Join Blinkist to get the key ideas from
Get the key ideas from
Get the key ideas from
The Art of Human Hacking
- Read in 15 minutes
- Audio & text available
- Contains 9 key ideas
Social Engineering (2011) reveals the secret methods hackers and con artists use to manipulate their targets and scam their victims. The book provides detailed step-by-step depictions of how criminals plan a scheme, and gives you all the tools you need to prevent yourself from being duped.
Key idea 1 of 9
Social engineering is a way to gain influence over others without them knowing.
Have you ever been persuaded into buying something only to realize later on that you don’t need or want whatever you’ve bought? If so, you’re not alone. Most of us have been brought under the influence of some social engineering tactic at one point or another.
Social engineering is a set of psychological tricks that exploit human vulnerabilities to influence a target’s actions. These tricks can manifest themselves as spoken language, body language and hidden suggestions.
Governments, salespeople and law enforcement officers are deeply familiar with these tactics, but the fact is that we all use social engineering, even with our friends, family and co-workers. For example, when a kid says “I love you, Mommy. Can I have a puppy for my birthday?” they are using social engineering to influence their parent.
Of course, social engineering isn’t only about short-term gain; it can actually be used to do great harm to people. Scammers and con artists, for instance, use social engineering to manipulate their targets and compromise security systems.
If you want to install malware onto a company’s server, you could go in guns blazing and fight your way to the server room. But that’s messy. A social engineer will instead do something like disguise themselves as an IT specialist and prepare a convincing story to get past security.
Once inside, they’re free to do what they want and no one will be the wiser. As far as the security guard knows, the “IT person” was just doing their job.
But no one wants to be conned like this. Luckily, we can protect ourselves with a solid understanding of how social engineering works.
Security auditors, like the author, are hired to play the role of malicious social engineers to test a client’s security system by performing authorized penetration tests, or pentests for short, which are basically fake social engineering attacks. The client, of course, doesn’t know when, where or how this will happen.