What personality traits make some individuals particularly good at social engineering? Robin Dreeke shared his insights on characteristics of an effective and successful social engineer in a recent post on Social-Engineer.Org. Robin’s article highlights the following traits:
- Being able to identify topics that are of interest to the subject and then validating “the individual’s belief in his or her own sense of greatness”
- Being able to appear non-threatening through nonverbal interactions, such as the facial expression or the body posture
- Being able to use voice to reinforce that the social engineer “is a safe and good person to converse with”
One way to summarize these characteristics is to use the personality trait called high self-monitor, of which I learned while reading Click: The Magic of Instant Connections by Ori and Rom Brafman. The authors describe research by Mark Snyder that shows that some people particularly good at picking up on “social cues and adjusting how they act and how they are perceived by others.” Mark called these people high self-monitors because they can “monitor (observe and control) their self-presentation and expressive behavior.” (Mark wrote a book on the topic of self-monitoring.)
Individuals characterized as high self-monitors excel at modulating their emotional state to match that of others. In fact, research suggests that they do this subconsciously. This ability makes them naturals at identifying the right topic for the discussion and being friendly during both verbal and nonverbal interactions.
Can people learn to be high self-monitors? I suspect so, but I haven’t seen any research regarding this. Have you?
For more on social engineering, see my earlier posts on the asymmetry of data value and on integrating social engineering into an information security assessment.