Premium
Understanding and deciphering of social engineering attack scenarios
Author(s) -
Yasin Affan,
Fatima Rubia,
Liu Lin,
Wang Jianmin,
Ali Raian,
Wei Ziqi
Publication year - 2021
Publication title -
security and privacy
Language(s) - English
Resource type - Journals
ISSN - 2475-6725
DOI - 10.1002/spy2.161
Subject(s) - social engineering (security) , public opinion , body of knowledge , social knowledge , computer science , knowledge engineering , computer security , knowledge management , internet privacy , engineering ethics , public relations , data science , engineering , political science , sociology , social science , politics , law
Malicious scammers and social engineers are causing great harms to modern society, as they have led to the loss of data, information, money, and many more for individuals and companies. Knowledge about social engineering (SE) is wide‐spread and it exits in non‐academic papers and communication channels. Knowledge is mostly based on expert opinion and experience reports. Such knowledge, if articulated, can provide a valid source of knowledge and information. We performed the analysis of such sources, guided by academic principles around SE, and solicit existing SE scenarios from public awareness education materials, news stories, research literature, official advisories to public departments. We adopted grounded theory to extract the general knowledge behind SE, such as, attacking cycles, information gathering strategies, psychological principles, attack vectors, and so on. In this article, we aim to review and synthesize a body of knowledge (rationale and motivation of social engineers). The study aims to: (a) understand the rationale of social engineers; (b) capture the knowledge of SE attacks and extract important information from the sources; (c) propose an activity for counteracting SE attacks, and how it can be used in security education.