Despite the availability of advanced security
software and hardware mechanisms available, still, there has been a breach in
the defence system of an organization or individual. Social engineering mostly
targets the weakest link in the security system i.e. “Humans” for gaining access to sensitive information by
manipulating human psychology. Social engineering attacks are arduous to defend
as such attacks are not easily detected by available security software or
hardware. This article surveys recent studies on social engineering attacks
with discussion on the social engineering phases and categorizing the various
attacks into two groups. The main aim of this survey is to examine the various
social engineering attacks on individuals and countermeasures against social
engineering attacks are also discussed.
References
[1]
Winkler, I.S. and Dealy, B. (1995) Information Security Technology? Don’t Rely on It A Case Study in Social Engineering. 5th USENIX UNIX Security Symposium, Salt Lake City, 5-7 June 1995, 1.
[2]
Lohani, S. (2019) Social Engineering: Hacking into Humans. International Journal of Advanced Studies of Scientific Research, 4.
[3]
Kumar, A., Chaudhary, M. and Kumar, N. (2015) Social Engineering Threats and Awareness: A Survey. European Journal of Advances in Engineering and Technology, 2, 15-19.
[4]
Kaushalya, S.A.D.T.P., Randeniya, R.M.R.S.B. and Liyanage, A.D.S. (2018) An Overview of Social Engineering in the Context Of Information Security. 2018 IEEE 5th International Conference on Engineering Technologies and Applied Sciences (ICETAS), Bangkok, 22-23 November 2018, 1-6.
[5]
Zulkurnain, A.U., Hamidy, A.K.B.K., Husain, A.B. and Chizari, H. (2015). Social Engineering Attack Mitigation. International Journal of Mathematics and Computational Science, 1, 188-198.
[6]
Chitrey, A., Singh, D., Bag, M. and Singh, V. (2012) A Comprehensive Study of Social Engineering Based Attacks in India to Develop a Conceptual Model. International Journal of Information & Network Security, 1, 45-53.
[7]
Krombholz, K., Hobel, H., Huber, M. and Weippl, E. (2015). Advanced Social Engineering Attacks. Journal of Information Security and applications, 22, 113-122.
[8]
Weber, K., Schütz, A.E., Fertig, T. and Müller, N.H. (2020). Exploiting the Human Factor: Social Engineering Attacks on Cryptocurrency Users. In: Zaphiris, P. and Ioannou, A., Eds., Learning and Collaboration Technologies. Human and Technology Ecosystems. HCII 2020. Lecture Notes in Computer Science, Springer, Cham, 650-668.
[9]
Brook, C. (2017) Classic Ether Wallet Compromised via Social Engineering. https://threatpost.com/classic-ether-wallet-compromised-via-social-engineering/126657/
[10]
Breda, F., Barbosa, H. and Morais, T. (2017) Social Engineering and Cyber Security. Proceedings of the International Conference on Technology, Education and Development, Valencia, 6-8 March 2017, 4204-4211. http://dx.doi.org/10.21125/inted.2017.1008
[11]
Yasin, A., Fatima, R., Liu, L., Yasin, A. and Wang, J. (2019) Contemplating Social Engineering Studies and Attack Scenarios: A Review Study. Security and Privacy, 2, e73. https://doi.org/10.1002/spy2.73
[12]
Parthy, P.P. and Rajendran, G. (2019) Identification and Prevention of Social Engineering Attacks on an Enterprise. 2019 International Carnahan Conference on Security Technology, Chennai, 1-3 October 2019, 1-5. https://doi.org/10.1109/CCST.2019.8888441
[13]
Salahdine, F. and Kaabouch, N. (2019) Social Engineering Attacks: A Survey. Future Internet, 11, 89. https://doi.org/10.3390/fi11040089
[14]
Luo, X., Brody, R., Seazzu, A. and Burd, S. (2011) Social Engineering: The Neglected Human Factor for Information Security Management. Information Resources Management Journal, 24, 1-8. https://doi.org/10.4018/irmj.2011070101
[15]
Aldawood, H. and Skinner, G. (2018) Contemporary Cyber Security Social Engineering Solutions, Measures, Policies, Tools and Applications: A Critical Appraisal. 26th International Conference on Systems Engineering, Sydney, 8-20 December, 1-6. https://doi.org/10.1109/ICSENG.2018.8638166
[16]
Mouton, F., Teixeira, M. and Meyer, T. (2017) Benchmarking a Mobile Implementation of the Social Engineering Prevention Training Tool. 2017 Information Security for South Africa, Johannesburg, 16-17 August 2017, 106-116. https://doi.org/10.1109/ISSA.2017.8251782
[17]
Osuagwu, E.U., Chukwudebe, G.A., Salihu, T. and Chukwudebe, V.N. (2015) Mitigating Social Engineering for Improved Cybersecurity. 2015 International Conference on Cyberspace, Abuja, 4-7 November 2015, 91-100. https://doi.org/10.1109/CYBER-Abuja.2015.7360515
[18]
Edwards, M., Larson, R., Green, B., Rashid, A. and Baron, A. (2017) Panning for gold: Automatically Analysing Online Social Engineering Attack Surfaces. Computers & Security, 69, 18-34. https://doi.org/10.1016/j.cose.2016.12.013
[19]
Abdalla, I. (2018) Social Engineering Threat and Defense: A Literature Survey. Journal of Information Security, 9, 257-264. https://doi.org/10.4236/jis.2018.94018
[20]
Francois, M., Mercia, M., Louise, L. and Venter, H.S. (2014) Social Engineering Attack Framework. 2014 Information Security for South Africa, Johannesburg, 13-14 August 2014, 1-9. https://doi.org/10.1109/ISSA.2014.6950510
[21]
Social Engineer. The Social Engineering Framework. https://www.social-engineer.org/framework/information-gathering/
[22]
Hoxhunt. Social Engineering—What Is It and How to Prepare for It? https://www.hoxhunt.com/blog/social-engineering/
[23]
Thompson, S.T.C. (2006) Helping the Hacker? Library Information, Security, and Social Engineering. Information Technology and Libraries, 25, 222-225. https://doi.org/10.6017/ital.v25i4.3355
[24]
Hitachi Systems (2019) 10 Ways Businesses Can Prevent Social Engineering Attacks. https://www.hitachi-systems-security.com/blog/10-ways-businesses-can-prevent-social-engineering-attacks/
[25]
Whitney, L. (2020) How to Block Robocalls and Spam Calls. https://au.pcmag.com/apple-iphone-x/57316/how-to-block-robocalls-and-spam-calls
