2015
DOI: 10.1145/2835375
|View full text |Cite
|
Sign up to set email alerts
|

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

Abstract: Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
90
0
1

Year Published

2016
2016
2023
2023

Publication Types

Select...
4
3
1

Relationship

2
6

Authors

Journals

citations
Cited by 149 publications
(91 citation statements)
references
References 110 publications
(115 reference statements)
0
90
0
1
Order By: Relevance
“…Most related studies have been constrained by small sample sizes and predictors that are difficult to generalise across a multitude of semantic attacks. To some extent, this is due to the fact that most researchers focus only on phishing attacks, which is only one section of the problem space [1]. Specialised training systems have been shown to work well [11], as well as technical models combining demographic and behavioural attributes [31], but they are application-specific and do not consider other deception vectors that might be employed in semantic attacks.…”
Section: Predicting Susceptibility a Related Workmentioning
confidence: 99%
See 2 more Smart Citations
“…Most related studies have been constrained by small sample sizes and predictors that are difficult to generalise across a multitude of semantic attacks. To some extent, this is due to the fact that most researchers focus only on phishing attacks, which is only one section of the problem space [1]. Specialised training systems have been shown to work well [11], as well as technical models combining demographic and behavioural attributes [31], but they are application-specific and do not consider other deception vectors that might be employed in semantic attacks.…”
Section: Predicting Susceptibility a Related Workmentioning
confidence: 99%
“…Semantic social engineering attacks target the user-computer interface in order to deceive a user into performing an action that will breach a system's information security [1]. On any system, the user interface is always vulnerable to abuse by authorised users, with or without their knowledge.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…Another recent novel taxonomy of SE attacks was proposed by Heartfield and Loukas [15]. It adopts three distinct control stages-orchestration, exploitation and execution, as the basic categories of the taxonomy.…”
Section: A Social Engineering Taxonomiesmentioning
confidence: 99%
“…Specifically, in relation to social media, it is particularly important to be able to tell to what extent users can correctly detect and report deception-based security threats (R. Heartfield and G. Loukas, 2016). In this respect, the related work on user susceptibility to phishing and other semantic social engineering attacks is highly relevant.…”
Section: Related Workmentioning
confidence: 99%