May 05 2024

68% Of Data Breach Occurs Due To Social Engineering Attacks

Category: social engineeringdisc7 @ 9:40 am

In the latest edition of Verizon’s Data Breach Investigations Report (DBIR) for 2024, a concerning trend has been highlighted, a significant 68% of data breaches are now occurring due to social engineering attacks.

This revelation underscores the increasing sophistication and prevalence of these tactics in the cyber threat landscape.

Social engineering exploits the human factor, manipulating individuals into breaking normal security procedures.

The DBIR’s findings suggest that despite advancements in technology, human vulnerabilities remain a critical weak point.

The report indicates that phishing, pretexting, and other forms of social engineering are not only prevalent but are also becoming more sophisticated.

Breakdown of breaches by attack type
Breakdown of breaches by attack type

Verizon’s 2024 DBIR has revised its methodology to provide clearer insights into breaches involving the human element.

It excludes cases of malicious privilege misuse to focus on incidents that could potentially be mitigated through improved security awareness and training.

The Role Of Ransomware And Extortion

The report also sheds light on the role of ransomware and extortion in the cybersecurity threat landscape.

Approximately one-third of all breaches involved these tactics, with pure extortion attacks marking a significant rise over the past year.

This shift indicates a strategic evolution among cybercriminals, who are increasingly leveraging ransomware and extortion to capitalize on their attacks.

Breakdown of breaches by attack type.
Breakdown of breaches by attack type.

The combination of ransomware and other forms of extortion has been particularly impactful, affecting 32% of breaches and being a top threat across 92% of industries surveyed.

This highlights the critical need for organizations to enhance their defensive strategies against these forms of cyberattacks.

Third-Party Vulnerabilities And Preventive Measures

An expanded concept of breaches involving third-party entities was introduced in this year’s report.

This includes incidents where partner infrastructure is compromised or where indirect software supply chain issues occur.

The report notes a 68% increase in such breaches, primarily fueled by zero-day exploits used in ransomware and extortion attacks.

                                            68% increase in such breaches
                                            68% increase in such breaches

This finding emphasizes the importance of diligent vendor selection and the need for organizations to prioritize security in their supply chains.

By choosing partners with robust security measures, companies can significantly mitigate the risk of being compromised through third-party vulnerabilities.

Verizon’s 2024 DBIR provides a stark reminder of the persistent and evolving threats in the digital world.

With a significant portion of breaches attributable to social engineering, the human element continues to be a critical battleground in cybersecurity.

Organizations must prioritize comprehensive security training and robust protocols to safeguard against these insidious attacks.

Meanwhile, the rise of ransomware and extortion, along with the vulnerabilities in third-party partnerships, calls for an urgent reassessment of current security strategies and vendor management practices.

Social Engineering: The Science of Human Hacking

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: Social Engineering Attacks, Social Engineering: The Science of Human Hacking


Apr 08 2024

Social Engineering Attacks Targeting IT Help Desks in the Health Sector

Category: Cyber Attack,social engineeringdisc7 @ 5:17 pm

Cyberwarfare & Social Engineering

Explore Social Engineering

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: cyberwarfare, social engineering


Feb 20 2023

Social engineering, deception becomes increasingly sophisticated

Category: social engineeringDISC @ 12:06 pm

Social engineering techniques are becoming increasingly sophisticated and are exploiting multiple emerging means, such as deep fakes.

The increasing use of videoconferencing platforms and the various forms of remote work also adopted in the post-emergency covid make interpersonal collaborations increasingly virtual. This scenario must undoubtedly force organizations to prepare adequately to be able to recognize impersonation attempts based on social engineering attacks, which are also proving increasingly sophisticated due to the rapid advancement of deepfake technology.

Deepfake technology, what’s it?

The word deepfake, which originates from a combination of the terms “deep learning” and “fake,” refers to digital audio/video products created through artificial intelligence (AI) that could allow one to impersonate an individual with likeness and voice during a video conversation. This is done through deep learning methodologies such as the Generative Adversarial Network (GAN) i.e., a group of neural network models for machine learning, deputed to teach computers how to process information by emulating the human brain.

Social engineering

Deepfake and phishing

The accessibility and effectiveness of deepfake technology have led cybercrime to use it for sophisticated social engineering attacks for the purpose of extortion, fraud, or to cause reputational damage. Consider the impact of a voice phishing attack that replicates the voices of a company’s stakeholders to persuade employees to take a series of actions that could harm security and privacy, or the effectiveness of a phone call with simulated voices for the purpose of convincing an employee to send funds to an offshore bank account.

Aggravating factors

Further aggravating the situation is also the availability of both deepfake tools, made available as a service on clandestine web forums, which make it easier and more convenient for criminal actors with limited technical skills to set up these fraud schemes, and a large number of images and videos posted by users of social media platforms that can be processed by deep learning algorithms to generate precisely deepfake content.

Mitigation

Although there is still no simple and secure way to detect deepfakes, there are still some best practices that can be adopted:

  • Add additional security and protection processes. Having secondary verification methods, such as a dual approval process for financial transactions, correspondence monitoring, and 2FA, should always be considered an indispensable prevention solution;
  • Use artificial intelligence itself to recognize deepfakes. An artificial intelligence system might be able to recognize whether an audio/video content has been manipulated by quickly comparing it with known original reference samples or converting an audio track to text to recognize possible malfeasance and decide whether or not to approve a payment transaction;
  • Integrate the concept of deepfake into the risk assessment process and planning for possible crisis scenarios;

Outlook

Although technology will continue to evolve and it will become increasingly difficult to detect deepfakes, fortunately detection technologies will also improve. But the task for insiders to better protect themselves and their organizations from a variety of cyberattacks will have to be not only to keep abreast of evolving counter techniques and implement them in a timely manner, but also, and most importantly, to raise awareness in their organizations by focusing on training employees of all ranks.
The human factor must always be considered as the first bastion of defense, even and especially against the most sophisticated cyber attacks.

About the author: Salvatore Lombardo

Electronics engineer and Clusit member, for some time now, espousing the principle of conscious education, he has been writing for several online magazine on information security. He is also the author of the book “La Gestione della Cyber Security nella Pubblica Amministrazione”. “Education improves awareness” is his slogan.

Twitter @Slvlombardo

Previous posts on Social Engineering

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: deception, social engineering


Feb 09 2023

What is Social Engineering? How Does it Work?

Category: social engineeringDISC @ 12:09 am

Social Engineering is a technique that is performed by cybercriminals who indulge in exploiting human weaknesses. The act of Social Engineering involves various techniques all of which involve the manipulation of human psychology.

Threat actors rely especially on Social Engineering in order to easily gain sensitive information from victims. Social engineering attack depends on building trust with the victim so that he never suspects in giving out his/her personal information such as phone numbers, passwords, social security number, etc.,

This technique is proved to have been the most successful one when it comes to hacking into an organization’s network. Hackers can disguise themselves as an IT audit person or an external network administrator and easily gain access inside a building without suspicion. Once they are inside an organization, they follow various other social engineering techniques to compromise their network.

One of the greatest weaknesses, an organization can possess is the lack of information security knowledge with its employees. This lack of knowledge in cybersecurity gives a great advantage for hackers to perform attacks causing data breaches in the organization.

Social Engineering

Social Engineering attack Types

There are lots of social engineering attacks that can be used by threat actors. Some of them are,

1. Phishing
2. Vishing
3. Spoofing
4. Tailgating
5. Quid pro quo
6. Baiting

1. Phishing

Phishing is the most simple and effective attack a hacker can use to steal credentials like username, password, social security number, organization secrets, or credit card details. Sometimes phishing is also used to spread malware inside a network. In general,  Phishing involves Social engineering as well as Spoofing

2. Vishing

Vishing is similar to phishing, which involves calling the victim and pretending as a legitimate caller. Once the victim believes without suspicion, it will be easy for the hacker to gain sensitive information such as network structure, employee details, company account details etc., 

3. Spoofing

Spoofing is a type of attack where, “what we see will look like it, but it is not”.In terms of Cyber Security, Spoofing is nothing but disguising as a legitimate source in order to gain sensitive information or to gain access to something. An attacker can trick us into believing that he is from the original source by spoofing. 

4. Tailgating 

Tailgating or piggybacking is a technique followed by threat actors to enter an organization building. During this attack, the threat actors wait for an employee/ a person to enter inside a place where the access for outsiders is restricted and follow them inside the building once they use their access cards or access key to open the door.

5. Quid pro quo 

Quid pro quo in Latin means “a favor for a favor”. In this case, the hacker communicates with an employee of a company and offer them a deal. Either money in exchange for information or anything the employee would wish.

In most cases, money is the main motto. Hackers communicate with a present employee or an ex-employee and ask to give away sensitive information such as administrator privilege, administrator password, network structure, or any other data they require in exchange of the employee’s wish.

Hackers convince the employees to give away the information by making a personal deal with them. This is considered one of the serious threats in an organization because the information is given away intentionally by an employee.

 6. Baiting 

As the word describes, hackers create baits such as USB flash drives, CD-ROM’s, Floppy disk or Card readers.

They create folders inside the devices such as Projects, revised Payrolls of the organization and drop them in sensitive areas(Elevators, Rest Rooms, Cafeterias or Parking lots) where employees would keep it usually.

Once an employee picks up and inserts the USB in their computer, the script inside the device runs and gives full control to the hackers. This method of Social Engineering is called as Baiting.

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Baiting, phishing, Quid pro quo, spoofing, tailgating, vishing


Dec 05 2022

THE EMOTIONS OF A Social Engineering Attack

Category: social engineeringDISC @ 11:04 am

Tags: Social Engineering Attack


Nov 14 2022

Social engineering attacks anybody could fall victim to

Category: social engineeringDISC @ 3:05 pm

Social engineering – also known as human hacking – is an expression that encompasses a number of methods and vectors attackers use to manipulate targets into giving away or providing access to sensitive information, or generally performing actions that are against their best interest.

To effectively perform social engineering attacks, attackers exploit vulnerabilities in how humans react to specific situations.

The most important thing to keep in mind is that the overwhelming majority of humans have exploitable traits (to a lesser or higher degree), which means that anybody and everybody can be manipulated by social engineers.

This Help Net Security video talks about what social engineering is, how can it be performed, and how can you fight against it.

If you’re interested in getting more information about how can you protect your organization, watch our recently published video 3 ways enterprises can mitigate social engineering risks.

Social Engineering, Second Edition: The Science of Human Hacking

Tags: social engineering


Feb 21 2022

BEC scammers impersonate CEOs on virtual meeting platforms

The FBI warned US organizations and individuals are being increasingly targeted in BECattacks on virtual meeting platforms

The Federal Bureau of Investigation (FBI) warned this week that US organizations and individuals are being increasingly targeted in BEC (business email compromise) attacks on virtual meeting platforms.

Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both entities and individuals who perform legitimate transfer-of-funds requests

Cybercriminals are targeting organizations of any size and individuals, in BEC attack scenarios attackers pose as someone that the targets trust in, such as business partners, CEO, executives, and service providers.

Scammers use to compromise legitimate business or personal email accounts through different means, such as social engineering or computer intrusion to conduct unauthorized transfers of funds.

Crooks started using virtual meeting platforms due to the popularity they have reached during the pandemic.

The Public Service Announcement published by FBI warns of a new technique adopted by scammers that are using virtual meeting platforms to provide instructions to the victims to send unauthorized transfers of funds to fraudulent accounts.

“Between 2019 through 2021, the FBI IC3 has received an increase of BEC complaints involving the use of virtual meeting platforms to instruct victims to send unauthorized transfers of funds to fraudulent accounts. A virtual meeting platform can be defined as a type of collaboration technique used by individuals around the world to share information via audio, video conferencing, screen sharing and webinars.” reads the FBI’s PSA.

Crooks are using the virtual meeting platforms for different purposes, including impersonating CEOs in virtual meetings and infiltrating meetings to steal sensitive and business information.

Below are some of the examples provided by the FBI regarding the use of virtual meeting platforms by crooks:

  • Compromising an employer or financial director’s email, such as a CEO or CFO, and requesting employees to participate in a virtual meeting platform where the criminal will insert a still picture of the CEO with no audio, or “deep fake1” audio, and claim their video/audio is not properly working. They then proceed to instruct employees to initiate transfers of funds via the virtual meeting platform chat or in a follow-up email.
  • Compromising employee emails to insert themselves in workplace meetings via virtual meeting platforms to collect information on a business’s day-to-day operations.
  • Compromising an employer’s email, such as the CEO, and sending spoofed emails to employees instructing them to initiate transfers of funds, as the CEO claims to be occupied in a virtual meeting and unable to initiate a transfer of funds via their own computer.
BEC virtual meeting platforms

Below are recommendations provided by the FBI:

  • Confirm the use of outside virtual meeting platforms not normally utilized in your internal office setting.
  • Use secondary channels or two-factor authentication to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business/individual it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Refrain from supplying login credentials or PII of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.
  • Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed.
  • Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.

Tags: CEO, scammers impersonate


Feb 02 2022

Massive social engineering waves have impacted banks in several countries

Category: social engineeringDISC @ 9:39 am

A massive social engineering campaign targeting banks has been delivered in the last two years in several countries.

A massive social engineering campaign has been delivered in the last two years in several countries, including Portugal, Spain, Brazil, Mexico, Chile, the UK, and France. According to Segurança Informática publication, the malicious waves have impacted banking organizations with the goal of stealing the users’ secrets, accessing the home banking portals, and also controlling all the operations on the fly via Command and Control (C2) servers geolocated in Brazil.

In short, criminal groups are targeting victims’ from different countries to collect their homebanking secrets and payment cards. The campaigns are carried out by using social engineering schemas, namely smishing, and spear-phishing through fake emails.

Criminals obtain lists of valid and tested phone numbers and emails from other malicious groups, and the process is performed on underground forums, Telegram channels or Discord chats.

social engineering

The spear-phishing campaigns try to lure victims with fake emails that impersonate the banking institutions. The emails are extremely similar to the originals, exception their content, mainly related to debts or lack of payments.

According to the analysis, the malicious campaign consists of a redirector system, capable of performing an initial screening to verify that the users’ requests are valid and expected. The system is equipped with a blacklisting mechanism and a logging feature that notifies criminals of new infections.

When the victim matches all the rules, several pathways are possible, with different landing-pages. Some of them only collect raw data, including the homebanking credentials, SMS tokens and bank codes. On the other hand, a well-structured C2 server can be used to orchestrate all the processes in real-time, simulating a flow extremely similar to the legitimate service.

As phishing and malware campaigns make headlines every day, monitoring these types of behaviors and IoCs is crucial to fighting this emerging segment, which  has grown in both volume and sophistication.

Additional details about the investigation can be found here:

Social Engineering: The Science of Human Hacking

Tags: social engineering, Social Engineering: The Science of Human Hacking


Dec 08 2021

22 Red Flags of Social Engineering

Category: social engineeringDISC @ 12:19 pm

Kevin Mitnick – Pretexting – “Fake IT” Password Break-In

Breaking into a Bank – Kevin Mitnick demonstrates the Access Card Attack

Best of Kevin Mitnick: My Favorite Hack

The Art of Deception: Controlling the Human Element of Security

Tags: 22 Red Flags of Social Engineering, Kevin Mitnick, The Art of Deception


Aug 30 2021

Men, Executives Pose Higher Cybersecurity Risk

Category: Cyber Threats,Phishing,social engineeringDISC @ 1:12 pm

When it comes to online behaviors, women are far safer than men, according to a wide-ranging survey from SecurityAdvisor.

Despite the fact that women made up 42% of the sample data, they account for 48% of the top safe users and only 26% of risky users. Men, on the other hand, account for 74% of risky users: A big driver of these risky behaviors stems from men’s and women’s online behaviors.

According to SecurityAdvisor’s data, men are more likely to visit dangerous adult websites, use P2P software and watch pirated content than women.

SecurityAdvisor analyzed more than 500,000 malicious emails and an additional 500,000+ dangerous website visits by enterprise employees in more than twenty countries. Employees range from entry-level to executives and operate across many industries, including health care, financial services, communications, professional services, energy and utilities, retail and hospitality.

“Our partner here, Kelley McElhaney from Berkeley University, noted that women are more aware of long-term ramifications of risky behaviors,” SecurityAdvisor CEO Sai Venkataraman said. “Also, society tends to tolerate failures by dominant groups better, hence men don’t fear the consequences or fear consequences less.”

He also pointed out that men, from an early age, are socialized to take risks and win, hence they are less afraid of a potential negative outcome and engage in riskier behaviors.

cybersecurity alert fatigue

C-Level Executives are Prime Targets

CYBER SECURITY FOR TOP EXECUTIVES: Everything you need to know about Cybersecurity by [Alejandra Garcia]
CYBER SECURITY FOR TOP EXECUTIVES

Tags: Higher Cybersecurity Risk


Jul 06 2021

Reaction to Social Engineering Indicative of Cybersecurity Culture

Category: social engineeringDISC @ 9:23 am

During COVID-19, threat actors used fear of the virus and hope of a vaccine to trick unwitting victims into downloading malware or giving up their credentials. It was a master class in social engineering, one that put an organization’s security posture at risk. Social engineering attacks like phishing take advantage of an employee’s awareness of basic cybersecurity best practices (or lack thereof), and the harder an employee falls for the scams, the greater the skepticism about the entire organization’s cybersecurity culture.

Although no one has come up with an industry standard definition of cybersecurity culture yet, Infosec explains that “a strong cybersecurity culture is based on employees willingly embracing and proactively using security best practices both professionally and personally.” And Infosec developed a framework, and fielded a survey, to help organizations quantify their cybersecurity culture, track changes over time and systematically measure results.

The study polled 1,000 working individuals to examine the collective approach of an organization’s security awareness and behaviors toward cybersecurity. “The results show employee beliefs toward cybersecurity vary widely, which can have a major impact on an organization’s security posture,” said Jack Koziol, CEO and founder at Infosec, in a formal statement.

Quality of Culture Depends on Company Size and Industry

Tags: Cybersecurity Culture


May 22 2021

What is Social Engineering?

Category: social engineeringDISC @ 2:37 pm

Harden the human firewall against the most current threats

Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker’s repertoire―why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past. The way that we make decisions as humans affects everything from our emotions to our security. Hackers, since the beginning of time, have figured out ways to exploit that decision making process and get you to take an action not in your best interest. This new Second Edition has been updated with the most current methods used by sharing stories, examples, and scientific study behind how those decisions are exploited.

Networks and systems can be hacked, but they can also be protected; when the “system” in question is a human being, there is no software to fall back on, no hardware upgrade, no code that can lock information down indefinitely. Human nature and emotion is the secret weapon of the malicious social engineering, and this book shows you how to recognize, predict, and prevent this type of manipulation by taking you inside the social engineer’s bag of tricks.

  • Examine the most common social engineering tricks used to gain access
  • Discover which popular techniques generally don’t work in the real world
  • Examine how our understanding of the science behind emotions and decisions can be used by social engineers
  • Learn how social engineering factors into some of the biggest recent headlines
  • Learn how to use these skills as a professional social engineer and secure your company
  • Adopt effective counter-measures to keep hackers at bay

By working from the social engineer’s playbook, you gain the advantage of foresight that can help you protect yourself and others from even their best efforts. Social Engineering gives you the inside information you need to mount an unshakeable defense.


Feb 05 2021

Skype ‘spoofing vulnerabilities’ are a haven for social engineering attacks

Category: Security vulnerabilities,social engineeringDISC @ 12:17 pm

Microsoft doesn’t feel the bugs are important enough to fix immediately, although one researcher disagrees

Skype spoofing vulnerabilities are a haven for social engineering attacks

Several purported security flaws in Skype have been disclosed publicly, but Microsoft claims they do not need “immediate security servicing”.

On February 2, researcher “mr.d0x,” also known as “TheCyberSecurityTutor”, publicly disclosed a “plague” of spoofing vulnerabilities in the Microsoft-owned remote chat and video app.

The researcher first began examining Skype in the second week of January and quickly found that the application’s messaging functionality does not have adequate protection against tampering.

As a result, it is possible to spoof links, file names, file sizes, and shared contacts on thick clients, web sessions, and on mobile.

Content spoofing

According to the researcher, tampering is possible by sending content you want to spoof, intercepting subsequent requests, and forwarding with modified code – such as by modifying href and key attributes, as well as by intercepting spoofed content and changing values such as OriginalName, FileSize, and file extensions.

When it comes to spoofing shared contacts, this can be achieved by sharing a contact, intercepting the request, and modifying either the display name or username which will, in turn, be reflected to the recipient.

The researcher also accidentally uncovered a means to crash a conversation on thick and web clients. If “too many” tags are added to the content value, this will render a chat session unresponsive and “fully inaccessible” for both an attacker and victim.

Source: Skype ‘spoofing vulnerabilities’ are a haven for social engineering attacks, security researcher claims


Jul 16 2020

You CAN Stop Stupid

Category: social engineeringDISC @ 9:49 am

You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions: Winkler Ira, Celaya Brown, Dr. Tracy

You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions [Winkler Ira, Celaya Brown, Dr. Tracy] You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions. The Twitter Hack and their “explanation” definitely showed why Ira’s next book with Tracy Celaya Brown is so critical. The fact an admin was “Social Engineered” should be expected with the results controlled.

Source: You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions: Winkler, Ira, Celaya Brown, Dr. Tracy



Twitter: High-profile hacks were part of a ‘Coordinated Social Engineering Attack’
httpv://www.youtube.com/watch?v=Kp86OAYDw0Y



Explore more on “Social Engineering”

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles




Tags: social engineering, Twitter Hack


Apr 24 2019

Social Engineering Red Flags

Category: social engineeringDISC @ 10:02 pm

Social Engineering Red Flags




22 Social Engineering Red Flags

We recommend EVERYONE to review the 22 social engineering red flags to watch out for in any email. It might be a good idea to print out this PDF and pass it along to family, friends, and coworkers. Remember to always think before you click!



[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2019/04/22RedFlags.pdf”]




 Subscribe in a reader





May 27 2012

Social Engineering: An essential book and must have competency

Category: social engineeringDISC @ 11:11 pm

Chris Hadnagy has a website on the topic of Social Engineering and assisted in developing Social Engineering Toolkit (SET). This topic and knowledge apply to every person who keep sensitive information and organization who want to protect private information leakage into public domain via people. If you are interested in knowing the art of social engineering, this is an outstanding book.

Hadnagy recommends tools to store information you obtain during target investigation. He covers Google hacks in this book and mentioned Johnny Long as a source. He covers pretexting (disguise) or “creating an invented scenario to persuade a target victim to release information or perform some action.” He provides preparation tools for social engineer for the situation at hand and also warns you about legality if you are crossing the line. There is an important section on “Building Instant Rapport” which is an essential read. Hadnagy describe the powers of persuasion to take over the target and provides eight tactics for influencing people.

Social Engineering: The Art of Human Hacking“, by Chris Hadnagy is a must have book.”

Discover the secrets of expert con men and human hackers

No matter how sophisticated your security equipment and procedures may be, their most easily exploitable aspect is, and has always been, the human infrastructure. The skilled, malicious social engineer is a weapon, nearly impossible to defend against.

This book covers, in detail, the world’s first framework for social engineering. It defines, explains, and dissects each principle, then illustrates it with true stories and case studies from masters such as Kevin Mitnick, renowned author of The Art of Deception. You will discover just what it takes to excel as a social engineer. Then you will know your enemy.

  • Tour the Dark World of Social Engineering

    Learn the psychological principles employed by social engineers and how they’re used

    Discover persuasion secrets that social engineers know well

    See how the crafty crook takes advantage of cameras, GPS devices, and caller ID

    Find out what information is, unbelievably, available online

    Study real-world social engineering exploits step by step

  • Get your copy today Social Engineering: The Art of Human Hacking





    Nov 01 2011

    CIA Mind Control Operation MK-ULTRA PSYCHOLOGICAL WARFARE

    Category: social engineeringDISC @ 10:52 am

    “MK-ULTRA” PSYCHOLOGICAL WARFARE

    CIA Mind Control Operation MK-ULTRA PSYCHOLOGICAL WARFARE . Mirrored. Documentary: The Most Dangerous Game. Interesting documentary on brainwashing and psychological warfare. CIA.

    http://www.youtube.com/watch?v=5ATYYqIrSI8

    Psychological Warfare (WWII Era Reprint)

    Mind Control: The Ancient Art of Psychological Warfare

    Ideas as Weapons: Influence and Perception in Modern Warfare

    Psychological Warfare and the New World Order: The Secret War Against the American People





    Mar 03 2011

    Facebook Account Hack: Spam 80,000 friends

    Category: social engineering,Social networkDISC @ 1:05 pm

    by Sandy Sidhu

    Social media is hot. 140 characters is the way to communicate these days and it’s not unusual to hear someone say, “I have 3000 friends.”

    We often hear about the success stories, but what about the unsuccessful ones?

    Take Jonathan Emile, a Montreal-based hip-hop artist, who has made his living building a fan base online and uses Facebook to communicate with his 80,000 fans. Yeah, you read that right: 80,000.

    You can imagine his frustration when last week he was unable to login to his account, leading him to believe his account had been hijacked, likely by a spammer, or a robot software program designed by a spammer. His suspicions were reinforced when he saw someone had used his name to post a link on his fan page site, that Emile said appeared to be malicious: either a virus or spam.

    Despite contacting Facebook, he still has not been able to access his account.

    So what can you learn from this ?

    •Make sure you have other ways to contact and connect with your fans/customers/subscribers, and so on
    •Use strong passwords and regularly change them
    •Don’t rely on a third party platform to run the bulk of your business!
    Facebook and other sites constantly change their Privacy Policies and access rules, not to mention the fact that they may not always be around (remember MySpace?).

    Social networking is a great way to reach a new audience, but you have to make sure that you can still communicate with that audience through other means should anything go wrong. It is a good place to get people to interact with you/your company/brand, but you should also encourage your “fans” to either sign up for a newsletter, eBook, and so on, as a way to capture their information and ultimately drive them back to your site, which (hopefully) you own.

    Risk management of Facebook – benefits, risks and possible countermeasures





    Dec 23 2010

    Social Engineering: The Art of Human Hacking

    Category: social engineeringDISC @ 11:32 am

    “Social engineering” as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick
    Social Engineering: The Art of Human Hacking

    Christopher Hadnagy, Author
    The first book to reveal and dissect the technical aspect of many social engineering maneuvers
    From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering.

    Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats.

    “Most malware and client-side attacks have a social engineering component to deceive the user into letting the bad guys in. You can patch technical vulnerabilities as they evolve, but there is no patch for stupidity, or rather gullibility. Chris will show you how it’s done by revealing the social engineering vectors used by today’s intruders. His book will help you gain better insight on how to recognize these types of attacks,” said Kevin Mitnick, about the book.

    Order this book today to know more about present and emerging social engineering threats to your business Social Engineering: The Art of Human Hacking

    Examines social engineering, the science of influencing a target to perform a desired task or divulge information
    Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access
    Reveals vital steps for preventing social engineering threats
    Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages.

    From the Inside Flap
    Forward written by Paul Wilson from The Real Hustle UK.
    rpaulwilson.com/