There is no real answer to that question; a social engineer can look like anyone, because a social engineer is just a con artist.
It’s not unusual to flip on the TV and see a variety of characters on popular shows and movies employing both technical and non-technical tricks to get people to do what they want, whether it’s giving them access to a restricted area or turning over lots of cash.
In fact, social engineering has been going on for years. Con men existed in ancient Egypt, Greece and Rome; they’ve been around forever. In the 19th century, we called them Snake Oil Salesmen.
One of the most famous social engineers of the 20th century was Frank Abagnale, Jr. His social engineering skills were so good that he conned people out of more than two million dollars in the 1960s when he was just sixteen years old!
The modern computer age’s equivalent of Abagnale would be Kevin Mitnick. At age 12, he used social engineering to bypass the Los Angeles bus system’s punch-cards so he could ride for free. At 16, he used social engineering to break into Digital Equipment Corporation’s computer network to steal their software (a crime he was convicted of in 1988). He later hacked into Pacific Bell’s voicemail system and became a federal fugitive for two and a half years. According to the U.S. Dept. of Justice, he used his con skills to gain unauthorized access to dozens of computer networks while he was on the lam.
As we mentioned, pop culture shows us a lot of great examples of social engineering – from The Sting, Matchstick Men and the Ocean’s 11 movies, to sly detectives on TV such as Veronica Mars, Simon Baker and Sherlock Holmes. We see tons of social engineering examples in popular shows such as Dexter, Leverage, Better Call Saul, and Mr. Robot.
Social engineers can be criminals from anywhere in the world, representing organized crime or just a small one- man operation. They can be black hat hackers, nation-states attacking our critical infrastructures (such as our financial system), or even terrorist groups with both financial and other agendas.
Social engineers in pop culture.
The Music Man
Harold Hill, a traveling con man convinces the locals of River City to start a band for the local kids by purchasing uniforms and instruments from him. He plans to leave town as soon as everyone pays. But the local librarian, Marian, suspects he might be a fraud, and his developing romantic feelings for her get in the way of his plan. The security aware Marian the Librarian stopped the social engineer before he swindled her neighbors out of hard-earned cash!
Catch Me if You Can
The true story of Frank Abagnale, Jr., one of the most successful con artists of all time, includes too many excellent examples of social engineering to count. Our favorite? Posing as a Pan Am pilot for two years during his teens, flying over 1,000,000 miles to 26 countries by deadheading.
You may have already seen the film version starring Tom Hanks and Leonardo DiCaprio, but we recommend reading the original memoir for more details and further insight into his creatively illegal antics.
Live Free or Die Hard
While this movie shows the catastrophic effects of a cyber terrorist attack on America’s critical infrastructure, it also contains an excellent example of social engineering. John McClane and Matt Farrell, a hacker being targeted by the bad guys, need a car. McClane offers to hotwire one but Farrell has a better idea: he calls the vehicle’s monitoring service, using the pretext of being a teen whose father is having a heart attack and needs the car to be started remotely. He bypasses the need for the password by emphasizing the emergency and avoids the possibility of a remote shut down, should the car detect the hotwire attempt.
Dirty Rotten Scoundrels
Lawrence, suave and erudite, cons corrupt rich people out of their money to live a lavish lifestyle, while Freddy, charmingly arrogant, just tries to score a free meal. They go to great lengths to dupe Janet, an heiress, into giving them $50,000 until they find out she’s not an heiress at all but a contest winner. In the end, she turns out to be the better social engineer, conning them out of their own money. They say, “It takes one to know one,” but in the case of social engineers, we hope you can spot a con without being a con artist yourself!
The plot of this film introduces the complexity of planting an idea in someone’s mind–referred to as “inception.” Just like in many movies about cons, the main character, Dom Cobb, is
a thief given a chance at redemption by reversing his criminal behavior. This mind-bender plays with an ethical question: can social engineering, which is usually used for crime and subterfuge, be justifiable when trying to stop a bad company from destroying the world?
Social engineering and you.
We never know who is out to scam us or con us, and we can’t tell just by looking at them. We have to use common sense, maintain a healthy dose of skepticism and develop our internal scam detector. This is only way to avoid becoming a victim. It’s important to remember that social engineering works because it hacks the human, not a computer.