Unmasking the Social Engineer: The Human Element of Security

Posted on by Ben Rothke

In his first book, Social Engineering: The Art of Human Hacking, author Christopher Hadnagy wrote the definitive book on social engineering.  In it, he detailed the entire lifecycle of social engineering and pretty much everything you needed to know on the topic.

In his just released follow-up Unmasking the Social Engineer: The Human Element of Security, he takes social engineering up a few levels.   While the first book was more of a practical introduction to the topic, this is an advanced title for the serious practitioner.  There is a lot of interesting information and research provided in the book.  But the challenge here is not just reading it; rather it is in mastering its practical use.

The book is meant to show the reader how do read a person’s body language and facial expressions.  By understanding them, it makes social engineering easier, but also defending against social engineering attacks easier also.  If you can understand how an attacker uses non-verbal behavior, then you can better defend yourself and your organization against them.

While the first book was about a standard approach to social engineering, this new title can be seen as advanced social engineering.  The premise of the book is that in order to effectively and fully deal with and defend against social engineering threats, an understanding of how non-verbal communications is used is important.

The book notes that much of our everyday communications are nonverbal.  And as its name implies, nonverbal communication is the process of communicating and understanding messaging via mechanisms such as touch, posture, body language, eye movement, eye contact and more.

Since social engineers and scammers use these techniques, it is important to understand them in order to defend against them.

The books forward is written by Dr. Paul Ekman.  Ekman is a renowned psychologist whose career is deeply enmeshed in non-verbal communications.  Hadnagy’s approach is based significantly on methods Ekman developed, much of it starting over 35 years ago.  As to Dr. Ekman, he was ranked in the 100 most cited psychologists of the 20th-century. 

Of the books 4 parts, half of the book is in part 2 – Decoding The Language of the Body.  The 4 chapters in the section particularize the various aspects of how movements around different body parts can be interpreted. 

While an interesting read, the techniques detailed in the book are quite complex.  Whereas it is often difficult to understand what people say, understanding their non-verbal communications is not a trivial endeavor.  Readers should therefore not read this 200 page book and expect to come out experts in non-verbal communications.

For the serious reader who wants to understand everything they can about the topic of social engineering, Unmasking the Social Engineer: The Human Element of Security should one of the references in their reading arsenal.

Ben Rothke

Senior Information Security Manager, Tapad

security awareness cyber warfare & cyber weapons forensics & e-discovery

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs