This article surveys the literature on social engineering. There are lots of security application and hardware in market; still there are several methods that can be used to breach the information security defenses of an organization or individual. Social engineering attacks are interested in gaining information that may be used to carry out actions such as identity theft, stealing password or gaining information for another type of attack. The threat lies with the combinations of social engineering with another type of attacks like Phishing and Watering hole attack which make it hard to defense against. This research aims to investigate the impact of modern Social Engineering on the organization or individual. It describes the categories of Social Engineering, and how the attacker takes advantage of human behavior. At the same time, I also discuss the direct and indirect attack of social engineering and the defense mechanism against this attack.
References
[1]
Oriyano, S.-P. (2016) Certified Ethical Hacker. John Wiley & Sons, New York. https://doi.org/10.1002/9781119419303
[2]
Gulati, R. (2003) The Threat of Social Engineering and Your Defense against It. SANS Institute, North Bethesda.
[3]
Field, T. (2016) Email Security: Social Engineering Report. AGARI, Foster City.
Mouton, F., Malan, M.M., Leenen, L. and Venter, H.S. (2014) Social Engineering Attack Framework. 2014 Information Security for South Africa, Johannesburg, 13-14 August 2014.
[6]
Chantler, A.N. and Broadhurst, R. (2007) Social Engineering and Crime Prevention in Cyberspace.
[7]
Nyirak, A. (2017) The Social Engineering Framework. https://www.social-engineer.org/framework /attack-vectors/attack-cycle/
Krombholz, K., Hobel, H., Huber, M. and Weippl, E. (2014) Advanced Social Engineering Attacks. Journal of Information Security and Applications, 22, 113-122. https://doi.org/10.1016/j.jisa.2014.09.005
[10]
Wynants, F. (2017) Verizons 2016 Data Breach Investigations Report. http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/
[11]
Poremba, S.M. (2017) Dramatic Increase in Phishing Proves its Effectiveness. http://www.itbusinessedge.com/blogs/data-security/dramatic-increase-in-phishing-proves -its-effectiveness.html
[12]
Jagatic, T., Johnson, N., Jakobsson, M. and Menczer, F. (2005) Social Phishing. Communications of the ACM, 50, 94-100. https://doi.org/10.1145/1290958.1290968
[13]
Thorp, D. and Tilley, K. (2017) BCI Cyber Resilience Report, Sungard Availability Services. Business Continuity Institute, Berkshire.
[14]
FireEye, Inc. (2016) The Real Dangers of Spear-Phishing Attacks. FireEye, Inc., Milpitas.
[15]
Brody, R.G., Brizzee, W.B. and Cano, L. (2012) Flying under the Radar: Social Engineering. International Journal of Accounting and Information Management, 20, 335-347. https://doi.org/10.1108/18347641211272731
[16]
Papazov, Y. (2016) Social Engineering, NATO-STO. Business Park Sofia.
[17]
Oscar Celestino Angelo Abendanll (2013) Water hole 101. https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/137/watering-hole-101
[18]
Puneeth, M., Farha, J.S., Yamini, M. and Sandhya, N. (2015) Social Engineering on Social Networking Sites. International Journal of Advanced Engineering Research and Science, 2, 57-60.
