This is my last week of Social Engineering class at Webster University. The textbook we have been using is “Social Engineering: The Science of Human Hacking” by Christopher Hadnagy. This book is full of powerful personal ancedotes that help me understand Social Engineering better. They also resonate deeply because so many of the anecdotes are relatable to experiences from my own life.
An example of a story that really made me think is on page 260. Hadnagy tells of talking with a friend whose family had been personally affected by a common scam. The friend was angry with him for not warning him sooner and exclaimed “If you knew these things existed, why didn’t you warn your friends?”
I have had friends get angry with me and stop speaking with me for warning them about social media and other media scams and trying to explain media literacy concepts when I saw that they were being trolled. Part of good Social Engineering is to help the people you are trying to warn become more receptive to what you are trying to teach them so they can take in the information to protect themselves against harmful Social Engineering. If someone is your friend and you care about them, you want them to know these concepts. If my attempts are too clumsy and I arouse their defenses instead of concern and I fail to warn because of that, I need to do better. That’s one of the things I’m learning in this class and others. The more I learn about media and technology as I work on a Advertising and Marketing Communications Master’s degree, the more I feel the need to warn.
I’m going to be writing a LOT this week to finish the course, and some of it is going to end up on this blog immediately and farther in the future. Hadnagy advises us not to “assume that the knowledge about these attacks is just common sense”. There are techniques in Hadnagy’s book, in our class, and in lots of other course material I’m learning that is also in classic books, around for many decades, such as “How to Win Friends and Influence People” by Dale Carnegie and “The Hidden Persuaders” by Vance Packard. I have owned those books a long time and have read them several times and I still have to work to master the material in them.
As I learned on a podcast this morning, the concept and term “Social Engineering” has been around since the late 1800s. With every new technological advance that comes along, there are new skills to learn to avoid exploitation through Social Engineering combined with other types of attacks. In order to help people find information on this blog that I think everyone should know as a life skill, I’m going to apply the hashtag #whydidntyouwarnme/ to relevant past and future blog posts.
I have also started listening to a couple of excellent podcasts that are free to listen to if you want more information about the types of media and security issues I’m trying to warn about. I think every Internet user who has something to lose, whether for personal or business reasons, needs to be informed as well as possible.
The Social-Engineer Podcast – hosted by Christopher Hadnagy himself with a variety of co-hosts as they interview leaders in the Social Engineering field.
Hacking the Humans – information about “social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world”.
What types of scams are you the most concerned about?