One of the goals of elicitation is getting to know people better. We use this to make mental judgments of IF and HOW we will develop a relationship with a person. In fact,  this is something we do everyday by talking, listening, and asking questions.

Professional Social Engineering Tactic

Of course it takes on a different role when used as part of a professional social engineering engagement tactic. In this context, the goal is gathering information that is meaningful and relevant to the overall objective, such as  obtaining a username and password.

Process Familiarity

Familiarity of the process will help when you’re engaging in active elicitation with a target. Having a conversation, sharing information and asking well placed questions should not trigger a defensive reaction from the individual. If conversation is casual, this allows you to probe for information you can then build on. As a result, you can reach the goals of your elicitation.


This casual probing conversation is analogous to port scanning a target machine for any open ports that will respond. Knowing which ports and/or protocols are active, enables you to focus efforts on the areas that are meaningful to the target. This keeps them engaged and provides more opportunities for eliciting information from them.

On The Internet

Elicitation via electronic means is also a viable and active attack vector. Spoofed emails and malicious websites that fool a user into providing their personal information or account credentials are excellent examples of eliciting information for use in obtaining access to a target system.