To calculate the overall star rating and percentage breakdown by star, we don’t use a simple average. Instead, our system considers things like how recent a review is and if the reviewer bought the item on Amazon. It also analyses reviews to verify trustworthiness.
First of all let me say that I've read the first book more than a few times now, listened to the podcast, and read a large number of the books recommended on the soc-eng site. I've also attended the week long course that Chris runs based on this material (tl;dr, its an amazing course, thoroughly recommended).
I was looking forward to seeing this come out and had my pre-order in for months before it came out (some life events meant I'm late posting this) and as soon as it came in I put my (then) current book down half read and started on this.
It's clear that the book is intended, not as an alternative to the first book but as, more of an introduction to the science behind the techniques of social engineering discussed in the first book; as well as supplemental material such as micro-expressions. As such, it does a good job explaining that Social Engineering is based on sound psychological principles and not just on simplistic cons or jedi mind tricks. The writing style is engaging and discusses the subject along with relevant anecdotes from the authors experience. Given that, and the relatively short length of the book, you can easily zip through it in one or two sittings.
Reading some of the reviews of the first book its clear that, as well as a lot of very positive feedback on the value of it, it attracted a number of negative reviews mainly from people who just thought "conning people is bad" (ignoring the context). In tandem with a pervasive view in Infosec that social engineering is somehow an inferior form of hacking, it could be viewed that this book is a direct response to that criticism. This is where I think some people might not see the full value. You can't learn everything there is to learn about such a complex subject as micro-expressions for example in a book this size. What you can do is learn that the subject exists, why it's of value to a social engineer, and where you can go to learn more. It's essentially a gateway to other works on the subjects herein from Dr Ekman, Cialdini, Navarro, Dreeke, etc. If you want to learn "how" read the first book and all the other works referenced. This book is more around a view on "why". Why the techniques work, and why a social engineer might use them in the context of an exercise.
Having already read a number of books around this subject I perhaps didn't learn a huge amount of new material, but I enjoyed reading the book nonetheless and I can see the value in reading it; even more so if you are just starting out in the field.
Very disappointing. The link with Social Engineering (SE) was a huge stretch with very little useful, applicable or meaningful SE elements. Essentially this book was a rehash of existing body language material, most noticeably Joe Navarro's stuff. If you're interested in SE then get another book. If you're interested in body language or the work of Dr Ekman........then get another book.
El libro, contrario a lo que esperaba, va directo al punto de cada tema. Lo pude terminar en 3 días y me ayudo considerablemente a ampliar mi conocimiento sobre ingeniería social. No es pesado ni tedioso, usa muchos ejemplos para ilustrar las ideas que describe. Completamente recomendado, no solo para gente de sistemas o tecnologías, sino para cualquier otra persona.
Je n'ai pas encore lu le premier livre sur le social engineering mais j'attendais plus de petites histoires de menaces concrètes et arrivées. Ce livre ne me parle pas de social engineering mais de comment comprendre le langage du corps des autres dans la vie de tous les jours.
Bien sur ça s'applique aussi aux gens qui essaient d'influencer une personne pour qu'elle donne des informations privées. Mais je ne vois pas pourquoi quelqu'un associe le terme social engineering avec ces techniques, c'est comme donner un blanc seing au hackers du monde, et leur dire quelles techniques utiliser pour influencer les gens.
J'ai apprécié les astuces pour détecter les micro et macro expressions du visage, pour déchiffrer la signification des positions du corps. Je les utiliserai avec bonheur avec mon mari!!!
This is an interesting book, it has a contents, concise index and chapters are laid out well with good use of headings and subheadings and summations at the end of each chapter, there are supporting pictures and while there is the deployment of some technical jargon the pace is fine.
The book essentially a guide to non-verbal communication, elicitation, building rapport etc. with a view to social engineering, ie information gathering, pretexting, rapport, influence/manipulation, framing etc. It is very good in description of the processes commonly involved and the prescriptive side of the story is one of raising awareness about these processes for the purposes of improved security, it doesnt matter how many data protection and other measures there exist for someone personally and professionally if the human element isnt right its easy to "accidentially" reveal all that someone with malintent will need to transcend them all.
The question remains as to whether or not this book is illuminating enough to justify its expense, surely everyone possesses some level of awareness or insight into others to recognise when someone's behaviour appears manipulative, when they ask more questions than they ever provide disclosures, when they disclosures have a phony quality and simply mirror the context or the other with whom they are interacting and the a myriad of minor slips add up to something more like an indication of bad character.
There probably are varying degrees of wariness and perhaps some readers will be approaching books like this "after the horse has bolted", ie when their existing level of wariness as proven inadequate and they are questioning why, or perhaps its nothing which has happened to them personally but they have reflected upon headlines in the news about how routinely business and other services have been infiltrated by individuals who are willing to abuse positions of trust.
There is definitely content here which will refine any existing insight a reader possesses and it is not commonsensical material sold as something special. The book did make me think of a collection of slides or material built up over time through presenations, training resources and public speaking, both a strength and a weakness in some ways, so while as a reader you may at times feel this would all suit another method of delivery better, ie a talk, it also permits a lot of concision and if you want further information its possible to look elsewhere for more detail.
One thing I would note is a point about style, the author writes a style which is familiar to me from certain US business and management writers which can occasionally emulate something of a "bad novel" in style, like someone is writing for a presentation and it would suit that well but not so much a book. This is of course my opinion and maybe not shared by many, it is a minor quibble about what is overall a fine book. I would recommend this to as wide a readership as possible, the general reader aswell as the professional, I believe it is intended for such a readership and could provide some assurities against being scammed or targetted by the skilled manipulator.
5.0 out of 5 starsExplains how people can be read and influenced, helping you and your company defend against social engineering.
Reviewed in the United Kingdom on 24 July 2014
Chris Hadnagy is well known in IT security for understanding how hackers exploit human weaknesses to obtain information and systems access. Unmasking the Social Engineer is his latest book on the subject, and if you have any interest in protecting your company from hacking, or protecting yourself from manipulation - by hackers, salespeople, or anybody who wants to gain an advantage over you - then this book is well worth reading.
In this book Chris covers in depth the subjects of nonverbal communication and social engineering; how to read the body language of others, how to deliberately give off specific nonverbal signals, and how they can be used in a social engineering context.
Starting from the basics - explaining what he means by nonverbal communication and social engineering - he moves on to discuss how we communicate with different parts of our body and how to interpret body language. After that he bring in emotions, explaining how and why we switch from logical to emotional thinking, and how to move people from one to the other, Finally he discusses elicitation before rounding up the book with a summary of how to apply all this knowledge and these techniques.
This book is a short read at about 200 pages (about 6-7hours of commuting time for me) but don’t be put off by this. Chris does an excellent job of getting over exactly what he means without too much flannel and even if you come to this book with no prior background, you will learn a lot.
I’ve since moved on to his earlier book “Social Engineering: The Art of Human Hacking” and it is proving to be every bit as good.
Reviewed in the United Kingdom on 15 September 2014
I have been a long time fan of Paul Ekman and a strong advocate of his work within the NLP and Counselling communities. This latest title is nothing short of miraculous in that it adds to his work and in no way realll repeats anything he has done. This taps into a long time concern of mine in that many authors seem to release titles that just rehash the sme old material with one or two gems added and really an update would have been more appropriate; Paul Ekman does not in my opinion do this, he actually tells us something substantively new. If you are a psychologist, a teacher, or a therapist you will get a great benefit from this book, and I think that your students or clients will certainly gain from you having read it. A fine publication that will return its cover cost over and over again!