- Social Engineering (Pretexting, Phishing, Reverse Social Engineering)
- To Err is Human
Ian Mann, in his book ‘Hacking the Human: Social Engineering Techniques and Security Countermeasures‘, circumscribes Social Engineering as being the technique
‘to manipulate people by deception into giving out information or performing an action‘.
The most notorious social engineer, once a convicted criminal as the most wanted computer hacker in the US and now a computer security consultant, is Kevin Mitnick, posing in his Wiki page with a T-shirt declaring ‘I’m not a Hacker, I’m a Security Professional’.
His autobiography has shed much light on the artful techniques used by social engineers –and not only— in order to trick everyday people to follow the hacker’s will. Mitnick’s books are the following:
- The Art of Deception
- The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers
- Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
Johnny Long, security expert known for his creation of Google Hacking Database, a.k.a. “j0hnny” or “j0hnnyhax”, is the founder of Hackers for Charity, a non-profit organization –inter alia— donating computer equipment to underdeveloped countries. Long, in one of his books, ‘No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing‘ analyzes certain ways used by social engineers to achieve their goals.
Generally, the main technique is Pretexting, defined by Christopher Hadnagy, as
‘the act of creating an invented scenario to persuade a targeted victim to release information or perform some action. It is more than just creating a lie; in some cases it can be creating a whole new identity.’