Luna摘记 | Human Hacking

May 20, 2021 字数 3701 8 min

0. 前言


Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You


GoodReads: 3.75/5,出版于 2021 年 1 月。


Christopher Hadnagy,美国作家、IT 企业家、信息安全顾问,写了一系列关于 Social Engineering 的书。

Social Engineering 社会工程

书中提到了 ethical social engineering(有道德的社会工程),就是利用人性和人们的心理来达到自己想要的目的(好的那种目的)。


Luna 说

Social Engineer 这个词其实是偏负面的,毕竟没有人希望自己被别人利用,但是我觉得了解一下 social engineer 的技巧,也能让我们更好地识别出不怀好意的人,防止自己的信息被泄露。



Employ these tactics with compassion, not for the sake of manipulation!

1. 善用影响力






善意的社会工程则期望达到双赢的局面,“leave others better off for having met you” 才是我们想要达到的结果。

Unlike ethical human hacking, criminal hacking involves preying on people’s emotions to compel compliance, regardless of how negatively it affects them. But when you apply social engineering ethically, it enables others to feel happier about themselves by giving you what you want, as in the case of the airline attendant. It’s a win-win situation.

2. 了解自己的沟通类型 - DISC

在 hack 别人之前,我们得先了解自己的沟通方式和习惯,作者推荐使用 DISC 模型。

Master your own communication tendencies before assessing others.

DISC 模型把人分成四个类型:

  • Dominant: confident and results-oriented
  • Influener: enthusiastic collaborators
  • Sincere: calm and supportive
  • Conscientious: organized and factual



  1. In social encounters, are you usually people-oriented or results-focused?
  2. In conversations, do you prefer to be direct or indirect?

假如你认为 result 优先,喜欢直接的沟通方式,那么你很可能是 D 或者 I;

反之,假如你认为 people 优先,喜欢委婉的沟通,那么你很可能是 S 或者 C。


比如 Influencer 类型的人可能总是在谈论自己的 feelings,那么你可以试试在接下来的一周中控制谈论自己的欲望,并且注意在哪些情况下你会有谈论自己的欲望,找到那个 trigger。


你可以分析身边重要的人的 DISC 类型,根据他们的类型调整你和他们的沟通方式。

No matter your end goal, adjusting your communication to others’ needs improves your chances of success.

3. PREPARE Framework

在谈话之前,你需要有一个 pretext,这个词的翻译在 social engineer 的语境下比较难理解,所以我把它解释为:精心准备的语境

pretext: a reason given in justification of a course of action that is not the real reason. 托词,挡箭牌

Create effective pretexts to skew conversations to your advantage.


创造语境的 7 个步骤

Pretexting involves considering others’ needs to create an advantageous context for the encounter. To pretext effectively before any conversation, the author offers a simple seven-step framework that’s easy to remember with the acronym PREPARE.

P: Problem you need to solve

R: Result you seek

E: Emotional atmosphere of the conversation you want

P: Necessary provocation to generate the emotions

A: Activate your pretext

  • This involves clarifying the pretext of the interaction to yourself. In this interaction, your pretext might be “attentive and helpful parent.” All subsequent actions should align with this pretext.
  • Like profiling, pretexting is above all about trying to grasp how others tick, and about reaching a consensus that leaves both of you better off than before the conversation.

R: Render - the delivery of your message, where, when, how to approach your subject

E: Evaluate whether every step in the PREPARE framework aligns with your expectation of this conversation

4. 建立和他人的良好关系

Build rapport with others and motivate them to agree to your request

想要跟别人搭讪的时候,最好的方法是让别人知道你不会占用太多的时间,你可以说“能打扰你两分钟吗?我想问一下 xxx”,这种问法比“能打扰你一下吗?”的成功率来的更高,因为人们知道这个谈话只需要两分钟(你可以在实际说的时候超时)。

Be precise and say, “Excuse me – can I bother you for two minutes? I’m new to the neighborhood and I’m looking for a good restaurant.” If you provide a pretext and imply a short duration, the person will be much more willing to talk with you.


Be mindful that this applies to other people – so when you’re initiating a conversation, show the other person that interacting with you is definitely worth her time.

当别人愿意跟你聊天时,你要先介绍一下你自己(offer personal information about yourself),然后再征求别人的意见。

Another tactic is to put your subject in a position of authority. Whenever you give the gift of information and authority, you motivate reciprocal behavior.

By practicing rapport-building more diligently, you’ll get more of what you want, while at the same time making others feel good about themselves.


使用 reflective question 的技巧来提高自己的倾听能力,你可以重复对方说的最后 3-4 个词语,用提问的方式来重复这句话。

比如,假如有人说:Peru is the coolest country I’ve ever visited,你可以用 reflective question 来回应:Really? Peru is the coolest country you’ve ever visited?


5. 用一些小技巧让别人帮助你达成目标

Combine subtle tactics to influence others to do your bidding.

  1. 给别人一些小恩小惠,然后别人会有「回报」你的欲望。
  2. 在某个话题上体现出自己的专业性,给出一些专家级的建议,赢得别人的信任(Most of us are socialized to respect authority figures);





不要过度使用这些技巧,适当使用才能事半功倍,用力过猛反而会起到反作用(Subtlety is key)。

If your intentions are obvious, people will catch on and you’ll risk coming off as unlikeable.

6. 如何轻易获取别人的信息


Elicitation is a specific form of influence in which you prompt people to divulge what they might otherwise keep secret.

elicitation 的最大特点就是没有威胁性,假如你有策略,就能让你的目标主动把敏感信息泄露给你。


另外一个技巧是 make false statements(故意说错),因为人们有纠正别人的欲望,当你说错时,别人会用正确的信息来纠正你的错误,你就可以得到你想到的信息。


People have a natural tendency to correct erroneous statements, so if you purposely say something untrue, it will usually prompt your subject to correct you and reveal new information in the process. The statement can be completely nonsensical.


建立一些社交媒体的账户,跟一些没有防范心的人 connect,然后提取他们账户里面的敏感信息。

7. 读懂非语言的信号

Learning how to read and display nonverbal cues can boost communication in your favor, as they provide valuable information that can boost your rapport-building efforts.


  • ventral fronting: a person tilts his hips and belly toward you, this can also indicate openness and comfort
  • ventral display: indicate trust
  • head tilt and show underside of wrists and hands: indicate openness
  • palm facing down and head straight: formal presence

跟别人交谈的时候,你要通过观察对方的身体语言来判断对方是否感觉安全和舒适,你可以观察对方 20-30 秒(太久会很奇怪),然后捕捉一些关键的身体语言信号。


你可以通过控制自己的身体语言来让对方感受到你希望交流的信号,还可以用一些身体语言影响别人的情绪 - 这也被称为“mirroring” - 你笑的时候,对方也能感受到积极的情绪。

In most situations, if you make a point of conveying happiness and confidence through your body language, you will be rewarded for it.

8. 识别恶意的 social engineering

前面我们学了很多 social engineering 的技巧,当别人用这些技巧来恶意操纵我们的时候,我们也要能够意识到。


这种操纵被称为“emotional hijacking”,情感绑架。

Scammers and other manipulators like to elicit strong emotions such as fear or pain because these activate a walnut-sized piece of gray matter in our brain known as the amygdala, which shuts down critical thinking and increases susceptibility to external influence.

  • devious manipulation techniques 狡诈的操纵技巧

还有一种技巧,叫做 “forced evaluation”,就是让别人质疑自己知道的事情。比如公司发布即将裁员的信息,会激发人们的恐惧情绪,加倍努力工作,保证自己不被裁掉。

通过激发一些负面的情绪,比如困惑(confusion),不确定(uncertainty)能够让人产生心理上的无力感(psychological powerlessness),这会对人们的心理造成长期的、破坏性的作用。

Instead of resorting to manipulation at the risk of causing pain and suffering, take the higher road. Ask yourself honestly what manipulation tactics you typically use and how you might replace them with ethical tools like profiling, pretexting, rapport-building and body language to get what you want.

9. 技巧整理

rapport-building 建立关系

  • placing your subject(你的目标人) in a position of authority 让别人处于权威地位
  • place yourself in a position of authority 让自己处于权威地位
  • read nonverbal clues 读懂别人的非语言信号
  • mirroring 用自己的行为和肢体语言影响别人
  • posing reflective questions

principles of influence 影响力

  • reciprocation 回报

Get information without asking 让别人主动提供信息

  • elicitation 启发
  • state a reported fact
  • make a false statement

Manipulation 恶意操作

  • emotional hijacking
  • forced evaluation

Talk to Luna

Support Luna