book

The Art of Deception: Controlling the Human Element of Security

Name: The Art of Deception: Controlling the Human Element of Security
ISBN: 9780764542800

by Kevin D. Mitnick, William L. Simon, Steve Wozniak

October 2003

Beginner

368 pages

9h 7m

English

Wiley

Read now

Unlock full access

Copyright
Social Engineering
foreword
preface
STARTING OUTFrom Phone Phreak to HackerBecoming a Social EngineerFINAL THOUGHTS
introduction
1. behind the scenes
1. Security's Weakest Link
1.1. THE HUMAN FACTOR1.2. A CLASSIC CASE OF DECEPTION1.3. THE NATURE OF THE THREAT1.4. ABUSE OF TRUST1.5. TERRORISTS AND DECEPTION1.6. ABOUT THIS BOOK
2. the art of the attacker
2. When Innocuous Information Isn't
2.1. THE HIDDEN VALUE OF INFORMATION2.2. CREDITCHEX2.3. THE ENGINEER TRAP2.4. MORE "WORTHLESS" INFO2.5. PREVENTING THE CON
3. The Direct Attack: Just Asking for It
3.1. AN MLAC QUICKIE3.2. YOUNG MAN ON THE RUN3.3. ON THE DOORSTEP3.4. GAS ATTACK3.5. PREVENTING THE CON

4. Building Trust
4.1. TRUST: THE KEY TO DECEPTION4.2. VARIATION ON A THEME: CARD CAPTURE4.3. THE ONE-CENT CELL PHONE4.4. HACKING INTO THE FEDS4.5. PREVENTING THE CON
5. "Let Me Help You"
5.1. THE NETWORK OUTAGE5.2. A LITTLE HELP FOR THE NEW GAL5.3. NOT AS SAFE AS YOU THINK5.4. PREVENTING THE CON
6. "Can You Help Me?"
6.1. THE OUT-OF-TOWNER6.2. SPEAKEASY SECURITY6.3. THE CARELESS COMPUTER MANAGER6.4. PREVENTING THE CON
7. Phony Sites and Dangerous Attachments
7.1. "WOULDN'T YOU LIKE A FREE (BLANK)?"7.2. MESSAGE FROM A FRIEND7.3. VARIATIONS ON A THEME7.4. VARIATIONS ON THE VARIATION
8. Using Sympathy, Guilt, and Intimidation
8.1. A VISIT TO THE STUDIO8.2. "DO IT NOW"8.3. "MR. BIGG WANTS THIS"8.4. WHAT THE SOCIAL SECURITY ADMINISTRATION KNOWS ABOUT YOU8.5. ONE SIMPLE CALL8.6. THE POLICE RAID8.7. TURNING THE TABLES8.8. PREVENTING THE CON
9. The Reverse Sting
9.1. THE ART OF FRIENDLY PERSUASION9.2. COPS AS DUPES9.3. PREVENTING THE CON
3. intruder alert
10. Entering the Premises
10.1. THE EMBARRASSED SECURITY GUARD10.2. DUMPSTER DIVING10.3. THE HUMILIATED BOSS10.4. THE PROMOTION SEEKER10.5. SNOOPING ON KEVIN10.6. PREVENTING THE CON
11. Combining Technology and Social Engineering
11.1. HACKING BEHIND BARS11.2. THE SPEEDY DOWNLOAD11.3. EASY MONEY11.4. THE DICTIONARY AS AN ATTACK TOOL11.5. PREVENTING THE CON
12. Attacks on the Entry-Level Employee
12.1. THE HELPFUL SECURITY GUARD12.2. THE EMERGENCY PATCH12.3. THE NEW GIRL12.4. PREVENTING THE CON
13. Clever Cons
13.1. THE MISLEADING CALLER ID13.2. VARIATION: THE PRESIDENT OF THE UNITED STATES IS CALLING13.3. THE INVISIBLE EMPLOYEE13.4. THE HELPFUL SECRETARY13.5. TRAFFIC COURT13.6. SAMANTHA'S REVENGE13.7. PREVENTING THE CON
14. Industrial Espionage
14.1. VARIATION ON A SCHEME14.2. THE NEW BUSINESS PARTNER14.3. LEAPFROG14.4. PREVENTING THE CON
4. raising the bar
15. Information Security Awareness and Training
15.1. SECURITY THROUGH TECHNOLOGY, TRAINING, AND PROCEDURES15.2. UNDERSTANDING HOW ATTACKERS TAKE ADVANTAGE OF HUMAN NATURE15.3. CREATING TRAINING AND AWARENESS PROGRAMS15.4. TESTING15.5. ONGOING AWARENESS15.6. WHAT'S IN IT FOR ME?
16. Recommended Corporate Information Security Policies
16.1. WHAT IS A SECURITY POLICY?16.2. DATA CLASSIFICATION16.3. VERIFICATION AND AUTHORIZATION PROCEDURES16.4. MANAGEMENT POLICIES16.5. INFORMATION TECHNOLOGY POLICIES16.6. POLICIES FOR ALL EMPLOYEES16.7. POLICIES FOR TELECOMMUTERS16.8. POLICIES FOR HUMAN RESOURCES16.9. POLICIES FOR PHYSICAL SECURITY16.10. POLICIES FOR RECEPTIONISTS16.11. POLICIES FOR THE INCIDENT REPORTING GROUP
Security at a Glance
IDENTIFYING A SECURITY ATTACKVERIFICATION AND DATA CLASSIFICATION
sources
CHAPTER 1CHAPTER 2CHAPTER 16CHAPTER 17
Acknowledgments
FROM KEVIN MITNICKFROM BILL SIMON

Content preview from The Art of Deception: Controlling the Human Element of Security

Chapter 7. Phony Sites and Dangerous Attachments

there's an old saying that you never get something for nothing. Still, the ploy of offering something for free continues to be a big draw for both legitimate ("But wait—there's more! Call right now and we'll throw in a set of knives and a popcorn popper!") and not-so-legitimate ("Buy one acre of swampland in Florida and get a second acre free!") businesses.

And most of us are so eager to get something free that we may be distracted from thinking clearly about the offer or the promise being made. We know the familiar warning, "buyer beware," but it's time to heed another warning: Beware of come-on email attachments and free software. The savvy attacker will use nearly any means to break into the corporate network, including appealing to our natural desire to get a free gift. Here are a few examples.

"WOULDN'T YOU LIKE A FREE (BLANK)?"

Just as viruses have been a curse to mankind and medical practitioners since the beginning of time, so the aptly named computer virus represents a similar curse to users of technology. The computer viruses that get most of the attention and end up in the spotlight, not coincidentally, do the most damage. These are the product of computer vandals.

Computer nerds turned malicious, computer vandals strive to show off how clever they are. Sometimes their acts are like a rite of initiation, meant to impress older and more experienced hackers. These people are motivated to create a worm or virus intended to inflict ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780764542800Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

The Art of Deception: Controlling the Human Element of Security

by Kevin D. Mitnick, William L. Simon, Steve Wozniak

Chapter 7. Phony Sites and Dangerous Attachments

"WOULDN'T YOU LIKE A FREE (BLANK)?"

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.