October 2003
Beginner
368 pages
9h 7m
English
book
The Art of Deception: Controlling the Human Element of Security
by Kevin D. Mitnick, William L. Simon, Steve Wozniak
Content preview from The Art of Deception: Controlling the Human Element of SecurityBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 13. Clever Cons
by now you've figured out that when a stranger calls with a request for sensitive information or something that could be of value to an attacker, the person receiving the call must be trained to get the caller's phone number, and call back to verify that the person is really who he claims to be—a company employee, or an employee of a business partner, or a technical support representative from one of your vendors, for example.
Even when a company has an established procedure that the employees follow carefully for verifying callers, sophisticated attackers are still able to use a number of tricks to deceive their victims into believing they are who they claim to be. Even security conscious employees can be duped by methods such as the following.
THE MISLEADING CALLER ID
Anyone who has ever received a call on a cell phone has observed the feature known as caller ID—that familiar display showing the telephone number of the caller. In a business setting, it offers the advantage of allowing a worker to tell at a glance whether the call coming in is from a fellow employee or from outside the company.
Many years ago some ambitious phone phreakers introduced themselves to the wonders of caller ID before the phone company was even allowed to offer the service to the public. They had a great time freaking people out by answering the phone and greeting the caller by name before they said a word.
Just when you thought it was safe, the practiceof verifying identity by trusting ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.