Chapter 10
Social Engineers — How They Work and How to Stop Them
The social engineer employs the same persuasive techniques the rest of us use every day. We take on roles. We try to build credibility. We call in reciprocal obligations. But the social engineer applies these techniques in a manipulative, deceptive, highly unethical manner, often to devastating effect.
— Social Psychologist Dr. Brad Sagarin
This chapter does something a bit different: We look at the most difficult type of attack to detect and defend against. The social engineer, or the attacker skilled in the art of deception as one of the weapons in his or her toolkit, preys on the best qualities of human nature: our natural tendencies to be helpful, polite, supportive, a team player, and the desire to get the job done.
As with most things in life that threaten us, the first step toward a sensible defense is understanding the methodologies used by cyber-adversaries. So, we present here a set of psychological insights that probe the underpinnings of human behavior allowing the social engineer to be so influencing.
First, though, an eye-opening story of a social engineer at work. The following is based on a story we received in writing that is both amusing and a textbook case of social engineering. We thought it so good that we have included it despite some reservations; the man either had accidentally omitted some of the details because he was distracted on other business matters or else he made up portions of ...
Get The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
