Social engineering goes to the movies

Social engineering experts give thumbs up to these 7 great examples from Hollywood

If you fall for a social engineer's trickery, it's embarrassing.

As long as it's happening to someone else, though, it can make for great cinema.

Security experts John Sileo and Chris Hadnagy gave us examples of some of their favorite social engineering scenes as portrayed in film. These movies offer an entertaining way to understand how social engineering works.

Matchstick Men

Con men Roy (Nicholas Cage) and Frank (Sam Rockwell) start their scam by calling victims and trying to selling them water filtration systems for hundreds of dollars. The same system is available for just $50 in a store. While working the phones, the two employ many classic social engineering moves, such as passing the phone from Frank to Roy who poses as Frank's boss, giving the operation more credibility.

From there, the two head to a victim's home where they pose as federal agents and inform the victim they have been scammed by the water filtration con. But, they say, if the victim will just sign a form that gives them authorization to withdraw money from the victim's bank account, they might just be able to track down the thieves. Of course the victim's bank account is then emptied, and the small water filtration price leads to a much bigger take for Frank and Roy.

Want to know more? Get CSO's ultimate guide to social engineering —an 11-page PDF chock full of examples, tactics, and defensive strategies (free CSO Insider registration required)

There are many more surprises along the way, but, as Hadnagy said, he doesn't "want to give a spoiler... but this movie is about a scam wrapped in an social engineering gig wrapped in a con. It is a twister and really good."

Ferris Bueller's Day Off

An adept and charming con man at just 17, Ferris Bueller (Matthew Broderick) doesn't want to go to school one day and pulls out all kinds of social engineering scams in order to take the day off without consequences. He manages to get his friends Cameron and Sloane in on playing hooky, too.

In a memorable scene, Cameron calls school principal Mr. Rooney, pretending to be Sloane's father and asking that Sloane be dismissed because her grandmother has died. Rooney, initially thinking it is another one of Ferris Bueller's pranks, is rude to the caller. But when Ferris places a call on the other line to Mr. Rooney, Rooney realizes the first caller is not Ferris and panics—assuming that caller must indeed be Sloane's father. Sloane is then released for the day.

"He used the technology of day to his advantage," explained Sileo. "Although the technology has changed, the techniques social engineers use really haven't. Utilizing people's ignorance, pretexting, pretending to be someone you aren't&mdashthese are all techniques that have all been around for years."

The Thomas Crown Affair

A wealthy but bored business man, Thomas Crown (Pierce Brosnan) decides to pull off an art heist at New York's Metropolitan Museum of Art just for the fun and challenge of it.

Crown is well known at the museum long before the heist because he spends many hours there, hanging out in the Impressionist gallery and getting to know the guards. This alone makes it easier for him to pull off the crime, according to Sileo.

"That's the whole authority technique," he said. "Utilizing a combination of confidence and the perception of authority. It's such a simple example."

When it is time to pull off the theft, Crown hires a group of Romanian men who pose as a Trojan Horse of sorts by infiltrating one of the galleries and pretending to be guards. They cut off the air conditioning and claim to be there to clean the gallery, but are ultimately caught by the museum's official guards and a struggle ensues.

During a chaotic scene in which everyone is evacuated, Crown manages to slip a titanium briefcase under a security gate to prevent it from closing; he slides under the gate into a completely different gallery without being seen. Because of the distraction elsewhere he is able to steal the painting "San Giorgio Maggiore at Dusk" by Monet, valued at $100 million.

Dirty Rotten Scoundrels

Hadnagy describes Dirty Rotten Scoundrels as "another classic about two con men fighting for the right to stay in their territory."

The first confidence man, as one French police officer describes him, is an American named Freddie (Steve Martin) who poses as a wounded soldier in a wheel chair. Using this ploy to appear helpless and trustworthy, Freddie swindles money from female victims "for an operation for his grandmother."

The other, more sophisticated social engineer in the film is Lawrence (Michael Caine), who runs his cons in the finer hotels in Southern France and poses as a prince who needs funds "to free his enslaved people" or "to fight the communists."

Eventually they team up when Freddie begs Lawrence to teach him some of his ways and Freddie then plays the memorable part of Ruprecht, the prince's bizarre monkey-boy younger brother. ("Not Mother?") Lawrence cons money from female victims by proposing marriage, collecting funds, and only then introducing them to Ruprecht. Once the women meet Ruprecht, they break off the engagement, leaving their money behind and leaving Lawrence and Freddie to begin the scam all over again.

Catch Me If You Can

The movie is based on the life story of Frank Abagnale, known as one of .

While still just a teenager, Abagnale (Leonardo DiCaprio) runs away from home and manages to pose as Pan Am pilot and scam thousands of miles of free flights around the world. While he's at it, he also cashes millions of dollars in forged checks from Pan Am.

Abagnale also successfully pretends to be a doctor and a teacher before he is ultimately caught by the FBI (years later).


Penetration testers before it became a common security career, Martin Bishop (Robert Redford) and his team are paid to break into companies that want to put their security put to the test.

In one scene Martin and teammate Carl (River Phoenix) create a distraction at the front desk of a secure building. Carl, posing as a delivery person, insists he be let in to make a delivery; while he argues with the guard, an increasingly agitated Martin waits behind him posing as a father late for his daughter's birthday party being held upstairs. He eventually gets through by barking at the guard, still engaged in a fight with Carl, to "push the damn buzzer!"

Six Degrees of Separation

"The finest example" of a social engineering example in film, according to Sileo.

Inspired by the true story of con artist David Hampton, Will Smith plays Paul, a young man who manages to fool the wealthy New York City couple Ouisa and Flan Kittredge (Stockard Channing and Donald Sutherland).

Paul shows up at the Kittredges' Fifth Avenue home one night, bleeding and asking for assistance. He claims to be the son of actor Sidney Poitier, and also says he knows the Kittredges' children, two of whom attend Harvard University.

Paul is well-spoken, charming and a skilled cook. After some time, he wins the Kittredge family over. They lend him money and allow him to stay with them for the night. After the experience is over, the Kittredges are shocked to learn Paul is a con man who has scammed many other wealthy families in their social circle as well.

"He uses all kinds of techniques," said Sileo. "He appeals to their humanity, he charms them, he appeals to their sense of familiarity by claiming he met their son at Harvard, so it is obvious he did some background research. That's exactly what is happening on social networking now. But today, you don't have to walk up to an apartment to pull this kind of thing off. A person's association with others you know on a place like Facebook makes them seem trustworthy."

Copyright © 2012 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)