Understand psychology-driven social engineering, arm yourself with potent strategies, and mitigate threats to your organization and personal data with this all-encompassing guide
Key Features
Gain insights into the open source intelligence (OSINT) methods used by attackers to harvest data
Understand the evolving implications of social engineering on social networks
Implement effective defensive strategies to mitigate the probability and impact of social engineering attacks
Book Description
Social engineering is one of the most prevalent methods used by attackers to steal data and resources from individuals, companies, and even government entities. This book serves as a comprehensive guide to understanding social engineering attacks and how to protect against them.
The Art of Social Engineering starts by giving you an overview of the current cyber threat landscape, explaining the psychological techniques involved in social engineering attacks, and then takes you through examples to demonstrate how to identify those attacks.
You’ll learn the most intriguing psychological principles exploited by attackers, including influence, manipulation, rapport, persuasion, and empathy, and gain insights into how attackers leverage technology to enhance their attacks using fake logins, email impersonation, fake updates, and executing attacks through social media. This book will equip you with the skills to develop your own defensive strategy, including awareness campaigns, phishing campaigns, cybersecurity training, and a variety of tools and techniques.
By the end of this social engineering book, you’ll be proficient in identifying cyberattacks and safeguarding against the ever-growing threat of social engineering with your defensive arsenal
What you will learn
Grasp the psychological concepts and principles used in social engineering attacks
Distinguish the different types of social engineering attacks
Examine the impact of social engineering on social networks
Find out how attackers leverage OSINT tools to perform more successful attacks
Walk through the social engineering lifecycle
Get a glimpse of the capabilities of Social Engineering Toolkit (SET)
Who this book is for
This book is for cybersecurity enthusiasts, ethical hackers, penetration testers, IT administrators, cybersecurity analysts, or anyone concerned with cybersecurity, privacy, and risk management. It will serve as a valuable resource for managers, decision makers, and government officials to understand the impact and importance of social engineering and how to protect against this threat.
Author(s): Cesar Bravo, Desilda Toska
Publisher: Packt Publishing Pvt Ltd
Year: 2023
Language: English
Pages: 296
The Art of Social Engineering
Foreword
Contributors
About the authors
About the reviewer
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
Part 1: Understanding Social Engineering
1
The Psychology behind Social Engineering
Technical requirements
Disclaimer
Understanding the art of manipulation
Examining the six principles of persuasion
Developing rapport
Using appropriate body language
Using your knowledge to help
Complimenting
Supporting other points of view
Leveraging empathy
Leveraging influence for defensive security
Summary
Further reading
2
Understanding Social Engineering
Technical requirements
Detecting social engineering attacks
Social media attacks
The lost passport
The federal government grant
Romance scam
Fake investment
Fake advertisements
Social engineering and the crypto scam
Summary
3
Common Scam Attacks
Technical requirements
What is a scam?
The Nigerian scam (419)
The history of the scam
Identifying the Nigerian scam
Types of Nigerian scams
Funny Nigerian scams
Avoiding these scams
Other scams
The investor scam
The Business Email Compromise scam
Fraud compensation
Scambaiting
Summary
4
Types of Social Engineering Attacks
Technical requirements
Disclaimer
Phishing attacks
History of phishing attacks
Famous phishing attacks
Types of phishing attacks
Baiting
Physical baiting
Cyber baiting
Protecting yourself against baiting
Dumpster diving
Tailgating
Quid pro quo
Free tech support
Free software to download
How to protect yourself against quid pro quo attacks
Pretexting
Fake job offers
False charities
Watering hole
Crypto mining
Summary
Further reading
Part 2: Enhanced Social Engineering Attacks
5
Enhanced Social Engineering Attacks
Technical requirements
Disclaimer
Targeted attacks
Identifying high-value targets
OSINT
OSINT tools
OSINT methods
OSINT use cases
Web-based attacks
Fake logins
Fake updates
Scareware
Fake pages
Magic-ware
Hacking-ware
Gaming-based attacks
Forum-based attacks
Adware
Summary
6
Social Engineering and Social Network Attacks
Disclaimer
Social engineering through mobile applications
Malicious apps and app-based attacks
Exploiting app permissions for data access
The challenges in identifying and mitigating such attacks
Social engineering via social networks
Clickbait attack
WhatsApp-based attacks
Instagram-based attacks
Other attacks
Sextortion
Fake news attacks
Forex scams
Summary
7
AI-Driven Techniques in Enhanced Social Engineering Attacks
Technical requirements
Artificial intelligence in social engineering attacks
The growing role of AI in social engineering
AI-driven social engineering techniques
Strategies for combating AI-enhanced social engineering attacks
Understanding the threat landscape
Implementing effective security measures
Fostering a culture of security and awareness
Strengthening collaboration and information sharing
Understanding deepfakes
Deepfake videos
How to detect deepfake videos
Deepfake audio
Implications for social engineering attacks
Other AI attacks
Summary
8
The Social Engineering Toolkit (SET)
Technical requirements
SET
Importance of understanding SET in cybersecurity
Installing and setting up SET
System requirements for SET installation
Downloading and installing SET
Executing SET
Understanding the main components and modules of SET
Social-Engineering Attacks
Penetration Testing (Fast-Track)
Other options
Mitigation and defense against SET attacks
Technical controls and vulnerability management
User awareness and training
Email and web filtering
IR and TI
Access controls and privilege management
Continuous monitoring and response
Summary
Further reading
Part 3: Protecting against Social Engineering Attacks
9
Understanding the Social Engineering Life Cycle
Technical requirements
Disclaimer
The history of the social engineering life cycle
The iconic Kevin Mitnick
The social engineering life cycle
Reconnaissance
Target selection
Pretext development
Engagement
Exploitation or elicitation
Execution (post-exploitation)
How to stay protected
Control your social media posts
Configure your privacy settings on social media
Beware of fake profiles
Be cautious
Be careful with dating sites
Avoid social media bragging
Be mindful of your posts
Remove image metadata
Implement awareness campaigns
Summary
10
Defensive Strategies for Social Engineering
Technical requirements
Disclaimer
Importance of defensive strategies
Recognizing social engineering red flags
Employee awareness campaigns
Phishing campaigns and countermeasures
CTF exercises
Enhanced cybersecurity training
Assessing the effectiveness of existing cybersecurity training programs
Identifying gaps and areas for improvement
Case studies and lessons learned
Analyzing real-world social engineering incidents
Extracting valuable lessons from past experiences
Summary
11
Applicable Laws and Regulations for Social Engineering
Technical requirements
Examples of laws and regulations around the world
Convictions for social engineering – lessons learned from notable cases
Summary
Index
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book
