The Art of Deception
Controlling the Human Element of Security
Kevin Mitnick and William Simon's case-study collection of social-engineering attacks: PBX scams, helpdesk impersonation, dumpster-diving, the casual lies that sound true. The technology dates the book; the human side is timeless.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Kevin Mitnick,William L. Simon
- Published
- 2002
- Publisher
- Wiley
- Pages
- 368
- Language
- English
Read this if
Anyone in red team, awareness training, fraud, or insider-threat work who wants the best printed library of pretext archetypes. Mitnick's call scripts are still the gold standard for understanding how a competent social engineer establishes credibility in 30 seconds.
Skip this if
Readers wanting current SE tradecraft on phishing, deepfakes, voice cloning, MFA fatigue, or modern OSINT-driven targeting. Treat the technical envelope as a museum piece; only the human core generalizes.
Key takeaways
- Most successful pretexts are not lies; they are partial truths weighted toward what the target already wants to do.
- Helpdesks, third-party vendors, and after-hours staff are still the structural weak points the book identifies — twenty years later, with new technology stacks but the same failure modes.
- Awareness training built around Mitnick's archetypes outperforms generic phishing-click-rate metrics; the book is the textbook for that approach.
Notes
Pair with Social Engineering 2e (Hadnagy) for a more procedural modern treatment and with Practical Social Engineering (Gray) for the engagement-side workflow. Mitnick's later memoir Ghost in the Wires fills in the personal arc behind the case studies. The opening 'security is process, not product' chapters were the first time many people in the field had heard the argument and they still recruit beginners into the discipline.
What to read before
What to read before The Art of Deception →Beginner · 2022
Cyberattaques
A clear, journalistic decoding of the cyberattack ecosystem — ransomware gangs, state actors, and the economics and geopolitics behind the headlines — by one of France's best-known cyber experts.
Beginner · 2023
Fancy Bear Goes Phishing
Five famous hacks used as a way into the deeper question of why software is insecure at all, written by a Yale law professor who learned to code to write it. More a history and theory of vulnerability than a how-to.
Beginner · 2011
Ghost in the Wires
Kevin Mitnick's first-person account of his 1990s social-engineering and phone-system intrusions, foreword by Steve Wozniak. Self-promotional in tone but a primary source on a defining era.
What to read next
What to read after The Art of Deception →Intermediate · 2018
Social Engineering
Christopher Hadnagy's broad procedural reference on social engineering as a discipline — recon, pretexting, elicitation, microexpressions, and the structured engagement model his consultancy operationalized.
Intermediate · 2005
Reversing
The book that taught a generation how software actually looks once you strip away the source. Still the clearest on-ramp to thinking in assembly, even with dated tools.
Intermediate · 2010
Understanding Cryptography
A genuinely teachable intro to modern cryptography that derives the math instead of hand-waving it, covering symmetric and public-key primitives without drowning you in proofs.
Explore similar books
Alternatives to The Art of Deception →Intermediate · 2018
Social Engineering
Christopher Hadnagy's broad procedural reference on social engineering as a discipline — recon, pretexting, elicitation, microexpressions, and the structured engagement model his consultancy operationalized.
Beginner · 2023
Fancy Bear Goes Phishing
Five famous hacks used as a way into the deeper question of why software is insecure at all, written by a Yale law professor who learned to code to write it. More a history and theory of vulnerability than a how-to.
Beginner · 2022
Cyberattaques
A clear, journalistic decoding of the cyberattack ecosystem — ransomware gangs, state actors, and the economics and geopolitics behind the headlines — by one of France's best-known cyber experts.