Chapter 1What Is Social Engineering?
Social engineering is the manipulation of people and situations to gain access or information that otherwise is not available to you. Social engineering can sometimes be used to bypass physical security—mechanisms in place to prevent access by unauthorized people—but not always.
Organizations pay me to test their security. I use a combination of social engineering and physical attacks to do so. The security I test might be the locks on their doors, the security guards and receptionists, or their computer networks. Most often, it's all of those and much more, as you'll discover as you read about how I break into banks.
In my role as a security professional, I use psychology, body language, charm, flirtation, lock picks, and other tools to break in. Before all that comes a lot of preparation and paperwork.
Social engineering has a long history, albeit usually by another name—scams. Before we hear about my adventures, let's look at the first social engineering attack.
The best-known historical piece of social engineering is the Trojan Horse. While almost certainly a myth, it's mentioned in book 2 of the Aeneid, a book of Greek poems, and again in The Odyssey by Homer. As I am sure you know, the Greeks pretended to abandon the siege of Troy and left behind a giant wooden horse. The Trojans, thinking it was a gift from the gods, brought it inside their walled city. That night, the Greek warriors hidden inside the horse climbed out, killed the ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access