The Social Engineering Framework

The Social Engineering Framework is a searchable information resource for people wishing to learn more about the psychological, physical and historical aspects of social engineering. Please use the index below to find a topic that interests you.

Framework Sections

Section Articles

Typical Goals

People may be motivated for a varied number of reasons, sometimes performing an act because they feel they need to or they truly do need to. The goals of a malicious social engineer can be compared to the goals of regular people in the work force. Knowledge is powerful, the more you know, the easier it may be to succeed. Malicious social engineers portray some of the same goals that an everyday Joe or Jane may have with one difference; ethics.


Ethics are the base standards of what is good and bad within a society. If the society, as a whole, feels strongly enough that the behavior is bad, laws may be formed to prevent the behavior. Ethics are what separates the money making goals of the everyday Jane or Joe from the social engineer; out to make their money or their name by stealing knowledge and using it in an unauthorized fashion.


Dr. Max Kilger, co-author of the Honeynet Project, has identified six motivations for non-ethical computer activity. These motivators can be applied with regards to social engineering. The six motivators are: money, entertainment, ego, cause, entrance into a social group and status within that social group. Slides 80-87 in this presentation touch on this.

These motivations are similar in any society (i.e. – people want to make more money or be accepted into a social group). It is important to note that Dr. Kilger did not include some key motivations: knowledge, revenge and curiosity. Each of these motivators can be looked at as a goal of social engineering. The ultimate goal, is information; information needed to satisfy the aforementioned motivators.

Maslow’s Hierarchy of Needs

Figure 1 depicts the basic needs to survive at the bottom of the triangle. Esteem needs and self-actualization are at the top of the hierarchy. Although the original diagram has been updated; the researcher chose to include the diagram from the 1970’s since it includes the cognitive need of knowledge, a main motivator for criminal behavior.


Using this hierarchy, one can see that at the base of the pyramid is the most primal of needs; the need for food and drink. The basic life needs often cost some amount of money, which may be gained by social engineering. Each of the goals and motivators could be placed into the hierarchy of needs; some needs may hold different positions for the social engineer. Self-actualization; or ego, esteem, status and cause, can be found at the top, or close to the top of the pyramid. A key motivator often times can be the need for recognition.

Social Engineering as a Protection

On the other hand, social engineering has become a very big part in penetration testing. In an attempt to help secure a company or help them see the dangers that lurk out in the business world a professional social engineer will use the very same tactics as a malicious social engineer, but with one MAJOR difference. Motivation. The professional social engineer may employ all the deceiving tactics and the covert technology but when they obtain information it is just reported upon to help the company set policies and standards, as well as an education plan, to help their staff be aware of the threats out there.

Thus, being made aware can make the difference between success and failure in a social engineering attack. Some examples of professional social engineers:


The goals of a malicious social engineer can be compared to the goals of any criminal activity; knowledge, power, money, control, bragging rights, etc. Malicious social engineering with the purpose of data theft, is like any other crime, it contains motive and a goal. If computer security personnel can brainstorm the reasons a social engineer might want to enter their system, along with a list of possible goals of that engineer, then preventative measures and training can be implemented.