The Art of Deception
Controlling the Human Element of Security
Kevin Mitnick and William Simon's case-study collection of social-engineering attacks: PBX scams, helpdesk impersonation, dumpster-diving, the casual lies that sound true. The technology dates the book; the human side is timeless.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Kevin Mitnick,William L. Simon
- Published
- 2002
- Publisher
- Wiley
- Pages
- 368
- Language
- English
Read this if
Anyone in red team, awareness training, fraud, or insider-threat work who wants the best printed library of pretext archetypes. Mitnick's call scripts are still the gold standard for understanding how a competent social engineer establishes credibility in 30 seconds.
Skip this if
Readers wanting current SE tradecraft on phishing, deepfakes, voice cloning, MFA fatigue, or modern OSINT-driven targeting. Treat the technical envelope as a museum piece; only the human core generalizes.
Key takeaways
- Most successful pretexts are not lies; they are partial truths weighted toward what the target already wants to do.
- Helpdesks, third-party vendors, and after-hours staff are still the structural weak points the book identifies — twenty years later, with new technology stacks but the same failure modes.
- Awareness training built around Mitnick's archetypes outperforms generic phishing-click-rate metrics; the book is the textbook for that approach.
Notes
Pair with Social Engineering 2e (Hadnagy) for a more procedural modern treatment and with Practical Social Engineering (Gray) for the engagement-side workflow. Mitnick's later memoir Ghost in the Wires fills in the personal arc behind the case studies. The opening 'security is process, not product' chapters were the first time many people in the field had heard the argument and they still recruit beginners into the discipline.
What to read before
What to read before The Art of Deception →Beginner · 2011
Ghost in the Wires
Kevin Mitnick's first-person account of his 1990s social-engineering and phone-system intrusions, foreword by Steve Wozniak. Self-promotional in tone but a primary source on a defining era.
Beginner · 2019
Foundations of Information Security
Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.
Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.
What to read next
What to read after The Art of Deception →Intermediate · 2018
Social Engineering
Christopher Hadnagy's broad procedural reference on social engineering as a discipline — recon, pretexting, elicitation, microexpressions, and the structured engagement model his consultancy operationalized.
Beginner · 2011
Ghost in the Wires
Kevin Mitnick's first-person account of his 1990s social-engineering and phone-system intrusions, foreword by Steve Wozniak. Self-promotional in tone but a primary source on a defining era.
Intermediate · 2011
A Bug Hunter's Diary
Tobias Klein walks through seven real vulnerabilities he found and exploited, in the form of personal lab notes, what he tried, what failed, and what eventually shipped to vendors.
Explore similar books
Alternatives to The Art of Deception →Intermediate · 2018
Social Engineering
Christopher Hadnagy's broad procedural reference on social engineering as a discipline — recon, pretexting, elicitation, microexpressions, and the structured engagement model his consultancy operationalized.
Beginner · 2011
Ghost in the Wires
Kevin Mitnick's first-person account of his 1990s social-engineering and phone-system intrusions, foreword by Steve Wozniak. Self-promotional in tone but a primary source on a defining era.
Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.