In the previous chapters, we have been identifying a few tips and techniques to help you master the skills taught, so that you can be better equipped to defend yourself against certain social engineering techniques. Therefore, we are going to go through a few pointers on how to become a master in elicitation. However, you should note the following:

• A social engineer never asks a target too many questions, as this will likely turn them off. Nothing is as annoying as being blasted with question after question after question. Remember the three tips given previously about starting off and maintaining conversations with targets.
• A social engineer never asks too few questions, in order to avoid raising suspicion and awkwardness. They would never leave a target wondering why some questions were asked and then swiftly abandoned. They will know how to amicably close a line of questions.
• Social engineers will never ask more than one question at a time. Not only will this cause confusion but it will also reduce the amount of information the target will be willing to give out.

Elicitation requires a delicate balance. A social engineer must never have an extreme of either too little or too much. Also, elicitation is not only applicable to social engineering. Unlike, some of the other skills taught in the preceding chapters, the skill taught here is applicable in normal and non-malicious conversations.

Elicitation should follow the same flow of a normal conversation; it's just that the social engineer should control the path the conversation takes. Think of elicitation as a funnel, wide at the top and narrowing down the deeper it gets. At the start of the conversation, the conversation is neutral and the questions asked are random. However, as the conversation progresses, the conversation becomes more focused on a few topics that the social engineer wishes to gather data on. Therefore, open-ended questions could be used to start off the conversation and keep it going, and from there, some closed-ended questions could be brought in to direct the conversation down the funnel. At the end of the funnel, the social engineer will get a good stream of information from the client, filtered to only give out the necessary details. The funneling process has to be a careful one to ensure that other elements of social engineering, such as rapport and trust, are built up earlier in the conversation to avoid the target from being resistant to answering some questions.