Social Engineering and Mirroring the Emotional State

What personality traits make some individuals particularly good at social engineering? Robin Dreeke shared his insights on characteristics of an effective and successful social engineer in a recent post on Social-Engineer.Org. Robin’s article highlights the following traits:

  • Being able to identify topics that are of interest to the subject and then validating “the individual’s belief in his or her own sense of greatness”
  • Being able to appear non-threatening through nonverbal interactions, such as the facial expression or the body posture
  • Being able to use voice to reinforce that the social engineer “is a safe and good person to converse with”

One way to summarize these characteristics is to use the personality trait called high self-monitor, of which I learned while reading Click: The Magic of Instant Connections by Ori and Rom Brafman. The authors describe research by Mark Snyder that shows that some people particularly good at picking up on “social cues and adjusting how they act and how they are perceived by others.” Mark called these people high self-monitors because they can “monitor (observe and control) their self-presentation and expressive behavior.” (Mark wrote a book on the topic of self-monitoring.)

Individuals characterized as high self-monitors excel at modulating their emotional state to match that of others. In fact, research suggests that they do this subconsciously. This ability makes them naturals at identifying the right topic for the discussion and being friendly during both verbal and nonverbal interactions.

Can people learn to be high self-monitors? I suspect so, but I haven’t seen any research regarding this. Have you?

For more on social engineering, see my earlier posts on the asymmetry of data value and on integrating social engineering into an information security assessment.

Lenny Zeltser


About the Author

Lenny Zeltser develops teams, products, and programs that use information security to achieve business results. Over the past two decades, Lenny has been leading efforts to establish resilient security practices and solve hard security problems. As a respected author and speaker, he has been advancing cybersecurity tradecraft and contributing to the community. His insights build upon 20 years of real-world experiences, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more