An Advanced Taxonomy for Social Engineering Attacks

Abstract: Rapid technological advancement has not only resulted in a change in the pace of economic development, but also led to increase in cyber-threats. A social engineering attack is one such threat where an attacker not only accesses critical information about a user through technology, but also through manipulation. Although the types of attacks are different i.e. social, physical, technical or socio-technical, the process is the same. This study creates an advanced taxonomy of social engineering attacks with the … Show more

“…But because these attacks are conducted in person and therefore, compare to software or computer-based attacks the number of targets in humanbased attacks is limited (Krombholz, 2015). Types of Humanbased attack techniques can be shoulder sniffing, persuading or dumpster diving (Aldawood and Skinner, 2020).…”

“…It is the process in which the attackers send messages or emails containing malicious content, but they make it look like they came from legitimate and trustworthy sources. The phishing emails and messages normally contain website links that direct victims to the website with malicious scripts (Aldawood and Skinner, 2020).…”

“…The message sent to the victim includes the information familiar to him. The attackers do this attack after doing proper research about the victim and making the message look like it came from an authentic source (Aldawood and Skinner, 2020).…”

“…As the companies use access cards or identity cards to get access into the building but attackers follow the person who has the access and when that person sees someone coming after him, in courtesy that person might hold the door for the one coming after him (attacker) and this way the attacker can easily get into the building. (Aldawood and Skinner, 2020). Or even if that person does not hold the door the attacker will try to enter before the door closes.…”

Social Engineering: Concepts, Techniques, and Security Countermeasures

“…But because these attacks are conducted in person and therefore, compare to software or computer-based attacks the number of targets in humanbased attacks is limited (Krombholz, 2015). Types of Humanbased attack techniques can be shoulder sniffing, persuading or dumpster diving (Aldawood and Skinner, 2020).…”

“…It is the process in which the attackers send messages or emails containing malicious content, but they make it look like they came from legitimate and trustworthy sources. The phishing emails and messages normally contain website links that direct victims to the website with malicious scripts (Aldawood and Skinner, 2020).…”

“…The message sent to the victim includes the information familiar to him. The attackers do this attack after doing proper research about the victim and making the message look like it came from an authentic source (Aldawood and Skinner, 2020).…”

“…As the companies use access cards or identity cards to get access into the building but attackers follow the person who has the access and when that person sees someone coming after him, in courtesy that person might hold the door for the one coming after him (attacker) and this way the attacker can easily get into the building. (Aldawood and Skinner, 2020). Or even if that person does not hold the door the attacker will try to enter before the door closes.…”

Social Engineering: Concepts, Techniques, and Security Countermeasures

“…The most common attacks, such as phishing, use the techniques of Social Engineering [10]. Social Engineering strategies deceive victims by taking data that are important for access to financial or other data by exploiting the trust, motives, habits, and behavior of individuals to manipulate them [11,12].…”

Are You a Soft Target for Cyber Attack? Drivers of Susceptibility to Social Engineering-Based Cyber Attack (SECA): A Case Study of Mobile Messaging Application

The Power of Persuasion: Exploring Social Engineering in the Digital Age