Social Engineering and Mirroring the Emotional State

What personality traits make some individuals particularly good at social engineering? Robin Dreeke shared his insights on characteristics of an effective and successful social engineer in a recent post on Social-Engineer.Org. Robin’s article highlights the following traits:

  • Being able to identify topics that are of interest to the subject and then validating “the individual’s belief in his or her own sense of greatness”
  • Being able to appear non-threatening through nonverbal interactions, such as the facial expression or the body posture
  • Being able to use voice to reinforce that the social engineer “is a safe and good person to converse with”

One way to summarize these characteristics is to use the personality trait called high self-monitor, of which I learned while reading Click: The Magic of Instant Connections by Ori and Rom Brafman. The authors describe research by Mark Snyder that shows that some people particularly good at picking up on “social cues and adjusting how they act and how they are perceived by others.” Mark called these people high self-monitors because they can “monitor (observe and control) their self-presentation and expressive behavior.” (Mark wrote a book on the topic of self-monitoring.)

Individuals characterized as high self-monitors excel at modulating their emotional state to match that of others. In fact, research suggests that they do this subconsciously. This ability makes them naturals at identifying the right topic for the discussion and being friendly during both verbal and nonverbal interactions.

Can people learn to be high self-monitors? I suspect so, but I haven’t seen any research regarding this. Have you?

For more on social engineering, see my earlier posts on the asymmetry of data value and on integrating social engineering into an information security assessment.

Lenny Zeltser


About the Author

Lenny Zeltser develops products and programs that use security to achieve business results. He is the CISO at Axonius and Faculty Fellow at SANS Institute. Lenny has been leading efforts to establish resilient security practices and solve hard security problems for over two decades. A respected author and practitioner, he has been advancing tradecraft and contributing to the community. His insights build upon real-world experience, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more