Staff theft and fraud is a complex area and behind all events is a manipulation of trust. Consciously or subconsciously the committed fraudster will work to get themselves in the best position possible. Typically before the fraud event to ensure they are above suspicion or occasionally when under suspicion to deflect matters.
In any system or business, the human element is often the weakest link in security, and that fraudsters – whether they are after money, user information, etc – regularly take advantage of this fact to gain a foothold into business systems and expose gaps in process.
Social Engineering Penetration Testing
Executing Social Engineering Pen Tests, Assessments and Defense
By Gavin Watson Andrew Mason Richard Ackroyd
The book begins by explaining what social engineering is and offers many great examples, both fictional (from movies) and from real-life events (famous con men, hackers, breaches). I thought this to be a brilliant way to introduce the notion of social engineering and for readers to get a feel what actions and approaches can fall under that label.
Additionally the book addresses all the things that make the human element the weakest link in the security chain (and it’s not always primarily the employees’ fault), and the next one effectively explains the various manipulation techniques used by social engineers by offering realistic examples for each technique, and will give readers an idea of the talents that a successful social engineer has to have. Next, short and long game attack strategies are illustrated in detail.
Well worth a read.