2 min read

Social Engineering: The Science of Human Hacking

In the times of the COVID-19 where cybercriminals are leaving no stones unturned to devise assaults on every possible domain, just the term “social engineering” may sound gruesome to many people.

It is genuinely plausible that you may think I have some evil intentions. Otherwise why on earth will I choose to read such a book in such tough times!

But before you jump into any conclusion, let me give you some context.

I am the co-founder of a cybersecurity company called LoginRadius. It is my job to protect consumers and their data. But the best part is I am passionate about identities, data governance, and how to protect digital privacy.

So I picked this book to learn more about how the bad actors hack into the human brain, manipulate us, and gain physical access or access to vital information.

Cybercriminals do not only break into organizations but also attack individuals to get hold of personally identifiable information (termed PII) like credit card details, account credentials, Social Security Number, and so on.

Imagine the intensity of harm the bad actors may cause after gaining access to such vital information!

If you are a fan of the intriguing crime genre, watch Netflix TV Series Jamtara. I watched it over the weekend and loved it (by the way!). It is a real story based on a small village in India, Jamtara where a group of young people runs phishing operations and ends up stealing millions of dollars.

My Review

The book is authored by Christopher Hadnagy, founder of Social-Engineer, LLC, a consulting firm. He created the world’s first social engineering framework and has been training people on this discipline for over 20 years.

Social Engineering can be treated as a well-established protocol to proactively train people against hackers. Think of it as a sub-stream of ethical hacking — not technology hacking but human hacking.

The book provides an overview of what social engineering is and helps you understand the importance of the concept and how it is used by bad actors to pose threats to the good world.

The book is written in plain English, includes a lot of examples from the author’s past experiences, and educates readers on various methodologies on how to use SE as a shield against cyber attacks.

After reading the book, you will realize how vulnerable people are to attacks and that breaching people’s privacy and stealing their sensitive information is not that difficult. It will build your mindset to be alert against such attacks.

The book also contains a dedicated chapter on Mitigation and Prevention Plan to help organizations protect themselves.

About The Book

It is a 278-page book with a lot of visual illustrations. It is easy to read and can be completed in 2–3 seatings. The book is divided into 11 chapters and is available in hardcover, paperback, and audio format. It cost me US$35.

Who Is I For

Great for security professionals, executives of security companies, and anyone who is curious about learning how to protect against phishing.

My Overall Rating: 3.8 / 5

Overall, it is a good read but doesn’t go in-depth on the subject.