Shop now Learn more Shop now Shop All Amazon Fashion Shop Suki Ad Campaign Pieces Cloud Drive Photos Shop now Amazon Fire TV Shop now Halloween Pets Shop now Shop Fire Shop Kindle Voyage Listen in Prime Learn more Shop now
Social Engineering in IT Security: Tools, Tactics, and Te... and over 2 million other books are available for Amazon Kindle . Learn more
  • RRP: £27.99
  • You Save: £5.29 (19%)
FREE Delivery in the UK.
Only 4 left in stock (more on the way).
Dispatched from and sold by Amazon.
Gift-wrap available.
Social Engineering in IT ... has been added to your Basket
+ £2.80 UK delivery
Used: Very Good | Details
Condition: Used: Very Good
Comment: Ships from USA. Allow 10 - 28 days for delivery to UK, additional week other countries.... Publisher overstock or return with minor shelfwear. May have remainder mark. Ships from USA. Allow 10 - 28 days for delivery to UK, additional week other countries. Reliable carrier.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Social Engineering in IT Security: Tools, Tactics, and Techniques Paperback – 1 Aug 2014

1 customer review

See all formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
£15.06 £6.51
£22.70 FREE Delivery in the UK. Only 4 left in stock (more on the way). Dispatched from and sold by Amazon. Gift-wrap available.

Special Offers and Product Promotions

  • Save £20 on with the aqua Classic card. Get an initial credit line of £250-£1,200 and build your credit rating. Representative 32.9% APR (variable). Subject to term and conditions. Learn more.

Frequently Bought Together

  • Social Engineering in IT Security: Tools, Tactics, and Techniques
  • +
  • Social Engineering: The Art of Human Hacking
  • +
  • Unmasking the Social Engineer: The Human Element of Security
Total price: £56.21
Buy the selected items together

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet and computer.

  • Apple
  • Android
  • Windows Phone

To get the free app, enter your e-mail address or mobile phone number.

Product details

  • Paperback: 272 pages
  • Publisher: McGraw-Hill Professional (1 Aug. 2014)
  • Language: English
  • ISBN-10: 0071818464
  • ISBN-13: 978-0071818469
  • Product Dimensions: 1.3 x 17.8 x 22.2 cm
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: 434,902 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Author

Discover books, learn about writers, and more.

Product Description

About the Author

Sharon Conheady is a director at First Defence Information Security in the UK where she specializes in social engineering. She has presented on the topic at security conferences worldwide and regularly leads training seminars on how to perform ethical social engineering tests and defend against social engineers.

Inside This Book

(Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

Customer Reviews

5.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See the customer review
Share your thoughts with other customers

Most Helpful Customer Reviews

1 of 2 people found the following review helpful By andrew tollinton on 21 Oct. 2014
Format: Paperback Verified Purchase
If you’re someone that has ever wondered ‘how do they know that about me or my organisation?’ then this book is probably for you.

It has so many fantastic insights you could probably hold court at any dinner party for hours on the back of it.

I’m from a non-IT background so as soon as I read ‘IT’ in the title I feared the worst, the TLAs (three letter acronyms), but any jargon that is used is pretty useful. For example, I can now pinpoint films employing the ‘ten attack’ (using super attractive people rated 10 out of 10 to distract gatekeepers) and drop into conversation ‘oh that’s a Road Apple don’t you know’ and wait for the response ‘the what?!’

The author writes in an instantly accessible style and has some lovely injections of wit and humour that keeps you engaged throughout.

Social Engineering is something we should all know more about and I’m sure in time it will seep into the ether of general knowledge, particularly as the Internet of Things gains traction and someone hacks my right hand!

Social Engineering in IT Security is a cracking read, a literary ten attack.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Helpful Customer Reviews on (beta) 2 reviews
4 of 4 people found the following review helpful
Effective guide on which to build a social engineering testing program 21 Aug. 2014
By Ben Rothke - Published on
Format: Paperback
When I first got a copy of Social Engineering in IT Security Tools, Tactics, and Techniques by Sharon Conheady, my first thought was that it likely could not have much that Christopher Hadnagy didn't already detail in the definitive text on the topic: Social Engineering: The Art of Human Hacking. Obviously Hadnagy thought differently, as he wrote the foreward to the book; which he found to be a valuable resource.

While there is overlap between the two books; Hadnagy takes a somewhat more aggressive tool-based approach, while Conheady's book takes a somewhat more passive, purely social approach to the topic. There are many more software tools in Hadnagy; while Conheady doesn't reference software tools until nearly half-way through the book.

This book provides an extensive introduction to the topic and details how social engineering has evolved through the centuries. Conheady writes how the overall tactics and goals have stayed the same; while the tools and techniques have been modified to suit the times.

Coming in at about 250 pages, the book finds a good balance between high-level details and actionable tactical things to execute on. Without getting bogged down in filler.

Since the social engineering tools and techniques only get better, the advantage Conheady's book has it that it details a lot that has changed in the 4 years since Hadnagy's book came out.

Conheady writes about mumble attacks, which are telephone-based social engineering attacks that are targeted at call center agents. The social engineer will pose as a speech-impaired customer or as a person calling on behalf of the speech-impaired customer. The goal of this method is to make the victims; in this case call center agents feel awkward or embarrassed and release the desired information. Given the pressure in which most call center agents are under; this is a simple yet highly effective attack.

Like Hadnagy, this also has a detailed social engineering test methodology. Conheady details a methodology with 5 stages: planning and target identification, research and reconnaissance, scenario creation, attack execution and exit, and reporting. She notes that one does not have to be a slave to the methodology, and it can be modified depending on the project.

Social engineering can often operate on the limit of what is legal and ethical. The author goes to great lengths to write what the ethical and legal obligations are for the tester.
The book is filled with lots of practical advice as Conheady is seasoned and experienced in the topic. From advice to dealing with bathrooms as a holding location, gaining laptop connectivity and more; she writes of the many small details that can make the difference between a successful social engineering test and a failed one.

The book also details many areas where the job of the social engineer is made easy based on poor security practices at the location. Chapter 7 details how many locations have access codes on doors often don't do much to keep social engineers out. Many doors have 4-character codes, and she writes that she has seen keypads where the combination numbers have been so worn down that you can spot them straightaway.

As noted earlier, the book focuses more on the human techniques of social engineering than on software tools. She does not ignore that tools and in chapter 9 provides a list of some of the more popular tools to use, including Maltego, and others. She also has lists of other tools to use such as recording devices, bugging devices, phone tools and more.

With all those, she still notes that the cell phone is the single most useful item you can bring with you on a social engineering test. She writes that some of the many uses a cell phone has is to discourage challengers, fake a call to look busy, use the camera and more.

While most of the book is about how to execute a social engineering test, chapter 10 details how you can defend against social engineering. She notes that it is notoriously difficult to defend against social engineering because it targets the weakest link in the security chain: the end-user. She astutely notes that a firm can't simply roll out a patch and immunize its staff against the latest social engineering attack. Even though there are vendors who make it seem like you can.

The chapter also lists a number of indicators that a firm may be experiencing a social engineering attack.

Hadnagy's Social Engineering: The Art of Human Hacking is still the gold-standard on the topic. But Social Engineering in IT Security Tools, Tactics, and Techniques certainly will give it a run for the money.

Hadnagy's approach to social engineering is quite broad and aggressive. Conheady takes more of a kinder, gentler approach to the topic.

For those that are looking for an effective guide on which to build their social engineering testing program on, this certainly provides all of the core areas and nearly everything they need to know about the fundamentals of the topic.
0 of 1 people found the following review helpful
Social Engineering - Working with a Superstar 29 Aug. 2014
By Jon Fisher - Published on
Format: Paperback
I’ve just spent the last few days reading Sharon Conheady’s book ‘Social Engineering in IT Security: Tools, Tactics, and Techniques’ published by McGraw-Hill.
I must make clear that I know Sharon as I work at First Defence Information Security Limited where she is one of the Directors, but my interest in her book transcends our working relationship and errs more towards the realms of my status as a FAN.
Sharon’s reputation precedes her (this is one of the reasons I decided to Join First Defence in the first place), and her experience, thoughts and innovations are distilled into the book in fantastic detail. Those of you who have seen her speak at conferences and seminars around the world will be familiar with her style and extensive catalogue of ‘war stories’ – you’ll find all of this and more packed into the book.
A proportion of the book is dedicated to the mechanics of Social Engineering testing – the legalities, ethics, tools and how to go about producing a useful client-facing report. There are tips and thoughts scattered throughout the chapters for those planning how to go about performing a test, as well as insights into how attacks are planned and executed for those looking at how to protect themselves and their business.
My particular favourite aspects of the book are the historic and cultural examples of Social Engineering in action, and the use of some up-to-the-minute references to relatively recent news stories.
In my role as Sales Consultant at First Defence, having such a star in our midst certainly helps in the many conversations I have with current and prospective clients about how we might help them with the understanding of their information security risks, and how we might help them make improvements.
As a fan, I can safely say that the book satisfies my desire to have all Sharon’s years of experience crystallised into a logical and helpful form. ……… As an Information Security Professional, I can also attest to the fact that having the latest thinking to hand helps me in how I approach my clients’ challenges……………. As an employee of First Defence – I can only say that having one of the top Social Engineering talents in the world as a boss certainly makes my life easier (although busier!).
Were these reviews helpful? Let us know