Nowadays, Social Engineering techniques are used more and more. Although, we are used to place expensive technical devices between attackers and the sensible corporate infrastructure, attackers manage to get the information they want (e.g. emails, passwords, financial data, …). The reason is obvious: The human being simply remains the weakest link of your security chain. All this technical stuff is worthless if your employees aren’t properly instructed on how to act if potential attackers call by phone and ask for information.
Kevin manages to show the reader how social engineers operate. By telling many short stories on security incidents, the reader is made aware of the dangers caused by social engineers. The social engineer usually remains invisible. His tool of choice is the phone. Whatever he can do by phone is done by phone. It’s not worth marking presence by visiting a company and take the risk of getting caught. The social engineer is an expert in manipulating your decision making.
The stories demonstrate, how social engineer attacks could happen in realistic scenarios. The last chapters of the book give practival advice on how to protect against social engineering attacks. One crucial point is: Train your staff! Really! Remember: They are your weakest link. You don’t believe that? Read the book…
I can recommend the book for people who aren’t familiar with Social Engineering. As mentioned, it makes the reader aware of the danger caused by social engineers. On the other hand, I would not really recommend the book to social engineering experts, because there is nothing really new to learn. But if you have some spare time, why not read it for pleasure 🙂 Anyway, a good and not too long read.