A Taxonomy for Social Engineering Attacks via Personal Devices

Aldawood, Hussain; Skinner, Geoffrey

doi:10.5120/ijca2019919411

Cited by 8 publications

(3 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposed taxonomy identifies various channels through which social engineering attacks can be performed, including instant messaging applications, email, social networks, physical actions, cloud services, voice-over-IP, and websites. The authors of [46] analyzed the vulnerabilities present in various personal devices, including mobile devices, desktops, and tablets. They proposed a taxonomy that classifies social engineering attacks based on the specific devices employed.…”

Section: A Taxonomies Of Se Attacksmentioning

confidence: 99%

A Comprehensive Taxonomy of Social Engineering Attacks and Defense Mechanisms: Toward Effective Mitigation Strategies

Zaoui,

Yousra,

Yassine

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Social engineering (SE) attacks are a growing concern for organizations that rely on technology to protect sensitive data. Identifying and preventing these attacks can be challenging, as they frequently rely on manipulating human behavior rather than exploiting technical vulnerabilities. Although various studies have explored SE attacks and their defense mechanisms, there remains a gap in the literature concerning the holistic and layered classification of these threats and countermeasures. To address this, we conducted a comprehensive literature survey to understand existing taxonomies and subsequently identified areas that required a more structured and exhaustive categorization. Based on the survey results, we propose a comprehensive taxonomy of SE attacks, classifying them based on three levels: environment, approaches, and mediums. Additionally, we present a taxonomy of social engineering countermeasures, encompassing both technical and non-technical solutions. The proposed taxonomies serve as a foundation for future research and offer organizations a valuable framework for developing effective strategies to detect, prevent, and respond to social engineering incidents.

show abstract

Section: A Taxonomies Of Se Attacksmentioning

confidence: 99%

A Comprehensive Taxonomy of Social Engineering Attacks and Defense Mechanisms: Toward Effective Mitigation Strategies

Zaoui,

Yousra,

Yassine

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Theoretical framework for SEA Theoretical framework for SEA by evaluating features of SEA-based on extant theories in the cognitive science. Koyun & Al Janabi (2017) [12] Aldawood & Skinner (2019) [13] Many studies focused on natural language processing (NLP) to detect potential SEAs. [14] proposed a chat-based SEA recognition by evaluation of specific purpose written text on social engineering domain.…”

Section: Internationalmentioning

confidence: 99%

“…PAGE 103 [10] broadly classified into Phishing, Baiting, Pretexting and Tailgating. Conceptual researches to provide an overview and taxonomy to classify SEA on knowledge workers [11], types and channel of attacks [12], and analysed identified methods of threats [13]. [4] 2.…”

Section: Introductionmentioning

confidence: 99%

Social Engineering Attacks in E-Government System: Detection and Prevention

Ahmed

2022

IJAEML

View full text Add to dashboard Cite

Purpose: E-Government system emerged as a novel public service provision platform that enables governance in an efficient and transparent manner globally. However, despite the success recorded so far by the increase in the use of information and communication technology (ICT) and E-government for public service provision. Social engineering attack (SEA) is one of the challenging information security attacks that prove to be difficult to tackle. This is because the attackers leverage on peoples’ weakness to exploit the system instead of technical vulnerabilities. Design/Methodology/Approach: This paper uses PESTLE (political, economic, social, technology, legal and environment) analysis to critically evaluate the external factors affecting SEAs in E-government system. Findings/Result: The study identified phishing, Baiting, Pretexting, Quid Pro Quo, Honey Trap, Tail Gating, and Pharming as the major SEA techniques used to exploit E-government systems. Furthermore, the author suggest training and awareness programme as the most effective way to detect as well as prevent SEA in E-government system. Users should be aware of the languages with terms requesting urgent response as well as unusual or unexpected situation in a suspicious messages or attachment as factors to detect SEA. Technical controls using natural language processes (NLP), security policies, multifactor authentication (MFA) as well as secured preservation of confidential information from suspicious users are some of the SEA preventive measures. Originality/Value: A flexible and efficient interaction among citizens, businesses and government organizations is a critical factor for successful E-Government system. SEA is one of major challenges affecting communications in E-government system that requires attention. In conclusion, studies toward technological approach for solution of SEA in E-government is recommended. Paper Type: Conceptual Research.

show abstract

Advanced Persistent Threat

Kumari,

Lee

2023

Machine Learning Applications

View full text Add to dashboard Cite

A Taxonomy for Social Engineering Attacks via Personal Devices

Cited by 8 publications

References 41 publications

A Comprehensive Taxonomy of Social Engineering Attacks and Defense Mechanisms: Toward Effective Mitigation Strategies

A Comprehensive Taxonomy of Social Engineering Attacks and Defense Mechanisms: Toward Effective Mitigation Strategies

Social Engineering Attacks in E-Government System: Detection and Prevention

Advanced Persistent Threat

Contact Info

Product

Resources

About