+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

Social Engineering. The Science of Human Hacking. Edition No. 2

  • Book
  • 320 Pages
  • September 2018
  • John Wiley and Sons Ltd
  • ID: 4472549

Harden the human firewall against the most current threats

Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker’s repertoire - why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past. The way that we make decisions as humans affects everything from our emotions to our security. Hackers, since the beginning of time, have figured out ways to exploit that decision making process and get you to take an action not in your best interest. This new Second Edition has been updated with the most current methods used by sharing stories, examples, and scientific study behind how those decisions are exploited.

Networks and systems can be hacked, but they can also be protected; when the “system” in question is a human being, there is no software to fall back on, no hardware upgrade, no code that can lock information down indefinitely. Human nature and emotion is the secret weapon of the malicious social engineering, and this book shows you how to recognize, predict, and prevent this type of manipulation by taking you inside the social engineer’s bag of tricks.

  • Examine the most common social engineering tricks used to gain access
  • Discover which popular techniques generally don’t work in the real world
  • Examine how our understanding of the science behind emotions and decisions can be used by social engineers
  • Learn how social engineering factors into some of the biggest recent headlines
  • Learn how to use these skills as a professional social engineer and secure your company
  • Adopt effective counter-measures to keep hackers at bay

By working from the social engineer’s playbook, you gain the advantage of foresight that can help you protect yourself and others from even their best efforts. Social Engineering gives you the inside information you need to mount an unshakeable defense.

Table of Contents

Acknowledgments xi

Foreword xix

Preface xxi

1 A Look into the New World of Professional Social Engineering  .

What Has Changed? 2

Why Should You Read This Book? 4

An Overview of Social Engineering 6

The SE Pyramid 11

What’s in This Book? 14

Summary 15

2 Do You See What I See? 17

A Real-World Example of Collecting OSINT 17

Nontechnical OSINT 22

Tools of the Trade 59

Summary 61

3 Profiling People Through Communication 63

The Approach 66

Enter the DISC 68

Summary 80

4 Becoming Anyone You Want to Be 83

The Principles of Pretexting 84

Summary 98

5 I Know How to Make You Like Me 101

The Tribe Mentality 103

Building Rapport as a Social Engineer 105

The Rapport Machine 120

Summary 121

6 Under the Influence 123

Principle One: Reciprocity 125

Principle Two: Obligation 128

Principle Three: Concession 131

Principle Four: Scarcity 134

Principle Five: Authority 137

Principle Six: Consistency and Commitment 142

Principle Seven: Liking 146

Principle Eight: Social Proof 148

Influence vs. Manipulation 151

Summary 156

7 Building Your Artwork 157

The Dynamic Rules of Framing 159

Elicitation 168

Summary 182

8 I Can See What You Didn’t Say 183

Nonverbals Are Essential 184

All Your Baselines Belong to Us 187

Understand the Basics of Nonverbals 196

Comfort vs. Discomfort 198

Summary 220

9 Hacking the Humans 223

An Equal Opportunity Victimizer 224

The Principles of the Pentest 225

Phishing 229

Vishing 233

SMiShing 240

Impersonation 241

Reporting 246

Top Questions for the SE Pentester 250

Summary 254

10 Do You Have a M.A.P.P.? 257

Step 1: Learn to Identify Social Engineering Attacks 259

Step 2: Develop Actionable and Realistic Policies 261

Step 3: Perform Regular Real-World Checkups 264

Step 4: Implement Applicable Security-Awareness Programs 266

Tie It All Together 267

Gotta Keep ’Em Updated 268

Let the Mistakes of Your Peers Be Your Teacher 270

Create a Security Awareness Culture 271

Summary 274

11 Now What? 277

Soft Skills for Becoming an Social Engineer 277

Technical Skills 280

Education 281

Job Prospects 283

The Future of Social Engineering 284

Index 287


Christopher Hadnagy