Social Engineering: Recommended Resources for 2022

From time to time, I get asked about what resources I recommend for learning about social engineering. Here is my list:

Rapport & Influence

• It’s Not All About “Me” by Robin Dreeke: Book written by a former FBI agent who specialized in developing informants. Great advice for striking up a conversation and building rapport — fast. Short read. Great advice for all sorts of life situations.
• Influence: The Psychology of Persuasion by Robert Cialdini: You will never look the same at Hari Krishna at the airport or waiters in the restaurant.
• The Jordan Harbinger Show: Podcast on honing social skills in business. Lots of cross-over to social engineering.
• Charisma on Command YouTube channel: Great content on social skills, such as first impressions, confident voice tips, and telling good stories. Very applicable to business setting.

Eliciting Information

• FBI Elicitation Techniques: Written to help people protect against elicitation attempts, this is actually a pretty good 2-page guide on how to do it.

OSINT

• Open Source Intelligence Techniques by Michael Bazzell: Turbo-charge your OSINT-fu to dig into accounts faster. Also check out https://inteltechniques.com/ containing many search tools by the author.
• OSINTCurio.us website and podcast covers new tools and techniques as well as applications to different walks of life.
• Trace Labs lets you apply your OSINT expertise on real-life missing person cases, either in the monthly cases or timed competitions. Results get filted, sorted, and passed on to law enforcement.

Nonverbal Communication

• What Every BODY is Saying by Joe Navarro: Great primer on body language by a former FBI counter-intelligence interrogator. Also a fun read is Three Minutes to Doomsday by the same author.
• Face Basics micro expressions certification by Paul Ekman: Ever seen the TV show “Lie to me”? It’s modeled after Paul Ekman. This $99 online course and certification is what law enforcement agents go through as well. Plus, you can post it on your LinkedIn profile.
• Center for Body Language: Free courses for micro expressions. Also check out Patryk Wezowski’s YouTube channel.

Phishing

• MarketingExperiments: No a site about phishing per se, but a great resource to understand how to make people click on links. This site runs scientific experiments running A/B tests on emails, landing pages, and ads, which may sound strangely familiar if you’ve ever written a phishing email, but with a scientific twist.

General Social Engineering

• Ghost in the Wires by Kevin Mitnick: In the 90s, Kevin used social engineering to successfully hack companies and government agencies and ran from the FBI before spending 5 years in prison. Today, he’s a consultant and public speaker. You can find his talks on YouTube. Great examples of how social engineering can cause breaches.
• Video of my winning Defcon call: My recorded reenactment of the call that helped me win the Social Engineering Capture the Flag (SECTF) competition at Defcon.