The Art of Social Engineering

The Art of Social Engineering

by Cesar Bravo, Desilda Toska
Released October 2023
Publisher(s): Packt Publishing
ISBN: 9781804613641

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Understand psychology-driven social engineering, arm yourself with potent strategies, and mitigate threats to your organization and personal data with this all-encompassing guide

Key Features

  • Gain insights into the open source intelligence (OSINT) methods used by attackers to harvest data
  • Understand the evolving implications of social engineering on social networks
  • Implement effective defensive strategies to mitigate the probability and impact of social engineering attacks
  • Purchase of the print or Kindle book includes a free PDF eBook

Book Description

Social engineering is one of the most prevalent methods used by attackers to steal data and resources from individuals, companies, and even government entities. This book serves as a comprehensive guide to understanding social engineering attacks and how to protect against them.

The Art of Social Engineering starts by giving you an overview of the current cyber threat landscape, explaining the psychological techniques involved in social engineering attacks, and then takes you through examples to demonstrate how to identify those attacks.

You’ll learn the most intriguing psychological principles exploited by attackers, including influence, manipulation, rapport, persuasion, and empathy, and gain insights into how attackers leverage technology to enhance their attacks using fake logins, email impersonation, fake updates, and executing attacks through social media. This book will equip you with the skills to develop your own defensive strategy, including awareness campaigns, phishing campaigns, cybersecurity training, and a variety of tools and techniques.

By the end of this social engineering book, you’ll be proficient in identifying cyberattacks and safeguarding against the ever-growing threat of social engineering with your defensive arsenal.

What you will learn

  • Grasp the psychological concepts and principles used in social engineering attacks
  • Distinguish the different types of social engineering attacks
  • Examine the impact of social engineering on social networks
  • Find out how attackers leverage OSINT tools to perform more successful attacks
  • Walk through the social engineering lifecycle
  • Get a glimpse of the capabilities of Social Engineering Toolkit (SET)

Who this book is for

This book is for cybersecurity enthusiasts, ethical hackers, penetration testers, IT administrators, cybersecurity analysts, or anyone concerned with cybersecurity, privacy, and risk management. It will serve as a valuable resource for managers, decision makers, and government officials to understand the impact and importance of social engineering and how to protect against this threat.

Table of contents

  1. The Art of Social Engineering
  2. Foreword
  3. Contributors
  4. About the authors
  5. About the reviewer
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Conventions used
    5. Get in touch
    6. Share Your Thoughts
    7. Download a free PDF copy of this book
  7. Part 1: Understanding Social Engineering
  8. Chapter 1: The Psychology behind Social Engineering
    1. Technical requirements
    2. Disclaimer
    3. Understanding the art of manipulation
    4. Examining the six principles of persuasion
    5. Developing rapport
      1. Using appropriate body language
      2. Using your knowledge to help
      3. Complimenting
      4. Supporting other points of view
    6. Leveraging empathy
    7. Leveraging influence for defensive security
    8. Summary
    9. Further reading
  9. Chapter 2: Understanding Social Engineering
    1. Technical requirements
    2. Detecting social engineering attacks
    3. Social media attacks
      1. The lost passport
      2. The federal government grant
      3. Romance scam
      4. Fake investment
      5. Fake advertisements
    4. Social engineering and the crypto scam
    5. Summary
  10. Chapter 3: Common Scam Attacks
    1. Technical requirements
    2. What is a scam?
    3. The Nigerian scam (419)
      1. The history of the scam
      2. Identifying the Nigerian scam
      3. Types of Nigerian scams
      4. Funny Nigerian scams
      5. Avoiding these scams
    4. Other scams
      1. The investor scam
      2. The Business Email Compromise scam
      3. Fraud compensation
    5. Scambaiting
    6. Summary
  11. Chapter 4: Types of Social Engineering Attacks
    1. Technical requirements
    2. Disclaimer
    3. Phishing attacks
      1. History of phishing attacks
      2. Famous phishing attacks
      3. Types of phishing attacks
    4. Baiting
      1. Physical baiting
      2. Cyber baiting
      3. Protecting yourself against baiting
    5. Dumpster diving
    6. Tailgating
    7. Quid pro quo
      1. Free tech support
      2. Free software to download
      3. How to protect yourself against quid pro quo attacks
    8. Pretexting
      1. Fake job offers
      2. False charities
    9. Watering hole
      1. Crypto mining
    10. Summary
    11. Further reading
  12. Part 2: Enhanced Social Engineering Attacks
  13. Chapter 5: Enhanced Social Engineering Attacks
    1. Technical requirements
    2. Disclaimer
    3. Targeted attacks
      1. Identifying high-value targets
    4. OSINT
      1. OSINT tools
      2. OSINT methods
      3. OSINT use cases
    5. Web-based attacks
      1. Fake logins
      2. Fake updates
      3. Scareware
      4. Fake pages
      5. Magic-ware
      6. Hacking-ware
      7. Gaming-based attacks
      8. Forum-based attacks
      9. Adware
    6. Summary
  14. Chapter 6: Social Engineering and Social Network Attacks
    1. Disclaimer
    2. Social engineering through mobile applications
      1. Malicious apps and app-based attacks
      2. Exploiting app permissions for data access
      3. The challenges in identifying and mitigating such attacks
    3. Social engineering via social networks
      1. Clickbait attack
      2. WhatsApp-based attacks
      3. Instagram-based attacks
    4. Other attacks
      1. Sextortion
      2. Fake news attacks
      3. Forex scams
    5. Summary
  15. 7
  16. AI-Driven Techniques in Enhanced Social Engineering Attacks
    1. Technical requirements
    2. Artificial intelligence in social engineering attacks
      1. The growing role of AI in social engineering
      2. AI-driven social engineering techniques
    3. Strategies for combating AI-enhanced social engineering attacks
      1. Understanding the threat landscape
      2. Implementing effective security measures
      3. Fostering a culture of security and awareness
      4. Strengthening collaboration and information sharing
    4. Understanding deepfakes
      1. Deepfake videos
      2. How to detect deepfake videos
      3. Deepfake audio
      4. Implications for social engineering attacks
    5. Other AI attacks
    6. Summary
  17. Chapter 8: The Social Engineering Toolkit (SET)
    1. Technical requirements
    2. SET
      1. Importance of understanding SET in cybersecurity
    3. Installing and setting up SET
      1. System requirements for SET installation
      2. Downloading and installing SET
      3. Executing SET
    4. Understanding the main components and modules of SET
      1. Social-Engineering Attacks
      2. Penetration Testing (Fast-Track)
      3. Other options
    5. Mitigation and defense against SET attacks
      1. Technical controls and vulnerability management
      2. User awareness and training
      3. Email and web filtering
      4. IR and TI
      5. Access controls and privilege management
      6. Continuous monitoring and response
    6. Summary
    7. Further reading
  18. Part 3: Protecting against Social Engineering Attacks
  19. Chapter 9: Understanding the Social Engineering Life Cycle
    1. Technical requirements
    2. Disclaimer
    3. The history of the social engineering life cycle
      1. The iconic Kevin Mitnick
    4. The social engineering life cycle
      1. Reconnaissance
      2. Target selection
      3. Pretext development
      4. Engagement
      5. Exploitation or elicitation
      6. Execution (post-exploitation)
    5. How to stay protected
      1. Control your social media posts
      2. Configure your privacy settings on social media
      3. Beware of fake profiles
      4. Be cautious
      5. Be careful with dating sites
      6. Avoid social media bragging
      7. Be mindful of your posts
      8. Remove image metadata
      9. Implement awareness campaigns
    6. Summary
  20. Chapter 10: Defensive Strategies for Social Engineering
    1. Technical requirements
    2. Disclaimer
    3. Importance of defensive strategies
    4. Recognizing social engineering red flags
    5. Employee awareness campaigns
    6. Phishing campaigns and countermeasures
    7. CTF exercises
    8. Enhanced cybersecurity training
      1. Assessing the effectiveness of existing cybersecurity training programs
      2. Identifying gaps and areas for improvement
    9. Case studies and lessons learned
      1. Analyzing real-world social engineering incidents
      2. Extracting valuable lessons from past experiences
    10. Summary
  21. Chapter 11: Applicable Laws and Regulations for Social Engineering
    1. Technical requirements
    2. Examples of laws and regulations around the world
    3. Convictions for social engineering – lessons learned from notable cases
    4. Summary
  22. Index
    1. Why subscribe?
  23. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts
    3. Download a free PDF copy of this book

Product information

  • Title: The Art of Social Engineering
  • Author(s): Cesar Bravo, Desilda Toska
  • Release date: October 2023
  • Publisher(s): Packt Publishing
  • ISBN: 9781804613641