Harden the human firewall against the most current threats Social Engineering: The Science of Human Hacking reveals the craftier side of the hackers repertoirewhy hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past. The way that we make decisions as humans affects everything from our emotions to our security. Hackers, since the beginning of time, have figured out ways to exploit that decision making process and get you to take an action not in your best interest. This new Second Edition has been updated with the most current methods used by sharing stories, examples, and scientific study behind how those decisions are exploited. Networks and systems can be hacked, but they can also be protected; when the system in question is a human being, there is no software to fall back on, no hardware upgrade, no code that can lock information down indefinitely. Human nature and emotion is the secret weapon of the malicious social engineering, and this book shows you how to recognize, predict, and prevent this type of manipulation by taking you inside the social engineers bag of tricks. Examine the most common social engineering tricks used to gain access Discover which popular techniques generally dont work in the real world Examine how our understanding of the science behind emotions and decisions can be used by social engineers Learn how social engineering factors into some of the biggest recent headlines Learn how to use these skills as a professional social engineer and secure your company Adopt effective counter-measures to keep hackers at bay By working from the social engineers playbook, you gain the advantage of foresight that can help you protect yourself and others from even their best efforts. Social Engineering gives you the inside information you need to mount an unshakeable defense.
Acknowledgments xi Foreword xix Preface xxi 1 A Look into the New World of Professional Social Engineering . What Has Changed? 2 Why Should You Read This Book? 4 An Overview of Social Engineering 6 The SE Pyramid 11 What's in This Book? 14 Summary 15 2 Do You See What I See? 17 A Real-World Example of Collecting OSINT 17 Nontechnical OSINT 22 Tools of the Trade 59 Summary 61 3 Pro?ling People Through Communication 63 The Approach 66 Enter the DISC 68 Summary 80 4 Becoming Anyone You Want to Be 83 The Principles of Pretexting 84 Summary 98 5 I Know How to Make You Like Me 101 The Tribe Mentality 103 Building Rapport as a Social Engineer 105 The Rapport Machine 120 Summary 121 6 Under the In?uence 123 Principle One: Reciprocity 125 Principle Two: Obligation 128 Principle Three: Concession 131 Principle Four: Scarcity 134 Principle Five: Authority 137 Principle Six: Consistency and Commitment 142 Principle Seven: Liking 146 Principle Eight: Social Proof 148 In?uence vs. Manipulation 151 Summary 156 7 Building Your Artwork 157 The Dynamic Rules of Framing 159 Elicitation 168 Summary 182 8 I Can See What You Didn't Say 183 Nonverbals Are Essential 184 All Your Baselines Belong to Us 187 Understand the Basics of Nonverbals 196 Comfort vs. Discomfort 198 Summary 220 9 Hacking the Humans 223 An Equal Opportunity Victimizer 224 The Principles of the Pentest 225 Phishing 229 Vishing 233 SMiShing 240 Impersonation 241 Reporting 246 Top Questions for the SE Pentester 250 Summary 254 10 Do You Have a M.A.P.P.? 257 Step 1: Learn to Identify Social Engineering Attacks 259 Step 2: Develop Actionable and Realistic Policies 261 Step 3: Perform Regular Real-World Checkups 264 Step 4: Implement Applicable Security-Awareness Programs 266 Tie It All Together 267 Gotta Keep 'Em Updated 268 Let the Mistakes of Your Peers Be Your Teacher 270 Create a Security Awareness Culture 271 Summary 274 11 Now What? 277 Soft Skills for Becoming an Social Engineer 277 Technical Skills 280 Education 281 Job Prospects 283 The Future of Social Engineering 284 Index 287
Accessing your eBook through Kortext
Once purchased, you can view your eBook through the Kortext app, available to download for Windows, Android and iOS devices. Once you have downloaded the app, your eBook will be available on your Kortext digital bookshelf and can even be downloaded to view offline anytime, anywhere, helping you learn without limits.
In addition, you'll have access to Kortext's smart study tools including highlighting, notetaking, copy and paste, and easy reference export.
To download the Kortext app, head to your device's app store or visit https://app.kortext.com to sign up and read through your browser.
NB: eBook is only available for a single-user licence (i.e. not for multiple / networked users).
