Cover -- Title Page -- Copyright -- Contents -- Foreword -- Preface and Acknowledgments -- Chapter 1: A Look into the World of Social Engineering -- Why This Book Is So Valuable -- The Layout -- What's Coming Up -- Overview of Social Engineering -- Social Engineering and Its Place in Society -- The Different Types of Social Engineers -- The Social Engineering Framework and How to Use It -- Summary -- Chapter 2: Information Gathering -- Gathering Information -- Using BasKet -- Using Dradis -- Thinking Like a Social Engineer -- Sources for Information Gathering -- Gathering Information from Websites -- Using the Power of Observation -- Going through the Garbage -- Using Profiling Software -- Communication Modeling -- The Communication Model and Its Roots -- Developing a Communication Model -- The Power of Communication Models -- Chapter 3: Elicitation -- What Is Elicitation? -- The Goals of Elicitation -- Preloading -- Becoming a Successful Elicitor -- Using Intelligent Questions -- Mastering Elicitation -- Summary -- Chapter 4: Pretexting: How to Become Anyone -- What Is Pretexting? -- The Principles and Planning Stages of Pretexting -- The More Research You Do, the Better the Chance of Success -- Involve Personal Interests to Increase Success -- Practice Dialects or Expressions -- Using the Phone Should Not Reduce the Effort for the Social Engineer -- The Simpler the Pretext, the Better the Chance of Success -- The Pretext Should Appear Spontaneous -- Provide a Logical Conclusion or Follow-through for the Target -- Successful Pretexting -- Example 1: Stanley Mark Rifkin -- Example 2: Hewlett-Packard -- Staying Legal -- Additional Pretexting Tools -- Summary -- Chapter 5: Mind Tricks: Psychological Principles Used in Social Engineering -- Modes of Thinking -- The Senses -- The Three Main Modes of Thinking -- Microexpressions -- Anger -- Disgust.

Contempt -- Fear -- Surprise -- Sadness -- Happiness -- Training Yourself to See Microexpressions -- How Social Engineers Use Microexpressions -- Neurolinguistic Programming (NLP) -- The History of Neurolinguistic Programming -- Codes of Neurolinguistic Programming -- How to Use NLP as a Social Engineer -- Interview and Interrogation -- Professional Interrogation Tactics -- Gesturing -- Arm and Hand Placement -- Listening Your Way to Success -- Building Instant Rapport -- Be Genuine about Wanting to Get to Know People -- Take Care with Your Appearance -- Be a Good Listener -- Be Aware of How You Affect People -- Keep the Conversation off Yourself -- Remember That Empathy Is Key to Rapport -- Be Well Rounded in Your General Knowledge -- Develop Your Curious Side -- Find Ways to Meet People's Needs -- Using Other Rapport-Building Techniques -- Testing Rapport -- The Human Buffer Overflow -- Summary -- Chapter 6: Influence: The Power of Persuasion -- The Five Fundamentals of Influence and Persuasion -- Have a Clear Goal in Mind -- Rapport, Rapport, Rapport -- Be in Tune with Yourself and Your Surroundings -- Don't Act Insane-Be Flexible -- Get in Touch with Yourself -- Influence Tactics -- Reciprocation -- Obligation -- Concession -- Scarcity -- Authority -- Commitment and Consistency -- Liking -- Consensus or Social Proof -- Altering Reality: Framing -- Politics -- Using Framing in Everyday Life -- Four Types of Frame Alignment -- Using Framing as a Social Engineer -- Manipulation: Controlling Your Target -- To Recall or Not To Recall -- Anxiety Cured at Last -- You Can't Make Me Buy That! -- Conditioning Targets to Respond Positively -- Manipulation Incentives -- Manipulation in Social Engineering -- Increasing a Target's Suggestibility -- Controlling the Target's Environment -- Forcing the Target to Reevaluate -- Making the Target Feel Powerless.

Dishing Out Nonphysical Punishment -- Intimidating a Target -- Using Positive Manipulation -- Summary -- Chapter 7: The Tools of the Social Engineer -- Physical Tools -- Lock Picks -- Cameras and Recording Devices -- Using a GPS Tracker -- Online Information-Gathering Tools -- Maltego -- SET: Social Engineer Toolkit -- Telephone-Based Tools -- Password Profilers -- Summary -- Chapter 8: Case Studies: Dissecting the Social Engineer -- Mitnick Case Study 1: Hacking the DMV -- The Target -- The Story -- Applying the SE Framework to the DMV Hack -- Mitnick Case Study 2: Hacking the Social Security Administration -- The Target -- The Story -- Applying the SE Framework to the SSA Hack -- Hadnagy Case Study 1: The Overconfident CEO -- The Target -- The Story -- Applying the SE Framework to the Overconfident CEO Hack -- Hadnagy Case Study 2: The Theme Park Scandal -- The Target -- The Story -- Applying the SE Framework to the Theme Park Hack -- Top-Secret Case Study 1: Mission Not Impossible -- The Target -- The Story -- Applying the SE Framework to Top Secret 1 -- Top-Secret Case Study 2: Social Engineering a Hacker -- The Target -- The Story -- Applying the SE Framework to the Top Secret Case Study 2 -- Why Case Studies Are Important -- Summary -- Chapter 9: Prevention and Mitigation -- Learning to Identify Social Engineering Attacks -- Creating a Personal Security Awareness Culture -- Being Aware of the Value of the Information You Are Being Asked For -- Keeping Software Updated -- Developing Scripts -- Learning from Social Engineering Audits -- Understanding What a Social Engineering Audit Is -- Setting Audit Goals -- What Should and Should Not Be Included in an Audit -- Choosing the Best Auditor -- Concluding Remarks -- Social Engineering Isn't Always Negative -- The Importance of Gathering and Organizing Information -- Choose Your Words Carefully.

Have a Good Pretext -- Practice Reading Expressions -- Manipulation and Influence -- Be Alert to Malicious Tactics -- Use Your Fear -- Summary -- Index -- EULA.