• Choose a category
• All
• Classic-Fiction

disabling

general departmental mailbox

leaving phone number on

obtaining temporary

policy

voice recognition

vouching

vulnerability

assessment of.

factors influencing

testing

W

Web sites

e-commerce

phony

secure connections

wordlist

wireless access points

wordlist, use of

worms

Table of Contents

Title Page

Copyright Page

Dedication

Social Engineering

Foreword

preface

Introduction

part 1 - behind the scenes

chapter 1 - Security’s Weakest Link

THE HUMAN FACTOR

A CLASSIC CASE OF DECEPTION

THE NATURE OF THE THREAT

ABUSE OF TRUST

TERRORISTS AND DECEPTION

ABOUT THIS BOOK

part 2 - the art of the attacker

chapter 2 - When Innocuous Information Isn’t

THE HIDDEN VALUE OF INFORMATION

CREDITCHEX

THE ENGINEER TRAP

MORE “WORTHLESS” INFO

PREVENTING THE CON

chapter 3 - The Direct Attack: Just Asking for It

AN MLAC QUICKIE

YOUNG MAN ON THE RUN

ON THE DOORSTEP

GAS ATTACK

PREVENTING THE CON

chapter 4 - Building Trust

TRUST: THE KEY TO DECEPTION

VARIATION ON A THEME: CARD CAPTURE

THE ONE-CENT CELL PHONE

HACKING INTO THE FEDS

PREVENTING THE CON

chapter 5 - “Let Me Help You”

THE NETWORK OUTAGE

A LITTLE HELP FOR THE NEW GAL

NOT AS SAFE AS YOU THINK

PREVENTING THE CON

chapter 6 - “Can You Help Me?”

THE OUT-OF-TOWNER

SPEAKEASY SECURITY

THE CARELESS COMPUTER MANAGER

PREVENTING THE CON

chapter 7 - Phony Sites and Dangerous Attachments

“WOULDN’T YOU LIKE A FREE (BLANK)?”

MESSAGE FROM A FRIEND

VARIATIONS ON A THEME

VARIATIONS ON THE VARIATION

chapter 8 - Using Sympathy, Guilt, and Intimidation

A VISIT TO THE STUDIO

“DO IT NOW”

“MR. BIGG WANTS THIS”

WHAT THE SOCIAL SECURITY ADMINISTRATION KNOWS ABOUT YOU

ONE SIMPLE CALL

THE POLICE RAID

TURNING THE TABLES

PREVENTING THE CON

chapter 9 - The Reverse Sting

THE ART OF FRIENDLY PERSUASION

COPS AS DUPES

PREVENTING THE CON

part 3 - intruder alert

chapter 10 - Entering the Premises

THE EMBARRASSED SECURITY GUARD

DUMPSTER DIVING

THE HUMILIATED BOSS

THE PROMOTION SEEKER

Analyzing the Con

SNOOPING ON KEVIN

PREVENTING THE CON

chapter 11 - Combining Technology and Social Engineering

HACKING BEHIND BARS

THE SPEEDY DOWNLOAD

EASY MONEY

THE DICTIONARY AS AN ATTACK TOOL

PREVENTING THE CON

chapter 12 - Attacks on the Entry-Level Employee

THE HELPFUL SECURITY GUARD

THE EMERGENCY PATCH

THE NEW GIRL

PREVENTING THE CON

chapter 13 - Clever Cons

THE MISLEADING CALLER ID

VARIATION: THE PRESIDENT OF THE UNITED STATES IS CALLING

THE INVISIBLE EMPLOYEE

THE HELPFUL SECRETARY

TRAFFIC COURT

SAMANTHA’S REVENGE

PREVENTING THE CON

chapter 14 - Industrial Espionage

VARIATION ON A SCHEME

THE NEW BUSINESS PARTNER

LEAPFROG

PREVENTING THE CON

part 4 - raising the bar

chapter 15 - Information Security Awareness and Training

SECURITY THROUGH TECHNOLOGY, TRAINING, AND PROCEDURES

UNDERSTANDING HOW ATTACKERS TAKE ADVANTAGE OF HUMAN NATURE

CREATING TRAINING AND AWARENESS PROGRAMS

TESTING

ONGOING AWARENESS

WHAT’S IN IT FOR ME?

chapter 16 - Recommended Corporate Information Security Policies

WHAT IS A SECURITY POLICY?

DATA CLASSIFICATION

VERIFICATION AND AUTHORIZATION PROCEDURES

MANAGEMENT POLICIES

INFORMATION TECHNOLOGY POLICIES

POLICIES FOR ALL EMPLOYEES

POLICIES FOR TELECOMMUTERS

POLICIES FOR HUMAN RESOURCES

POLICIES FOR PHYSICAL SECURITY

POLICIES FOR RECEPTIONISTS

POLICIES FOR THE INCIDENT REPORTING GROUP

Security at a Glance

sources

Acknowledgements

index