The Art of Social Engineering: Uncover the secrets behind the human dynamics in cybersecurity 9781804613641
Understand psychology-driven social engineering, arm yourself with potent strategies, and mitigate threats to your organ
427 102 15MB
English Pages 296 Year 2023
Table of contents :
The Art of Social Engineering
Foreword
Contributors
About the authors
About the reviewer
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
Part 1: Understanding Social Engineering
1
The Psychology behind Social Engineering
Technical requirements
Disclaimer
Understanding the art of manipulation
Examining the six principles of persuasion
Developing rapport
Using appropriate body language
Using your knowledge to help
Complimenting
Supporting other points of view
Leveraging empathy
Leveraging influence for defensive security
Summary
Further reading
2
Understanding Social Engineering
Technical requirements
Detecting social engineering attacks
Social media attacks
The lost passport
The federal government grant
Romance scam
Fake investment
Fake advertisements
Social engineering and the crypto scam
Summary
3
Common Scam Attacks
Technical requirements
What is a scam?
The Nigerian scam (419)
The history of the scam
Identifying the Nigerian scam
Types of Nigerian scams
Funny Nigerian scams
Avoiding these scams
Other scams
The investor scam
The Business Email Compromise scam
Fraud compensation
Scambaiting
Summary
4
Types of Social Engineering Attacks
Technical requirements
Disclaimer
Phishing attacks
History of phishing attacks
Famous phishing attacks
Types of phishing attacks
Baiting
Physical baiting
Cyber baiting
Protecting yourself against baiting
Dumpster diving
Tailgating
Quid pro quo
Free tech support
Free software to download
How to protect yourself against quid pro quo attacks
Pretexting
Fake job offers
False charities
Watering hole
Crypto mining
Summary
Further reading
Part 2: Enhanced Social Engineering Attacks
5
Enhanced Social Engineering Attacks
Technical requirements
Disclaimer
Targeted attacks
Identifying high-value targets
OSINT
OSINT tools
OSINT methods
OSINT use cases
Web-based attacks
Fake logins
Fake updates
Scareware
Fake pages
Magic-ware
Hacking-ware
Gaming-based attacks
Forum-based attacks
Adware
Summary
6
Social Engineering and Social Network Attacks
Disclaimer
Social engineering through mobile applications
Malicious apps and app-based attacks
Exploiting app permissions for data access
The challenges in identifying and mitigating such attacks
Social engineering via social networks
Clickbait attack
WhatsApp-based attacks
Instagram-based attacks
Other attacks
Sextortion
Fake news attacks
Forex scams
Summary
7
AI-Driven Techniques in Enhanced Social Engineering Attacks
Technical requirements
Artificial intelligence in social engineering attacks
The growing role of AI in social engineering
AI-driven social engineering techniques
Strategies for combating AI-enhanced social engineering attacks
Understanding the threat landscape
Implementing effective security measures
Fostering a culture of security and awareness
Strengthening collaboration and information sharing
Understanding deepfakes
Deepfake videos
How to detect deepfake videos
Deepfake audio
Implications for social engineering attacks
Other AI attacks
Summary
8
The Social Engineering Toolkit (SET)
Technical requirements
SET
Importance of understanding SET in cybersecurity
Installing and setting up SET
System requirements for SET installation
Downloading and installing SET
Executing SET
Understanding the main components and modules of SET
Social-Engineering Attacks
Penetration Testing (Fast-Track)
Other options
Mitigation and defense against SET attacks
Technical controls and vulnerability management
User awareness and training
Email and web filtering
IR and TI
Access controls and privilege management
Continuous monitoring and response
Summary
Further reading
Part 3: Protecting against Social Engineering Attacks
9
Understanding the Social Engineering Life Cycle
Technical requirements
Disclaimer
The history of the social engineering life cycle
The iconic Kevin Mitnick
The social engineering life cycle
Reconnaissance
Target selection
Pretext development
Engagement
Exploitation or elicitation
Execution (post-exploitation)
How to stay protected
Control your social media posts
Configure your privacy settings on social media
Beware of fake profiles
Be cautious
Be careful with dating sites
Avoid social media bragging
Be mindful of your posts
Remove image metadata
Implement awareness campaigns
Summary
10
Defensive Strategies for Social Engineering
Technical requirements
Disclaimer
Importance of defensive strategies
Recognizing social engineering red flags
Employee awareness campaigns
Phishing campaigns and countermeasures
CTF exercises
Enhanced cybersecurity training
Assessing the effectiveness of existing cybersecurity training programs
Identifying gaps and areas for improvement
Case studies and lessons learned
Analyzing real-world social engineering incidents
Extracting valuable lessons from past experiences
Summary
11
Applicable Laws and Regulations for Social Engineering
Technical requirements
Examples of laws and regulations around the world
Convictions for social engineering – lessons learned from notable cases
Summary
Index
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book
