Social-Engineer LLC is proud to celebrate its fifteenth year of success in the information security (InfoSec) industry. Founded in 2010 by CEO Christopher Hadnagy, the company specializes in applying its patented and scientifically verified process to train and educate customers against the growing danger of InfoSec attacks like phishing, vishing (voice phishing), SMiShing (SMS phishing), and physical infiltration. Their services range from providing simulated attacks to tiered training courses in protecting individuals, corporations, and institutions.
After being expelled from college when he attempted an experimental war-dialing program, Chris Hadnagy explored a wide variety of careers before he settled on his true passion in InfoSec services. When he founded Social-Engineer, Chris built a process so unique in its ability to effectively raise security awareness that he patented it before sharing his services with the world.
This methodology was influenced by his observations of how scammers have operated throughout history. Chris uses the example of Victor Lustig, the only man to have scammed Al Capone and lived to tell the tale. The con that brought him fame was selling the Eiffel Tower – which was not for sale at the time – at least twice. Lustig used the principles of social engineering before the name was coined. “Reading the different strategies that conmen used, the biggest commonality was their ability to exploit fear,” explains Chris.
The behavioral psychology behind social engineering attacks
Chris has developed an extensive albeit informal education in behavioral psychology during his time in the industry. In fact, he was one of the first to formally define social engineering in his book Social Engineering: The Art of Human Hacking. His second book – Unmasking the Social Engineer: The Human Element of Security – was co-authored by the pioneering psychologist of human facial expression, Dr. Paul Ekman. Chris’ intimate pedagogy of the ins and outs of social engineering lies behind his methodology. “Fear triggers the amygdala and shuts down your frontal cortex,” Chris explains, “When that happens, you no longer can make rational decisions, and start acting from your limbic system. So, when you pick up the phone and someone’s fear-based threats to get very personal or financial information, you end up giving up with little resistance.”
One successful ‘pretext’ they used in their simulated vishing attacks was an employee in labor. “Our brilliant callers would call a client’s employee claiming that she was about to give birth, and if she didn’t get the account password changed, no one would get paid. She would pretend to go into labor on the call, and this manufactured sense of scarcity and time constraints would stress the person on the other end out so much that, even with resistance, they cave and change the password,” Chris recalls.
“We use the technology that bad guys are using to hurt us, to help us.”
Chris became a leader of the social engineering space by resolving the blurry legality of using manipulative techniques for simulated attacks. Chris and Social-Engineer carefully developed an ethical code of conduct that’s been widely implemented. “Manipulating fear and exploitation is certainly difficult to make ethical, but our methods only utilize pretexts that add pressure that does not threaten the employee’s livelihood or well-being,” he explains.
Since its patented phishing process in 2010, Social-Engineer has also instituted its original Instant Vishing Education System (IVES) as its post-attack protocol. Social-Engineer’s simulated attacks aim not to catch people in their vulnerabilities, but to educate them to report suspicious activity.
Social-Engineer: A rise to prominence within the InfoSec industry
During these last fifteen years, Social-Engineer has established itself as a leading company in InfoSec through its mass-vishing programs, making thousands of monthly calls to seek out and educate clients on the vulnerabilities of their organizations. Chris Hadnagy has released several other books since his first bestseller. His latest book goes beyond the InfoSec industry. Human Hacking: Win Friends, Influence People & Leave them Better Off for Having Met You, is a transformative guide that reveals how to ethically influence others using psychological insights, helping you build genuine relationships that positively impact everyone you meet.
“When you pick up the phone and someone’s fear-based threats to get very personal or financial information, you end up giving up with little resistance.”
Additionally, they have launched a three-tiered training course on ethical social engineering. The Foundational Application of Social Engineering (FASE) course is open to everyone and educates students on the psychology of human decision-making. Following their foundational course, the Practical Application of Social Engineering (PASE), the students learn how to plan, develop, and launch real-life attacks against actual targets. Finally, for those who have been successful in previous courses, Social-Engineer provides its certified Master’s Level Social Engineering course (MLSE) which is a 5-day live social engineering and red team course. Higher-level courses involve interactions with unknowing participants and compelling storylines for students to test their skills in real-life contexts.
Social-Engineer aims to lead the industry even further into effectively protecting customers against an evolving underworld of information security attacks. Currently, the company is using its database of vishing attacks to train an AI model to accurately detect deception in hybrid cybersecurity attacks. As Chris explains, “We use the technology that bad guys are using to hurt us, to help us. We will continue to grow in our abilities to educate people on effective security awareness.”
