What is 'framing' in the context of social engineering? This excerpt from Chris Hadnagy's new book explains. Excerpted from Chapter 6 of Social Engineering: The Art of Human Hacking, by Chris Hadnagy. Used by permission.For more advice drawn from Hadnagy’s experience, see Social engineering: 3 examples of human hacking.The principles outlined in this section are some of the deadliest influence tactics used today. These tactics can literally give a social engineer powers to motivate people, move them, and cause them to react in ways that will put them in the social engineer’s control.Remember that influence and the art of persuasion is the process of getting someone else to want to do, react, think, or believe in the way you want them to. Creating the motivation within a target is a powerful force; it is a social engineer’s superpower. The principles outlined in this chapter can make that superpower a reality, but not without consequence and lots of work. What do I mean by that? I have often found that after I practice a certain skill and become proficient at it, ‘turning it off’ is very hard. This trait may sound attractive, but being cautious when it comes to who you are influencing, especially as a social engineer, is a good idea. To ingrain these skills into your personality, use them for helping others. For example, when you start to practice reading microexpressions and even using them to manipulate a target, the initial response might be to think you have some mystical power that allows you to almost read minds.This is where caution is wise. Practice the skill and work toward perfecting it, but don’t assume you know it all. If you can influence someone to stop smoking, to start working out, or to be healthier, then you will learn to tap into these skills at will to benefit others, and using them in your social engineering practice is not a farfetched idea.Many of these skills require you to actually be interested in people, care about them, and empathize with them. If these are not natural abilities for you, then you must work hard to obtain those skills. I urge you to take that time, because the skills in the preceding section can lead you to being a grand master social engineer.Imagine you could alter what you think to the extent that gaining these skills could be easier. Imagine now, too, if you could alter the thinking of your targets so what they experience is exactly what you want them to experience. Literally altering the reality of those you interact with, including yourself, is the next topic, and it will just blow you away.Altering reality: FramingFraming has been defined as information and experiences in life that alter the way one reacts to the decisions one must make. From a nonsocial engineer point of view, framing is your own personal experiences and the experiences of others that you allow into your conscious mind to alter the way you make decisions.Grocery stores use framing by putting “75% lean” on a package of ground meat as opposed to “25% fat.” These terms mean the same thing (both have 25% fat content) but one sounds healthier and is more appealing to the buyer, and that is why stores use 75% lean as opposed to labeling the actual fat content.The preceding example is simple, but it is also one that helps to show the power of framing. Simply presenting the facts in a different way can make something seem good that would normally be considered bad. The following sections look at a few areas where framing is often used so you can see how powerful it is.PoliticsFraming has long been used in politics. Simply the way campaigns or messages are worded can make a huge difference in the way the public perceives a message.Consider, for example, George Lakoff, a professional cognitive linguist. In an interesting observation on framing in politics, he states the difference in how people perceive the use of the phrases “Counterterrorism as law enforcement” versus “Counterterrorism as war.” When the 9/11 attacks occurred, Colin Powell argued that they should be treated as crimes. When the public demanded more action and stricter policies, then President Bush announced the “War on Terror” campaign.Another example is the Social Security program in the United States. The name implies the program can be relied upon to provide security for the future. Yet another example is the difference in the terms bailout versus economic stimulus. Bailout met with lots of opposition because it can paint a word picture of bailing water out of a sinking boat. But economic stimulus paints the mental picture of helping the economy by stimulating the economy. Both programs did almost the same thing, but simple wording made the latter more acceptable. Related content news Okta launches Cybersecurity Workforce Development Initiative New philanthropic and educational grants aim to advance inclusive pathways into cybersecurity and technology careers. By Michael Hill Oct 04, 2023 3 mins IT Skills Careers Security news New critical AI vulnerabilities in TorchServe put thousands of AI models at risk The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said. By Shweta Sharma Oct 04, 2023 4 mins Vulnerabilities news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe