top of page

What is Identity Engineering? (DIM)

  • Writer: Rolando Ramos
    Rolando Ramos
  • Sep 6
  • 2 min read

Updated: 20 hours ago


DIM is the Identity Engineering Model used to understand how social engineers, cybercriminals, and other malicious actors exploit human behavior in security.


ree

Discover


The first phase of the DIM model is Discover, which involves gathering information about a target. This phase is critical to the success of a social engineering attack because it allows the attacker to build a convincing narrative.


Information is often collected from publicly available sources (a practice known as Open-Source Intelligence (OSINT) such as:


  • Social media profiles (LinkedIn, Facebook, etc.)

  • Company websites and press releases

  • Public records

  • Forums and online communities


The attacker uses this discovered information to identify key individuals within an organization, understand the relationships between them, and find potential vulnerabilities or points of contact for the next phase.


Influence


Once the attacker has enough information, they move to the Influence stage. This is where they use psychological tactics to build rapport and gain the target's trust. The goal is to get the target to act in a way that benefits the attacker, often by appealing to human emotions and tendencies. Common influence tactics include:


Urgency: Creating a sense of a time-sensitive emergency to bypass critical thinking.


Authority: Impersonating a person in a position of power, such as a CEO or IT manager, to appear legitimate.


Liking: Building a friendly relationship with the target to make them more likely to comply with requests.


Reciprocity: Offering a small favor or piece of information to make the target feel indebted.


Manipulation


The final phase is Manipulation. This is the execution of the social engineering attack, where the attacker uses the trust and influence they've built to get the target to perform a specific action that compromises security. This could involve:


  • Revealing confidential information (passwords, company data, personal details)

  • Clicking a malicious link in a phishing email

  • Downloading and installing malware

  • Transferring money or assets to a fraudulent account


The DIM model highlights the fact that many security breaches don't result from technical failures but rather from the exploitation of human psychology.

How Can We Help?

VIIEGO

Privacy Policy | Legal Statement

bottom of page