The Art of Deception
(See online!)
When I taught Operations Security to the military, contractors, at the Pentagon, and more, I told the story of Kevin Mitnick. The world's first hacker to hit the FBI's most wanted list. Able to evade capture for years because of how carelessly the FBI managed information (which gave him the advanced warning he needed to skip town).
The most important part of the story is that it wasn't his hacking skills that made him so notable; it was his fluency with dumpster diving (finding discarded product manuals for the company's core equipment), but especially social engineering.
Whenever he couldn't figure out how to bypass security, he'd call around the company asking for names, phone numbers, and terms the company used so the next person he talked to would assume he was an insider and answer almost anything. It was so simple, but ruthlessly effective because we like to share. We like to help and there's nothing wrong with that.
 |  | There's nothing wrong with being helpful - quite the opposite in fact! But the key is to know who you're talking to and never offer more than is warranted for the situation lest you be taken advantage of. |
Once Kevin was released, he started a security company and published this book to help teach people how not to fall for the tricks he (and many who followed him) used. A vital part of any security-minded professional's library, The Art of Deception will show you how to defend against tricks used to convince you to violate your own security.
Tags: Books, Elicitation, Kevin Mitnick, RPS, Social Engineering