Unmasking the Social Engineer: The Human Element of Security

After finished reading the first book: It must have been clear to everyone - Your Company probably don't have any security at all. Social engineering isn't that easy to understand all the time. And as with everything else it takes more time for some to see what it really is to see the problem.For you who haven't seen or heard about Social Engineering I would definitely recommend it. [A quick example of social engineering]Most of the companies are still adding locks and glue to something that that a social engineer doesn't even tries to break through. The IT department is happy after finally securing the entrance to the extremes which have been their focus since forever. The malicious Social engineer in this case didn't. He had already collected the needed information and people the people he had targeted for this didn't realize it and before he left he had a quick coffee and cake while he was talking to the celebrating department then he left the building before the malicious code started to affect all systems.[---------------------------------------------------]While the first book explained how the attacker keep the control in all situations and is successful every time, the second book explains how The human body speaks (really loud and clear) about your thoughts and everything else you didn't say. But it will also teach to you think like the malicious attacker. To avoid some attempts.Knowledge is the only thing that is possible to get somewhere with this growing threat.In the first book Chris brought Social Engineering into words and knowledge in such details which could be explained and understandable and could be passed on to others, which is amazingThis book is the same but with the body language instead. Amazing or genius, the same meaning at this point-The book is helpful in so many ways. To change the behavior for someone who doesn't see the problem you need show the facts and make it visual.Everything is, as in the previous book, is explained on such details and then you practice the skills.And this needs to be adapted by everyone, otherwise the other security that is in place doesn't matters at all.It's educational, very interesting and very useful and so important to read and learnI mean, the only other way is to patch a vulnerability in the human mind

I'm very familiar with the author's passion for Social Engineering and all aspects related to it, due to being an avid listener of the Social Engineering podcast. Of course having enjoyed his previous book, I picked this one up right away… well I couldn’t put it down. The main take away i got from the book was realizing this is not just for social engineers, there are a great many practical aspects of non-verbals that apply to daily life; from being more aware of detecting the emotions of loved ones, to noticing the non-verbal tells of those in your professional life... and of course, learning how to become a better human hacker. The illustrations / photos were great, something you can't get from just a written or verbal description. My only complaint is some items were so interesting, I wish they were gone into with more details. The references to the research and sources were well documented, something many similar books lack. Also, for those new to social engineering / influence there are quite a few reviews of the basics yet done in such a way as to be concise and not bore those already familiar... personally I found those items valuable as a quick refresher. Again, great book and really the only one I know of that concentrate on the of non-verbals as applied to social engineering. This is an essential read for the penetration tester / security professional that goes on engagements with human interaction.

As the author points out several times in the text, the information and research that went into this book isn't new. This doesn't mean that the book doesn't add anything new to the discussion, but simply that a lot of the first half of the book will be review for you if you're already familiar with the research of people like Dr. Paul Ekman and Joseph Navarro. If you haven't already studied body language, nonverbal communication and micro expressions, then this book will be an excellent introduction for you.The second half of the book moves into the domain of social engineering, discussing how to use the methods described earlier to perform penetration tests and spot social engineers and con artists before they're able to do real damage. This part of the book is what makes Christopher Hadnagy's work valuable to people in law enforcement and the Intelligence Community.In the end, Chris's book will leave you hungry for more information and eager to practice the skills that the book discusses. The book also provides you with several excellent resources for those people interested in continuing to learn about social engineering, body language and micro expressions.

The Good:The book covers a wide array of topics including nonverbal communications, decoding body language, deciphering the science behind it all and then how to put it all together. Hadnagy seems to have taken the extra efforts to make sure that everything in the book is grounded in hard science (and it shows). Each chapter is sprinkled with real life examples of the topics with what worked and what failed on that engagement. The information is not just about body language and how to decode it; it is applied directly to the art of social engineering!The Bad:I have read most of the books that were referenced in this book, which made some of the underlining science a bit boring and mostly review. This isn’t really bad; perhaps more of a heads up than anything else.Summary:This book is written in such a way that it’s an easy read from end to end as well as a great reference book on the subject. I would recommend this book to anyone interested in social engineering. This is a must read for anyone starting out to the seasoned pros.

First of all let me say that I've read the first book more than a few times now, listened to the podcast, and read a large number of the books recommended on the soc-eng site. I've also attended the week long course that Chris runs based on this material (tl;dr, its an amazing course, thoroughly recommended).I was looking forward to seeing this come out and had my pre-order in for months before it came out (some life events meant I'm late posting this) and as soon as it came in I put my (then) current book down half read and started on this.It's clear that the book is intended, not as an alternative to the first book but as, more of an introduction to the science behind the techniques of social engineering discussed in the first book; as well as supplemental material such as micro-expressions. As such, it does a good job explaining that Social Engineering is based on sound psychological principles and not just on simplistic cons or jedi mind tricks. The writing style is engaging and discusses the subject along with relevant anecdotes from the authors experience. Given that, and the relatively short length of the book, you can easily zip through it in one or two sittings.Reading some of the reviews of the first book its clear that, as well as a lot of very positive feedback on the value of it, it attracted a number of negative reviews mainly from people who just thought "conning people is bad" (ignoring the context). In tandem with a pervasive view in Infosec that social engineering is somehow an inferior form of hacking, it could be viewed that this book is a direct response to that criticism. This is where I think some people might not see the full value. You can't learn everything there is to learn about such a complex subject as micro-expressions for example in a book this size. What you can do is learn that the subject exists, why it's of value to a social engineer, and where you can go to learn more. It's essentially a gateway to other works on the subjects herein from Dr Ekman, Cialdini, Navarro, Dreeke, etc. If you want to learn "how" read the first book and all the other works referenced. This book is more around a view on "why". Why the techniques work, and why a social engineer might use them in the context of an exercise.Having already read a number of books around this subject I perhaps didn't learn a huge amount of new material, but I enjoyed reading the book nonetheless and I can see the value in reading it; even more so if you are just starting out in the field.

Very disappointing.The link with Social Engineering (SE) was a huge stretch with very little useful, applicable or meaningful SE elements. Essentially this book was a rehash of existing body language material, most noticeably Joe Navarro's stuff.If you're interested in SE then get another book. If you're interested in body language or the work of Dr Ekman........then get another book.

Epic book read this and be scared about what you may be giving away without knowing😨

El libro, contrario a lo que esperaba, va directo al punto de cada tema. Lo pude terminar en 3 días y me ayudo considerablemente a ampliar mi conocimiento sobre ingeniería social. No es pesado ni tedioso, usa muchos ejemplos para ilustrar las ideas que describe. Completamente recomendado, no solo para gente de sistemas o tecnologías, sino para cualquier otra persona.

Je n'ai pas encore lu le premier livre sur le social engineering mais j'attendais plus de petites histoires de menaces concrètes et arrivées. Ce livre ne me parle pas de social engineering mais de comment comprendre le langage du corps des autres dans la vie de tous les jours.Bien sur ça s'applique aussi aux gens qui essaient d'influencer une personne pour qu'elle donne des informations privées. Mais je ne vois pas pourquoi quelqu'un associe le terme social engineering avec ces techniques, c'est comme donner un blanc seing au hackers du monde, et leur dire quelles techniques utiliser pour influencer les gens.J'ai apprécié les astuces pour détecter les micro et macro expressions du visage, pour déchiffrer la signification des positions du corps. Je les utiliserai avec bonheur avec mon mari!!!