What is 'framing' in the context of social engineering? This excerpt from Chris Hadnagy's new book explains. Excerpted from Chapter 6 of Social Engineering: The Art of Human Hacking, by Chris Hadnagy. Used by permission.For more advice drawn from Hadnagy’s experience, see Social engineering: 3 examples of human hacking.The principles outlined in this section are some of the deadliest influence tactics used today. These tactics can literally give a social engineer powers to motivate people, move them, and cause them to react in ways that will put them in the social engineer’s control.Remember that influence and the art of persuasion is the process of getting someone else to want to do, react, think, or believe in the way you want them to. Creating the motivation within a target is a powerful force; it is a social engineer’s superpower. The principles outlined in this chapter can make that superpower a reality, but not without consequence and lots of work. What do I mean by that? I have often found that after I practice a certain skill and become proficient at it, ‘turning it off’ is very hard. This trait may sound attractive, but being cautious when it comes to who you are influencing, especially as a social engineer, is a good idea. To ingrain these skills into your personality, use them for helping others. For example, when you start to practice reading microexpressions and even using them to manipulate a target, the initial response might be to think you have some mystical power that allows you to almost read minds.This is where caution is wise. Practice the skill and work toward perfecting it, but don’t assume you know it all. If you can influence someone to stop smoking, to start working out, or to be healthier, then you will learn to tap into these skills at will to benefit others, and using them in your social engineering practice is not a farfetched idea.Many of these skills require you to actually be interested in people, care about them, and empathize with them. If these are not natural abilities for you, then you must work hard to obtain those skills. I urge you to take that time, because the skills in the preceding section can lead you to being a grand master social engineer.Imagine you could alter what you think to the extent that gaining these skills could be easier. Imagine now, too, if you could alter the thinking of your targets so what they experience is exactly what you want them to experience. Literally altering the reality of those you interact with, including yourself, is the next topic, and it will just blow you away.Altering reality: FramingFraming has been defined as information and experiences in life that alter the way one reacts to the decisions one must make. From a nonsocial engineer point of view, framing is your own personal experiences and the experiences of others that you allow into your conscious mind to alter the way you make decisions.Grocery stores use framing by putting “75% lean” on a package of ground meat as opposed to “25% fat.” These terms mean the same thing (both have 25% fat content) but one sounds healthier and is more appealing to the buyer, and that is why stores use 75% lean as opposed to labeling the actual fat content.The preceding example is simple, but it is also one that helps to show the power of framing. Simply presenting the facts in a different way can make something seem good that would normally be considered bad. The following sections look at a few areas where framing is often used so you can see how powerful it is.PoliticsFraming has long been used in politics. Simply the way campaigns or messages are worded can make a huge difference in the way the public perceives a message.Consider, for example, George Lakoff, a professional cognitive linguist. In an interesting observation on framing in politics, he states the difference in how people perceive the use of the phrases “Counterterrorism as law enforcement” versus “Counterterrorism as war.” When the 9/11 attacks occurred, Colin Powell argued that they should be treated as crimes. When the public demanded more action and stricter policies, then President Bush announced the “War on Terror” campaign.Another example is the Social Security program in the United States. The name implies the program can be relied upon to provide security for the future. Yet another example is the difference in the terms bailout versus economic stimulus. Bailout met with lots of opposition because it can paint a word picture of bailing water out of a sinking boat. But economic stimulus paints the mental picture of helping the economy by stimulating the economy. Both programs did almost the same thing, but simple wording made the latter more acceptable. Related content news FBI probes into Pennsylvanian water utility hack by pro-Iran group Federal and state investigations are underway for the recent pro-Iran hack into a Pennsylvania-based water utility targeting Israel-made equipment. By Shweta Sharma Nov 29, 2023 4 mins Cyberattacks Utilities Industry feature 3 ways to fix old, unsafe code that lingers from open-source and legacy programs Code vulnerability is not only a risk of open-source code, with many legacy systems still in use — whether out of necessity or lack of visibility — the truth is that cybersecurity teams will inevitably need to address the problem. By Maria Korolov Nov 29, 2023 9 mins Security Practices Vulnerabilities Security news Amazon’s AWS Control Tower aims to help secure your data’s borders As digital compliance tasks and data sovereignty rules get ever more complicated, Amazon wants automation to help. By Jon Gold Nov 28, 2023 3 mins Regulation Cloud Security news North Korean hackers mix code from proven malware campaigns to avoid detection Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack. By Shweta Sharma Nov 28, 2023 3 mins Malware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe