Elicitation
A social engineering technique that extracts sensitive information through seemingly innocent conversation, without the target realising they are being pumped for intelligence.
Also known as: conversational intelligence gathering, social engineering elicitation
Last reviewed: 1 June 2026
Elicitation is a covert information-gathering technique used by intelligence operatives, social engineers, and fraudsters to extract sensitive data through natural-seeming conversation. Unlike a direct question — which might raise suspicion — elicitation relies on indirect conversational tactics: making a plausibly wrong statement that the target corrects, volunteering information to encourage reciprocity, expressing flattery or genuine interest in the target's area of expertise, or using silence to encourage the target to fill the gap with detail.
In a fraud context, elicitation might be used in a pretexting call where the caller gradually extracts account numbers, security question answers, or internal procedures from a customer service representative. In corporate espionage, elicitation might occur at an industry conference where a competitor's employee is drawn into detailed technical discussion while seemingly just networking.
The technique is difficult to defend against because it feels like normal conversation rather than an attack. Security awareness training teaches employees to recognise elicitation attempts by noticing when conversations unexpectedly drift toward sensitive topics, when a stranger seems unusually interested in specific details, or when information sharing feels one-sided.
Examples
- A caller poses as a journalist writing about cybersecurity, casually asking an employee about their company's remote access setup; through a 20-minute conversation, the employee unknowingly reveals which VPN software and authentication method is used.