I suppose your security is your success, and your key to success is your fine palate.

—GORDON RAMSAY

I still vividly remember sitting in front of my computer screen as I started to pen the first paragraph of Social Engineering: The Art of Human Hacking. It was way back in 2010. I am half tempted to tell you we had to write books uphill both ways back then, using a typewriter, but I don't want to get too dramatic.

In that time, when you searched the Internet for “social engineering,” you got a few pages on social engineering legend Kevin Mitnick and some videos on how to pick up girls or get free burgers from McDonald's. Fast-forward eight years, and now the term social engineering is used almost as a household term. In the past three or four years, I have seen social engineering in security, government, education, psychology, military, and every other application you can imagine.

This transition begs the question of why. One colleague told me, “It's your fault, Chris.” I think he meant it as an insult, although I felt a tinge of pride at that statement. However, I don't feel that I'm solely responsible for the near ubiquity of the term social engineering (SE). I believe that we see it being used by everyone and their brother now because it is not only the easiest attack vector—as it was seven years ago—but because it's now also meriting the largest payloads for attackers.

The cost to set up an SE attack is low. ...