badge icon

This article was automatically translated from the original Turkish version.

Article

The Art of Deception (Book)

Quote
Görüntü 16.08.2025 12.34.jpeg

Publisher(s)

ODTÜ Geliştirme Vakfı Yayıncılık

Original Name(s)

The Art of Deception: Controlling the Human Element of Security

Publication Date(Text)

18.03.2013

Number of Pages(Text)

320

Translator(s)

Nejat Eralp Tezcan

Original Publisher

John Wiley & Sons

Author(s)

William L. Simon

Kevin D. Mitnick

Type(s)

Information Security

Cyber Security

Social Engineering

This fictional/technical book, authored by renowned computer hacker and security expert Kevin D. Mitnick and writer William L. Simon, was first published in 2002 and is regarded as one of the foundational texts in information security literature. Rather than treating information security as purely a technological issue, the book focuses on the "human factor," identified as the weakest link in the security chain. It examines social engineering attacks that target human psychology and behavioral patterns rather than software or hardware vulnerabilities. Through a structure that combines storytelling with analytical insight, the work aims to foster both individual and organizational awareness as a comprehensive security guide.

Subject and Theme

Social Engineering and the Human Factor: The central subject of the book is social engineering methods that exploit human weaknesses to gain access to confidential information, rather than relying on technical tools. The authors argue that even organizations with the most advanced security technologies can be easily breached through manipulation of employees. The core thesis is that "the weakest link in security is not technology but people." The book details how attackers use psychological manipulation techniques such as establishing trust via phone calls, emails, or face-to-face interactions, exploiting authority, creating urgency, or abusing altruism.

Fictional Structure and Methodology

To enhance its didactic function, the book follows a three-stage systematic structure in each chapter:

  • Narrative: The section that recounts the attack from its inception to its conclusion, told from the perspectives of both the attacker and the victim.
  • Analysis (What Was Believed?): The section that examines the cognitive biases, behavioral patterns, or procedural gaps that led the victim to fall for the deception.
  • Countermeasure Recommendations: The concluding section that lists technical and administrative measures—such as callback verification, authentication protocols, and awareness training—to prevent similar attacks.

Attack Techniques and Actors Discussed

The book categorically classifies social engineering techniques. Key methods include:

  • Pretexting: Gathering information by creating a fabricated identity or scenario.
  • Phishing, Vishing, Smishing: Harvesting sensitive data respectively via email, phone calls, and SMS.
  • Physical Access Attacks: Tailgating (following authorized personnel into restricted areas), shoulder surfing (observing screens), and dumpster diving (searching through trash).

Bibliographies

Mitnick, Kevin D. and William L. Simon. Aldatma Sanatı: Güvenliğin İnsan Boyutunun Kullanılması. Çev. Nejat Eralp Tezcan. Ankara: ODTÜ Geliştirme Vakfı Yayıncılık, 2005. ISBN 9757064916.

Mitnick, Kevin D. and William L. Simon. The Art of Deception: Controlling the Human Element of Security. Hoboken, NJ: John Wiley & Sons, 2002.

Author Information

Avatar
AuthorKübra ARITI ŞİĞVADecember 18, 2025 at 10:37 AM

Tags

Discussions

No Discussion Added Yet

Start discussion for "The Art of Deception (Book)" article

View Discussions

Contents

  • Subject and Theme

  • Fictional Structure and Methodology

  • Attack Techniques and Actors Discussed

Ask to Küre