Room: How to Become “One of Us” in Five Minutes — and Make You Give Up All Your Secrets

Pretexting: The Art of Creating a New Reality

Many people think social engineering is about being a professional liar. That’s not quite true. Liars are easy to catch. They get tangled in details. They’re tense. A social engineer doesn’t lie — they practice pretexting.

So what is it? It’s creating a scenario you genuinely believe in yourself. When an actor plays Hamlet, he’s not Vasya Pupkin on stage — he is the Prince of Denmark. He feels the prince’s pain. A hacker does the same.

The “Helpless New Hire” Scenario (Breaking It Down)

Let’s look at a classic example that works nine times out of ten. Why? Because it hits our parental instincts.

You need to learn a company’s internal network structure. If you call and say, “Hello, I’m conducting a security audit,” you’ll be asked to send an official request — and then they’ll hang up. Boring. Doesn’t work.

Now imagine a different approach. The hacker plays background office noise (printers, chatter). They take a few deep breaths so their voice sounds slightly shaky, anxious. Then they call tech support — or the secretary.

— “Hi… I’m really sorry, I think I might have the wrong number… My name’s Serhii, I’m in the logistics department, it’s my third day here…”
(A pause — you can hear the nervousness.)
“Look, I’m a complete idiot. My boss gave me access to a reports folder, and I… I don’t know what I clicked, but everything’s gone. There was this red X, I clicked it — and now it’s empty.”

What happens on the other end of the line? The victim — whether it’s a sysadmin or a secretary — relaxes.

1. There’s no threat. It’s not an inspection, not a boss, not the police. It’s just some scared “newbie.”

2. A sense of superiority (ego): “Oh God, what an idiot. What am I supposed to do with him? Guess I’ll have to save him.”

3. The urge to help. We’re biologically wired to calm people who are panicking.

And the victim says, “Relax, Serhii. You didn’t delete anything — you just removed the shortcut. What’s your terminal number? Or let me walk you through the path to the server…”
Bingo. Within a minute, the hacker has the server address, the folder structure, and possibly even a temporary password the kind admin created to “help the new guy.”

The golden rule of pretexting: your cover story must be simple and emotionally charged. The best emotions to exploit are pity, the desire to be helpful, or the fear of making a mistake.

Rapport: How to Make Someone Fall for You in 30 Seconds

Alright, that works on the phone — but what about face-to-face? How do you approach someone in a bar, at a conference, or in the smoking area without being told to get lost?

Hadnagy quotes his colleague, former FBI agent Robin Dreeke. He has a brilliant method for building instant connection — rapport. Here are the key techniques that work almost every time.

1. “Just for a second” (Artificial Time Constraints)

Think about how tense you get when a stranger approaches you on the street with a smile. The first thoughts are: “What are they trying to sell me?” “Is this a cult?” “This is going to waste my time.” You shut down.

To break that barrier, you need to signal one thing immediately — in your very first sentence: I’m about to leave. You walk up and say:

“Hey! I’m waiting for a colleague — he’s parking right now — but I’ve got a minute and wanted to ask…”

“Listen, I’m just heading out, my taxi’s waiting, but I noticed your badge…”

It’s magic. The other person’s brain goes: “Phew. This won’t take long. I can relax and listen.”
The moment they relax — you’ve got them.

2. Body Language: Don’t Stand Like a Security Guard

How are you standing? Arms crossed? Looking from under your brows? Congratulations — you look like a threat. To trigger trust on a subconscious level:

Show your palms. Open palms are an ancient signal: “I’m not holding a stone or a knife. I’m safe.”

Raise your eyebrows. A quick upward eyebrow flash (just a split second) during greeting is a universal signal of friendliness among primates.

Tilt your head. A slight sideways tilt exposes the carotid artery — one of the most vulnerable spots. It signals absolute trust: “I’m not afraid of you, so don’t be afraid of me.”

3. Turn Off Your Ego

This is the hardest part. We all want to sound smart, impressive, important. A social engineer has to forget all of that. Your goal is to make the other person feel smart and impressive. If they say something stupid — don’t correct them. If they brag — be amazed and praise them.

“Wow, you actually configured that router yourself? No way. That’s like advanced math to me. How did you even do that?”

People who feel genuinely listened to and admired will tell you everything. They’ll talk about their job, their security problems, where the safe keys are — just to impress such a grateful listener.

Elicitation: The Art of Extracting Secrets Without Asking Questions

So now you’re talking. The connection is there. How do you learn sensitive information without asking directly? If you ask, “What antivirus version are you running?” the alarm goes off instantly. That’s a suspicious question.

Professionals use a technique called elicitation. It’s a way of structuring a conversation so the other person wants to give up the information themselves.

Technique #1: Provocation (The Error Effect)

Everyone loves correcting another person’s mistake. Correcting others makes them happy because it satisfies their ego. Take advantage of this. Do not say “what kind of equipment are you using?” instead say something that is most probably incorrect or even intentionally provocative:

“Ugh I see you’re still stuck with those ancient IBM servers. Those things are as loud as tractors and overheat constantly, don’t they?”

At that point, the employee, especially the technical employee, can’t help but respond with:

“IBM? Kidding me? We switched to Amazon cloud solutions last year, there is no on-site hardware left — only thin client computers.”

And that is it. You have now learned the network architecture. And you did not ask. You simply “made a mistake,” and they told you how to correct it.

Technique #2: Artificial Ignorance

Act less intelligent than you actually are. If you appear to be an expert, people become nervous (“he knows way too much, he may be out to hurt us”). When you appear to be some sort of ignorant newcomer, they begin to educate you.

“Hey I heard these new access cards cause problems when you hold your phone next to them. True?”
Security Guard: “No, these use RFID chips which operate on a different frequency. The only problem is bending the card and breaking the chip inside.”

Technique #3: Quid Pro Quo (Give Something in Exchange for Something)

If you want something from someone, give them something first. Share a small harmless secret about yourself and the other person will feel obligated to share something back.

“Honestly I was so tired this morning. I worked late into the night on our quarterly report until 3am. That management is brutal.”
“Oh I know what you mean. The same thing happens to us in sales. By the end of each month everyone is crazy — we’re even doing a manual migration of our customer database. Everybody is on edge.”

At this point you have just found out that the sales department has a disaster going on while migrating a database. This is the perfect time to strike at them.

The DISC Method Of Profiling People

Everyone is different. While it may be easy to have a wonderful conversation with a bright, smiling secretary, it will be almost impossible to establish a good relationship with a serious looking head of security. This is why many use the DISC method when creating a profile of a person. It is a basic system of “reading” people in order to quickly understand how they will react to certain situations. Much like reading the stars (horoscopes), it has some factual basis, and is very useful in everyday life.

Dominant Type (D)

– How to recognize a dominant type?

+ They are confident.
+ They speak briefly and sharply.
+ They maintain constant eye contact.
+ They hate small talk and delays.
+ They usually look stern or as if they are wearing expensive clothes. Nothing about them is casual.

– How to communicate with a dominant type?

+ Do not ask “how are you?”
+ Avoid lengthy introductions.
+ The dominant type is only interested in results, not in process.
+ Speak clearly and concisely.
+ Get to the point.

Example: “There is a solution that will save you approximately 20% of your time. I just need to clarify one thing.”

Influential Type (I)

– How to recognize an influential type?

+ They are charismatic.
+ They talk a great deal.
+ They are always starting new conversations.
+ They make lots of gestures while speaking.
+ They are the center of attention.
+ They tend to jump quickly from subject to subject.

– How to communicate with an influential type?

+ Listen carefully to everything they say.
+ Laugh at their jokes.
+ Nod along to show that you agree.
+ Give them plenty of room to talk about themselves.
+ Since they are in the midst of emotion and chat, they will reveal much more information about themselves than they intend to, without even realizing it.

Steady Type (S)

– How to recognize a steady type?

+ They are calm and quiet.
+ They do not like to disrupt the status quo.
+ They avoid conflict.
+ They are team players and are concerned with the comfort of all parties involved.

– How to communicate with a steady type?

+ Emphasize the fact that you are trying to create a safe environment.
+ Indicate that you are not going to cause any trouble.
+ Show them that you are gentle and calm.
+ Since steadies do not respond well to pressure, gentleness and calmness will work much better than anything else.

Some examples of phrases you could use when communicating with a steady include:

* “We just want to make sure that we create a comfortable environment for everybody.”
* “I don’t want to create any unnecessary complications.”

Analytical Type (C)

– How to recognize an analytical type?

+ Their desk is neatly organized.
+ They are fascinated by numbers, rules, and procedures.
+ They frequently wear glasses.
+ They often ask “Why?” and “Where is this documented?”

– How to communicate with an analytical type?

+ There is no use using emotional appeals with an analytical type.
+ Use facts, figures, documentation, etc.
+ Provide them with a chart, a table, or a reference to a specific policy clause.
+ Analytical types do not trust people; they only trust systems. Therefore, they will react according to those systems.

Conclusion

We’ve now figured out how to approach people, read them like an open book, and get them talking by using their very human vulnerabilities – vanity, the desire to help, and the need to correct something wrong.

Is this manipulation? Yes – because it is. But as Hadnagy says, “A knife isn’t bad by itself. It’s the person holding it.” These skills can be used to negotiate a better price on something at a store, to calm down an upset customer, or to steal $1 million.

In the last section (Part 3), we will take our exploration one step further. We will look at the “Dark Magic” of Psychological Influence. How do you make someone feel guilty? How do you act with authority when you have none? Why does everyone become a helpless child the minute you say “Today Only”?

The grand finale is coming and it is going to be BIG!