Table of Contents
Chapter 1. An Introduction to Social Engineering
Chapter 2. The Weak Link in the Business Security Chain
Why personnel are the weakest link
Chapter 3. The Techniques of Manipulation
Chapter 4. Short and Long Game Attack Strategies
Chapter 5. The Social Engineering Engagement
The business need for social engineering
Social engineering operational considerations and challenges
Challenges for the social engineers
Social engineering team members and skill sets
Chapter 6. Ensuring Value Through Effective Threat Modeling
Why the need for threat modeling?
Who would want to gain access to my business?
Chapter 7. Creating Targeted Scenarios
Chapter 8. Leveraging Open-Source Intelligence
Chapter 9. The E-mail Attack Vector
An introduction to phishing attacks
Spear phishing versus trawling
American Express—drive-by-download
Dr. Atanasoff Gavin—advance fee fraud
Apple ID scam—credential harvesting
Nobody falls for this one. Nobody. Ever.
Impersonating the absent staff member
Creating plausible e-mail scenarios
Defending against phishing attacks
Spoofed e-mails versus fake domain names
Does this approach really work?
Using cloned web sites to harvest credentials
Is all of this really social engineering?
Chapter 10. The Telephone Attack Vector
Is the contact database up to date?
How to figure out if your caller ID shows up
Please contact Sarah in my absence
Obtaining key information and access
Chapter 11. The Physical Attack Vector
Building on the e-mail and telephone attacks
Chapter 12. Supporting an Attack with Technology
Chapter 13. Writing the Report
Chapter 14. Creating Hardened Policies and Procedures
Social engineering defense: a proactive approach
Industry information security and cyber security standards
Developing fit for purpose social engineering policies and procedures
Chapter 15. Staff Awareness and Training Programs
A model for effective training
Chapter 16. Internal Social Engineering Assessments
Chapter 17. Social Engineering Assessment Cheat Sheet