O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Learn Social Engineering

Book Description

Improve information security by learning Social Engineering.

About This Book
  • Learn to implement information security using social engineering
  • Get hands-on experience of using different tools such as Kali Linux, the Social Engineering toolkit and so on
  • Practical approach towards learning social engineering, for IT security
Who This Book Is For

This book targets security professionals, security analysts, penetration testers, or any stakeholder working with information security who wants to learn how to use social engineering techniques. Prior knowledge of Kali Linux is an added advantage

What You Will Learn
  • Learn to implement information security using social engineering
  • Learn social engineering for IT security
  • Understand the role of social media in social engineering
  • Get acquainted with Practical Human hacking skills
  • Learn to think like a social engineer
  • Learn to beat a social engineer
In Detail

This book will provide you with a holistic understanding of social engineering. It will help you to avoid and combat social engineering attacks by giving you a detailed insight into how a social engineer operates.

Learn Social Engineering starts by giving you a grounding in the different types of social engineering attacks,and the damages they cause. It then sets up the lab environment to use different toolS and then perform social engineering steps such as information gathering. The book covers topics from baiting, phishing, and spear phishing, to pretexting and scareware.

By the end of the book, you will be in a position to protect yourself and your systems from social engineering threats and attacks.

All in all, the book covers social engineering from A to Z , along with excerpts from many world wide known security experts.

Style and approach

A step-by-step practical guide that will get you well acquainted with Social Engineering. You'll be able to get started with it in a matter of minutes with the help of different tools such as the Social Engineering toolkit , Kali Linux and so on.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Learn Social Engineering
  3. Dedication
  4. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  5. Foreword
  6. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  7. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Get in touch
      1. Reviews
    5. Disclaimer
  8. Introduction to Social Engineering
    1. Overview of social engineering
    2. Applications of social engineering
    3. The social engineering framework
      1. Information gathering
        1. Nontechnical
        2. Technical
      2. Elicitation
      3. Pretexting
      4. Mind tricks
      5. Persuasion
      6. Tools used in social engineering
        1. Physical tools
        2. Software-based tools
    4. Social engineering examples from Hollywood
      1. Matchstick Men (2003)
      2. Catch Me If You Can (2002)
      3. Ocean's Eleven (2001)
    5. Tips
    6. Summary
  9. The Psychology of Social Engineering – Mind Tricks Used
    1. Introduction
    2. Modes of thinking
      1. Visual thinkers
      2. Auditory thinkers
      3. Kinesthetic thinkers
      4. Determining one's dominant sense and mode of thinking
      5. Importance of understanding a target's mode of thinking
    3. Microexpressions
      1. Anger
      2. Disgust
      3. Contempt
      4. Fear
      5. Surprise
      6. Sadness
      7. Happiness
      8. Training to see microexpressions
      9. How microexpressions are used in a social engineering attack?
        1. Contradictions
        2. Hesitation
        3. Behavioral changes
        4. Gestures
    4. NLP
      1. Codes of NLP
        1. Voice
        2. Sentence structuring
        3. Word choice
      2. Interview and interrogation
        1. Expert interrogation techniques
      3. Gesturing
      4. Attentive listening
      5. Building rapport
    5. Human buffer overflow
      1. Fuzzing the brain
      2. Embedded commands
    6. Tips
    7. Summary
  10. Influence and Persuasion
    1. Introduction
    2. Five fundamental aspects of persuasion
    3. Setting up the environment
      1. Influence tactics
        1. Reciprocation
        2. Obligation
        3. Concession
        4. Scarcity
        5. Authority
        6. Legal authority
        7. Organizational authority
        8. Social authority
      2. Commitment and consistency
      3. Liking
      4. Social proof
    4. Reality alteration (framing)
    5. Manipulation
      1. Negative manipulation tactics
        1. Increasing predictability
        2. Controlling the target's environment
        3. Casting doubt
        4. Making the target powerless
        5. Punishing the target
        6. Intimidation
      2. Positive manipulation tips and tactics
    6. Summary
  11. Information Gathering
    1. Introduction
    2. Gathering information about targets
      1. Technical information-gathering methods
        1. BasKet 
        2. Dradis 
        3. Websites
        4. Search engines
        5. Pipl
        6. Whois.net
        7. Social media
        8. Phishing and spear phishing
        9. Watering holes
        10. Blogs
        11. Telephone
      2. Nontechnical methods
        1. Dumpster diving
        2. Intrusion and impersonation
        3. Tailgating
        4. Shoulder surfing
        5. Observation
    3. Tips
    4. Summary
  12. Targeting and Recon
    1. Introduction
    2. Banks
    3. Old organizations
    4. Organizational employees
      1. IT personnel
      2. Customer support agents
      3. Senior-level staff
      4. Finance personnel
    5. Elderly people
    6. Well-wishers
    7. Tips
    8. Summary
  13. Elicitation
    1. Introduction
    2. Getting into conversations with strangers
    3. Preloading
    4. Avoiding elicitation
      1. Appealing to egos
      2. Showing mutual interest
      3. Falsifying statements
      4. Flattering
      5. Volunteering information
      6. Assuming knowledge
      7. Using ignorance
      8. Capitalizing on alcoholic drinks
      9. Being a good listener
      10. Using intelligently-posed questions
      11. Assumptive questions
      12. Bracketing
    5. Learning the skill of elicitation
    6. Tips
    7. Summary
  14. Pretexting
    1. Introduction
    2. Principles and planning of pretexting
      1. Doing research
    3. Google hacking
      1. The power of Google hacking
      2. Feedback from the victims
      3. Google hacking secrets
        1. Operators
      4. Using personal interests
      5. Practicing dialects
      6. Using phones
      7. Choosing simple pretexts
      8. Spontaneity
      9. Providing logical conclusions
    4. Successful pretexting
      1. HP information leak
      2. Stanley Rifkin
      3. DHS hack
      4. Internal Revenue Service scams
        1. Phone calls
      5. Emails
        1. Business email compromise
        2. Letters
      6. Ubiquiti networks
    5. Legal concerns of pretexting
    6. Tools to enhance pretexts
    7. Tips 
    8. Summary
  15. Social Engineering Tools
    1. The tools for social engineering
      1. Physical tools
        1. Lockpicks
        2. Recording devices
        3. GPS trackers
      2. Software tools
        1. Maltego
        2. Features of the software
        3. Technical specifications
        4. How to use Maltego?
        5. Maltego for network data gathering
          1. Step 1 – opening Maltego
          2. Step 2 – choosing a machine
          3. Step 3 – choosing a target
          4. Step 4 – results
        6. Using Maltego to collect data on an individual
          1. Step 1 – selecting the machine
          2. Step 2 – specifying a target
          3. Step 3 – results
        7. Google
        8. Hacking personal information
        9. Hacking servers
          1. Apache servers
          2. Microsoft servers
          3. Oracle servers
          4. IBM servers
          5. Netscape servers
          6. Red Hat servers
          7. System reports
          8. Error message queries
        10. Social engineer toolkit (SET)
        11. Spear phishing
        12. Web attack vector
        13. Infectious media generator
        14. SMS spoofing attack vector
        15. Wireless access point attack vector
        16. QRCode attack vector
        17. Third-party modules – fast track exploitation
        18. Create a payload and listener
        19. Mass mailer attack
      3. Phone tools
        1. Caller ID spoofing
        2. Scripts
        3. The way back machine
        4. Spokeo
        5. Metagoofil
        6. Fingerprinting Organizations with Collected Archives (FOCA)
        7. The credential harvester attack method
        8. Social engineering exercise
        9. Phishing with BeEF
        10. Zabasearch.com
        11. Job postings
        12. Shodan.io
        13. Default passwords
        14. Hardware keyloggers
        15. Toll-free number providers
        16. Netcraft website
        17. Netcraft toolbar
        18. Microsoft Edge SmartScreen
          1. Windows Defender application guard
          2. SmartScreen filter
        19. Windows Defender network protection
        20. Highly recommended
      4. Ask the experts
    2. Tips
    3. Summary
  16. Prevention and Mitigation
    1. Learning to identify social engineering attacks
      1. Emails
      2. Phishing attempts
      3. Baiting
      4. Responding to unasked questions
      5. Creating distrust
      6. Other signs
    2. Mitigating social engineering attacks
      1. Phone calls
      2. Emails
      3. In-person attacks
      4. Social engineering audit
    3. Summary
  17. Case Studies of Social Engineering
    1. What is social engineering?
      1. Information gathering
      2. Developing relationships
      3. Exploitation
      4. Execution
      5. Why is it so effective?
    2. Case studies of social engineering
      1. CEO fraud
      2. Financial phishing
      3. Social media phishing
      4. Ransomware phishing
      5. Bitcoin phishing
    3. Social engineering case study - Keepnet labs phishing simulation
      1. Analysis of top ten industries
      2. Examination of total emails sent within one year
      3. Evaluation of social engineering attacks of the top five companies with the largest number of users
    4. Tips 
    5. Summary
  18. Ask the Experts – Part 1
    1. Troy Hunt 
    2. Jonathan C. Trull
      1. What is social engineering?
        1. Staying safe from social engineering attacks
          1. People
          2. Process
          3. Technology
        2. Developing an effective cyber strategy
          1. Resources
          2. Business drivers
          3. Data
          4. Controls
          5. Threats
    3. Marcus Murray and Hasain Alshakarti
      1. Sample scenario – the workstation-data collection job
        1. Step 1 – preparing the attack
        2. Step 2 – staging the attack
        3. Step 3 – selecting the target
        4. Step 4 – launching the attack
        5. Step 5 – result
      2. Key points from this example
      3. Physical exposure
      4. The physical attack
    4. Emre Tinaztepe
      1. Malvertising
        1. Prevention
      2. Rogue/fake applications
        1. Prevention
      3. Documents with malicious payloads
        1. Prevention
      4. Public Wi-Fi hotspots
        1. Prevention
      5. Phishing/spear phishing
    5. Milad Aslaner
      1. Information is everywhere
        1. User activities
      2. Understanding reconnaissance
        1. Practical examples of reconnaissance
      3. Real-world examples
  19. Ask the Experts – Part 2
    1. Paula Januszkiewicz
      1. Twisted perception of a hacker and due diligence
    2. Şükrü Durmaz and Raif Sarıca
      1. Real-world examples
        1. Operation Game of Thrones
        2. Operation Gone with the Wind
        3. Operation Scam the Scammer
        4. Operation Mobile Phone Fraud
        5. Operation Chameleon
        6. Operation Lightspeed
        7. Operation Double Scam
    3. Andy Malone
      1. Social engineering – by Andy Malone
      2. Phishing
      3. Ransomware
      4. Conclusion
    4. Chris Jackson
    5. Daniel Weis
      1. Diffusion of responsibility
      2. Chance for ingratiation
      3. Trust relationships
      4. Moral duty
      5. Guilt
      6. Identification
      7. Desire to be helpful
      8. Cooperation
      9. Fear
      10. Phishing
  20. Ask the Experts – Part 3
    1. Raymond P.L. Comvalius
      1. Raymond on the future of pretexting
    2. George Dobrea
    3. Dr. Mitko Bogdansoki
      1. Securing the weakest link in the cyber security chain against social engineering attacks
      2. Introduction
        1. Social engineering definition
        2. Social engineering attacks life cycle
        3. Taxonomy of the social engineering attacks
          1. Phishing
          2. Dumpster diving
          3. Shoulder surfing
          4. Advanced Persistent Treat (APT)
          5. Reverse social engineering
          6. Baiting
          7. Waterholing
          8. Tailgating
          9. Trojan horses
          10. Surfing online content
          11. Role-playing
          12. Pretexting
          13. Spear phishing
          14. Quid pro quo
          15. Vishing
        4. Real-world examples of social engineering attacks
      3. Staying safe from social engineering attacks
        1. References
    4. Ozan Ucar and Orhan Sari
      1. Ask the expert–tips to prevent social engineering (SE) and personal real-life experiences of SE
      2. Keepnet Phishing Simulator is an excellent tool for fighting against phishing attacks
        1. Template management
        2. Edit button
        3. Adding a new template
      3. Report manager
      4. Phishing incident responder
    5. Sami Lahio
  21. Ask the Experts – Part 4
    1. Oguzhan Filizlibay
      1. The aftermath – what follows a social engineering attack?
    2. Yalkin Demirkaya
      1. Unauthorized Email access by CIO
        1. Case study 1 –  sample incident response report
          1. Background
          2. Incident response
          3. Malware Analysis
          4. Overview
          5. Persistence mechanism
          6. Execution of Malware
          7. Configuration
          8. Conclusion
          9. Data exfiltration analysis
          10. Summary and findings
      2. Unauthorized email access by CIO
        1. Case study 2 – employee misconduct
          1. Background
          2. Challenge
          3. Response
          4. Results
      3. Case study 3 – theft of intellectual property
        1. FORTUNE 100 company cleared of wrongdoing
          1. Background
          2. Challenge
          3. Response
          4. Results
      4. Case study 4 – Litigation support
        1. Bankruptcy fraud
          1. Background
          2. Challenge
          3. Response
          4. Results
    3. Leyla Aliyeva
      1. Cybercriminal cases like a chain
        1. Phishing for bank customers
        2. Crime in the victim's room
        3. A phone call and the loss of thousands of dollars
        4. Why do we become victims?
    4. Aryeh Goretsky
      1. Social engineering – from typewriter to PC
      2. That was then – social engineering with postal mail
      3. 30 years of criminal evolution
      4. This is now – Business Email Compromise (BEC)
      5. Defending against BEC
      6. References/Further reading
      7. About the author
    5. Dr. Islam, MD Rafiqul, and Dr. Erdal Ozkaya
      1. Privacy issues in social media
      2. Abstract
      3. Introduction
        1. Background information
        2. Motivation for the study
        3. Research questions
      4. Literature review
        1. Privacy issues in social media
        2.  Evaluating social media privacy settings for personal and advertising purposes
      5. The privacy issues on different social media platforms
      6. Research Methods
        1. Research method
        2. Data collection
        3. Data analysis
      7. Conclusion
      8. References
  22. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think