Social-Engineer LLC is proud to celebrate its fifteenth year of success in the information security (InfoSec) industry. Founded in 2010 by CEO Christopher Hadnagy, the company specializes in applying its patented and scientifically verified process to train and educate customers against the growing danger of InfoSec attacks like phishing, vishing (voice phishing), SMiShing (SMS phishing), and physical infiltration. Their services range from providing simulated attacks to tiered training courses in protecting individuals, corporations, and institutions.
After being expelled from college when he attempted an experimental war-dialing program, Chris Hadnagy explored a wide variety of careers before he settled on his true passion in InfoSec services. When he founded Social-Engineer, Chris built a process so unique in its ability to effectively raise security awareness that he patented it before sharing his services with the world.
This methodology was constructed by his observations of how scammers have operated throughout history. Chris uses the example of Victor Lustig, the only man to have scammed Al Capone and lived to tell the tale. The con that brought him fame was selling the Eiffel Tower – which was not for sale at the time – at least twice. Lustig used the principles of social engineering before the name was coined. “Reading the different strategies that conmen used, the biggest commonality was their ability to exploit fear,” explains Chris.
Chris has developed an extensive albeit informal education in behavioral psychology during his time in the industry. In fact, he was the first to formally define social engineering in his first book Social Engineering: The Art of Human Hacking. His second book – Unmasking the Social Engineer: The Human Element of Security – was co-authored by the pioneering psychologist of human facial expression, Dr. Paul Ekman. Chris’ intimate pedagogy of the ins and outs of social engineering lies behind his methodology. “Fear triggers the amygdala and shuts down your frontal cortex,” Chris explains, “When that happens, you no longer can make rational decisions, and start acting from your limbic system. So, when you pick up the phone and someone’s fear-based threats to get very personal or financial information, you end up giving up with little resistance.”
Other biases he has demonstrated can be easily exploited in the field is the average individual’s assumption that women are trustworthy and unthreatening. Before Chris established the social engineering industry, InfoSec was a male-dominated field. Industry conferences would employ women merely to stand in front of displays and hand out corporate swag, known as ‘booth babes.’ Social-Engineer was among some of the leading companies to demonstrate that women are extremely talented at infiltrating security systems – both through corporate buildings and through the phone – due to implicit biases.
For example, one successful ‘pretext’ they used in their simulated vishing attacks was an employee in labor. “Our brilliant callers would call a client’s employee claiming that she was about to give birth, and if she didn’t get the account password changed, no one would get paid. She would pretend to go into labor on the call, and this manufactured sense of scarcity and time constraints would stress the person on the other end out so much that, even with resistance, they cave and change the password,” Chris recalls.
One of the reasons that Chris was effectively the founder of the social engineering industry was the blurry legality of using manipulative techniques for simulated attacks. As a result, Social-Engineer’s ethical code of conduct was carefully developed. “Manipulating fear and exploitation is certainly difficult to make ethical, but our methods only utilize pretexts that adds pressure that does not threaten the employees livelihood or well-being,” he explains.
Since its patented phishing process in 2010, Social-Engineer has also instituted its original Instant Vishing Education System (IVES) as its post-attack protocol. Social-Engineer’s simulated attacks aim not to catch people in their vulnerabilities, but to educate them to report suspicious activity.
During these last fifteen years, Social-Engineer has established itself as a leading company in InfoSec through its mass-vishing programs, making thousands of monthly calls to seek out and educate clients on the vulnerabilities of their organizations. Chris Hadnagy has released several other books since his first bestseller. His latest book goes beyond the InfoSec industry. Human Hacking: Win Friends, Influence People & Leave them Better Off for Having Met You, is a transformative guide that reveals how to ethically influence others using psychological insights, helping you build genuine relationships that positively impact everyone you meet.
Additionally, they have launched a three-tiered training course on ethical social engineering.The Foundational Application of Social Engineering (FASE) course is open to everyone and educates students on the psychology of human decision-making. Following their foundational course, the Practical Application of Social Engineering (PASE), the students learn how to plan, develop and launch real-life attacks against actual targets. Finally, for those who have been successful in previous courses, Social-Engineer provides its certified Master’s Level Social Engineering course (MLSE) which is a 5-day live social engineering and red team course. Higher level courses involve interactions with unknowing participants and compelling storylines for students to test their skills in real-life contexts.
Social-Engineer aims to lead the industry even further into effectively protecting customers against an evolving underworld of information security attacks. Currently, the company is using their database of vishing attacks to train an AI model to accurately detect deception in hybrid cybersecurity attacks. As Chris explains, “We use the technology that bad guys are using to hurt us, to help us. We will continue to grow in our abilities to educate people on effective security awareness.”
Media contact:
Name: Amanda Marchuck
Email: [email protected]
