2nd International Seminar on Lingustic,

West Sumatra 22-23 August 2015

The Language of Social Engineering:

From Persuasion to Deception
Handoko1 and Dwi Anggreini Waskito Putri2
1 Dharma Andalas University, handzain@yahoo.co.id
2 Padang State University, dwi2orchid@yahoo.com

ABSTRACT
Security is one of the most important aspect in information technology era. Many service
providers have put their effort in developing secure system for information technology service.
Yet, in many cases the vulnarabilities are not in the system but in human side as a user.
Psychological aspect of human is the most vulnarable in security since it can be manipulated,
decived, and influenced. Social engineering is one of the most prominent technique in
infulencing and manipulating human psychology and thought which is delivered through
language. This research is amed at analysing the advertisment, pop-up, and fake email that used
as medium for social engineering. The data are taken from internet which indicate fake
information. The analysis is focuses on the linguistic features and sign used in the data. The data
are analysed by using pragmatic identity method and referential identity method. The result of
analysis shows that the deciever violates maxim quality in delivering the massage. Beside, the
result also shows that the deciver develop mental space by employing several main issues for
attracting target attention, they are sexual interest, financial interest, religious interest, and
gaming interest.
Key Words: social engineering, persuasion, deception, mental space

1. INTRODUCTION

Social engineering is widely used by everybody in everyday live. It happens in

any level of human life, it happens in government or small business marketing, or in
daily activities. As a technique in communication, social engineering can be used in
good or evil way. Cambridge Dictionary defines social engineering as the artificial
controlling or changing of the groups within society. In further and practical definition,
social engineering is the act of manipulating or deceiving a person to take an action that
may or may not be in the targets best interest. This may include obtaining
information, gaining access, or getting the target to take certain action. It is used in the
way teachers interact with their students, in the way doctors communicate to the
patient, lawyers convice the judge, or psychologists obtain information from their
clients. It even used by man to convice their partner in love. In short, social engineering
is a social and psychological phenomenon that involves human interaction from babies
to politicians and everyone in between.
As a technique in interpersonal interaction, social engineering is not just single
and spontaneous action but it covers collection of the action which includes planing,
frameworking, and executing the action. Many people bealive that social engineering is
more than action but it is art in manipulating.
1

2. METHOD
The data are taken from internet that contain information for persuding people
such as pop-up, banner-ad, and email. The data are coleected by using observational
method by employing note taking technique. Then the data are analysed by using
pragmatic identity method and referencial identity method. The reasearch is aimed at
figuring out the language strategy used by the deciever to gather information from the
target.
Studying and analyzing social engineering is not as simple as it looks. Since it
deals with human, who are complex and complicated, social engineering involves
several studies including linguistics, semiotics, communication, and psychology. In this
reseach, the analysis is focused on linguistic and semiotic aspect of social engineering.
However, in understanding the meaning of the data, some communication an
psycological concepta are also used to figure out the relationship between language and
deception.

Persuasion and Deception in Perspective of Linguistics.

The main goal of social engineering is to get someone to do something. There
fore, it begins with persuasion and ends up with deception. According to The
Cambridge English Dictionary, persuasion is the action of persuade, where persuade
is defined as to make someone do or believe something by giving them a good reason to
do it or by talking to them and making them believe it. While deception is come from
deceive which is defined as to persuade someone that something false is the truth; to
keep the truth hidden from someone for your own advantage; to trick. In short,
persuasion and deception deal with truth, fact, and lying.
In relation to these concept, Wierzbicka (2006), places central importance on the
evolution of the semantics of truth, fact and lying within Anglo culture. She notes
that truth and fact were often seen as synonymous, but the general acceptance of
cultural and societal white lies has led to her conclusion that:
this is not to say that lying is no longer regarded in Anglo culture as something
bad, but the meaning of lying appears to have changed roughly from saying,
intentionally, something untrue to saying, intentionally, something untrue and
presenting it as information about facts (p. 45).
By the definition above, deception is act involving linguistic manipulation including
semantic, pragmatic, discourse. Wierzbicka constructs a semantic explication for
lying which is closely related to the notion of deceiving. Thus,
When X said it X was lying. =
a. X said something like this: I want you to know that Z to someone
b. X knew that Z was not true
c. X wanted this someone to think that Z was true.
(Wierzbicka 2006:45)

Wierzbickas semantic explication relies on truth conditions, which dealing with the
nature of truth in human language production. The truth value of a sentence is whether
or not the sentence is true in the actual world.
In term of pragmatic, deception can be seen from Grice concept of converstional
implicature which focusing on cooperative principle Make your a conversational
contribution such as is required, at the stage at which it occurs, by the accepted purpose
or direction of the talk exchange in which you are engaged (Grice, 1975). Furthermore,
Grice elaborates the principle by providing four maxims: quality (truthfulness), quantity
(informativeness), relation (relevance) and manner (clarity). Grice concludes that in
order to gain truthfulness, people need to maintain the maxim. In other words, it can be
assumed that verbal and textual relationships with others need to maintain acceptable
standards of truthfulness. In fact, real communication is frequently violate the maxim
for various reason, including politeness and for manipulation. In many cases, deception
is based on the violating the maxim. The foundation of deception deals with the
potential victims assumption of truth. Having established this foundation by simply
opening the conversation, the deceptor then manipulate the quality maxim as well as the
remaining maxims to their advantage. Moreover, the speech act theory (Austin, 1962)
and politeness strategy are also important to be analyzed. Since the language is consider
as an action, then the the uttererance itself are consist of three types of action, they are
locutionary (lingusitic feature), illocutionary (meaning or intention), and perlucutionary
(effect of utterence). In manipulating people, the speaker has to frame the target through
series of truth that lead the target to believe in the primary intention.
Furthermore, the concept of mental spaces that proposed Fauconnier will help to
understand the relation on language and deception. Fauconnier defines mental spaces as
constructs distinct from linguistic structures but built up in any discourse according to
guidelines provided by the linguistic expressions (Fauconnier, 1994:16). Deception
deals with mental aspect of the targets which deliver through discourse concerning to
the certain issue, such as the detail information, problem, and virtue of the target. In
other word, the deceiver develops mental space which may influence target.
3. DICUSSION
As mention earlier that many people belive that persuasion is an art which
includes organized actions from information gathering to execution. Information
gathering is the first step that should be done carefully in order to get as much data as
possible concerning to the target. The deciver should know about detail information
such as personal information, abality, interest, job, etc. Beside, the deciver also need to
provide information from third party that can be used to decive the target. For example,
when deciever want to abaout someone, he or she may find information about third
party, such as a company or institution, then gather information concerning to what the
company do, the product or service of the company, location of the company, job
openings, contact number, executive board, mailing adress convention, and other
information that can be used to persuade or convince the target. All of these
informations are important which may help other to conduct further action to exploit the
target. In the active attack in which the deceiver has to lead the target into certain action,
the deceiver has to make the action as real as it is. Below are several example of
medium that the social engineer uses to gather information about the target.
The following ads is one of the data that shows how deciever gather information
about the target:
3

The picture above is a pop-up which appears when someone visit certain website
or click a certain botton in a web page. The picture is claiming that the visitor is
winning amount of money. To analyze the advertisement above, it can be divided into 3
parts:
Structure
Claim
Congratulation! You Won! You Won!
You Won!

Comment
The part is an oppening message which disigned
with big and bold font. The utterance is tell the
visitor that he/she has won amount of money. The
sentence is designed with simple and atractive
structure. The deciver uses imperative sentences
that directly pointed to the target.

Claim Your Prize Award Now Up To

$2.087.56. You are a Guaranteed Winner The second line is highlighted with yellow color
and provides detail further information about
of: $2.087.56 cash, $50 SkyAuction amount of money and the source of the prize.
Saving Certificate or $10.00 Cash

Profiling
Where do You Want Us to Send Any The second part is profiling section which direct
the target to fill up the form. This part is the main
Prizes You Win?
part and can be considered as the intention of the
Your prize notifications and FreeLotto
entry confirmation, daily results and
sponsor advertising messages will be
sent will be sent only by FreeLotto.

deciver in order to gather information about target

personal information. Here the deciver use
politeness strategy by not directly asking the target
about his/her personal information. The deciver
uses interogative sentence by offering benefit for
the target. The utterance Where do you want us to
send any prize you want? can be infered that the

YOUR EMAIL ADDRESS WILL NOT speaker want to know about the detail information
of the target.
BE SHARED WITH ANYONE
The next line consist of information that will
ensure the target has special concern of company
service. This utterance is used for further folow up
or deliver further action that target need to do to
claim their prize. By doing so, the deciver ensure
that they have target trust and make sure that all
information they send in the target email is true.
The last line of second part is statement that the
speaker or deciver will not share the personal
information of the target to other. This is important
statement in order to make sure that the target
believe about their security and privacy. However,
the utterance has implication that the speaker is
intended to say that their company is trustworthy.

Approval
The last part of the ads is the approval part that
provide information about term and condition for
the privacy and policy. This information is mention
in long sentence. Generely, people in internet are
rarely read the privacy policy. It delivers in long
sentence in order to make target confuse and
neglect the policy. By doing so the deciever make
sure that the target ignore the information and
conduct the following action.

Official Rules and FreeLotto Privacy

Policy
.
By clicking on click to release your
winning below, I acknowledge that I
have read Sweepstake Rules & FreeLotto
Term of Use Agreement and agree to be
bound by it.
The next line is confirmation that the offer from the

speaker that they will awarded the target with

amout of money by clicking the button. Here the
speaker enforce the target to push the button. In
fact the button is directed the target to further
information gathering process and many cases the
button is linked for downloading malware, visus,
and trojan which may be used for further
explotation.

After you process your claim you will

have joined FreeLotto where youll get a
free chance to winning over $11 million
in daily prizes. We,ve already awarded
over $93 million in prizes, and you can
become our next millionaire!
The last line is convincing part which provide the
Approval stamp

target with official and approval stamp. This is due

to give mental image for the target that the
notification is legal and true.

The analysis above shows that the deciver uses persuasive language by applying three
layes. First is claim part which aim at catching target attention with imperative sentence and big
bold font. The deciever uses imperative sentence as a direct statement that will lead the target to
exciting feeling. The deciver also apply repetition technique in order to enforce the meaning. By
applying Fauconniers theory, it can be seen that repetition will create mental space to

the target mind. The actual truth conditions exist within the mental space constructed by
the language used in ads. The decievers communicative skill aim to construct the
mental space through discourse in such a way that can be accepted by the target as the
actual world or convincing truth. In order to convince the target, the deciver provides
details including policy, the prize that has been awarded to the winner, and official
signiture and stamp.
5

By analyzing the ads carefully, it can be infered that the main intention of the
deciver is not to exploit the target yet. The fist part of the ads is the attention catcher
which create mental attention in the targets mind. The next part is profiling which will
gather target personal information. This information will be used for the next attact
either by using fake email or using the information for password cracking, hacking
social media account, or sending pornographic link.
Furthermore, button also has important role in directing target to further attack.
The site that the button jumps will drive the target to has the malicious code, virus,
malware, or trojan. These dangerous codes will be injected to the computer of the target
or embeded to browser. By doing so, the diceiver makes sure that they have full access
to the target or victim. It can be seen in the ads that button is designed with simple
directive sentence Click to Release Your Winning. By using pragmatic analysis, the
meaning and the intention of the deciever can be discovered.
Locutionary act : Click to Release Your Winning
Illocutionary act : Give us your personal information and password
Perlocutionary : The target give their personal information and password
Here, the deciever violates maxim quality which can be indicated from the truth
condition. The button is not for claiming the prize but for lead the target to register or
sign up for a site. If the target clicks the button and provide their personal information,
the deciver will harvest the information concerning to email, password, phone number,
address, and other important information. The target realize that the offer is limited, so
they would click on it soon as they get pop-up ads, which more than likely is at work.
The following email is one of the further social enginering method that the deciver uses
to manipulate the target.

Analyze that email. First, it contains an offer that would attract the present

These email is recived by the target when they register or signed up for the website.
This email is used to direct the target providing detail information and make sure that
the the target has been convincing by the ads. Here, the deciver makes series of action
and persuasion to gather information of the target or victim.

After analysing the data, it can be found there are main issues used to pesuade
and decieving the targets, among other issues are related to:
1. Sexual interest
2. Financial interest
3. Religious interest
4. Gaming interest
These are four main issues used by the deciever to gather information and to exploit the
victim source and security.
4. CONCLUSION
Language is powerful tool to influence people. It can be used for good way or evil
way. The reseacrh shows that language can be used as a tool to exploit people and
taking adventage of the victim vurbarabilities. Social engineering is language skill to
find or discover people weakness and then use it to taking advantage from the victim.
The deciver violates the truth condition ot maxim in order to develop mental space in
target mind and make them accept the truth that the deciver send. There are several
issues that used by the diciver to exploit victim, they are sexual interest, financial
interest, religious interest, and gaming interest.
REFERENCE
Austin, John L., (1962). How to Do Things with Words. Harvard: Hardvar University
Press.
Bilgrami, Akeel. (1992). Belief and meaning: the unity and locality of mental content.
Cambridge: Blackwell Publishers.
Boush, David M., Marian Friestad, AND Peter Wright. (2009). Deception in the
marketplace : the psychology of deceptive persuasion and consumer self
protection. New York: Routledge.
Cull, Nicholas J., David Culbert, and David Welch. (2003). Propaganda and Mass
Persuasion: a Historical Encyclopedia. 1500 to the present. ABC-CLIO:
California.
Ekman, Paul. (2003). Unmasking the face. Malors Book: Cambridge.
Fauconnier, Gilles. (1994). Mental Spaces: Aspects of Meaning Construction in Natural
Language. Cambridge: Cambridge University Press.
Grice, Paul. (1975). Logic and Conversation. In Cole, P., and J.L. Morgan, eds. Speech
Acts. New York: Academic Press, 4158).
Hadnagy, Christopher. (2011). Social Engineering: The Art of Human Hacking.
Indianapolis: Wiley Publishing.
Hogan, Kevin. (1996). The psychology of persuasion : how to persuade others to your
way of thinking. Louisiana: Pelican Publishing Company.
Pietarinen, Ahti-Veikko (ed). (2007). Game Theory and Linguistic Meaning. Elsevier:
Amsterdam.
Richard Bandler and John Grinder. 1975. The Structure of Magic. Science and Behavior
Books: California.
Wierzbicka, Anna. (2006). English: Meaning and Culture. Oxford: Oxford University
Press.