Skip to main content
SpringerLink
Log in

A Study on Social Engineering Attacks in Cybersecurity

  • Conference paper
  • First Online:
Innovations in Computer Science and Engineering

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 385))

Abstract

Due to improvements in data communication technology, humans can communicate with each other in the world instantly. Private and confidential information available on virtual community and e-services is not protected because of the absence of security procedures. Therefore, communication systems are more exposed and can be breached by malevolent users by means of social engineering attacks. These attacks are achieved by misleading people or organizations into performing activities that are advantageous to attackers or giving secret information like transaction codes, unique identification numbers, medical archives, and passwords. Social engineering attack is one of the major challenges in the field of security since it misuses the human inclination toward trust. This paper presents a detailed review on social engineering attacks, taxonomies, detection approaches, and prevention measures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 219.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 279.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Kalnin SR, Purin SJ, Alksnis G (2017) Security evaluation of wireless network access points. Appl Comput Syst 21:38–45

    Google Scholar 

  2. Pokrovskaia N (2017) Social engineering and digital technologies for the security of the social capital’ development. In: Proceedings of the international conference of quality management, transport and information security. Petersburg, Russia, pp 16–19, 24–30 Sept 2017

    Google Scholar 

  3. Aroyo AM, Rea F, Sandini G, Sciutti A (2018) Trust and social engineering in human robot interaction: will a robot make you disclose sensitive information, conform to its recommendations or gamble? IEEE Robot Autom Lett 3:3701–3708

    Article  Google Scholar 

  4. Arana M (2017) How much does a cyberattack cost companies?. Open Data Secur 1–4

    Google Scholar 

  5. Chargo M (2018) You’ve been hacked: how to better incentivize corporations to protect consumers’ data. Trans Tenn J Bus Law 20:115–143

    Google Scholar 

  6. Libicki M (2018) Could the issue of DPRK hacking benefit from benign neglect? Georg J Int Aff 19:83–89

    Article  Google Scholar 

  7. Costantino G, La Marra A, Martinelli F, Matteucci, I (2018) CANDY: a social engineering attack to leak information from infotainment system. In: Proceedings of the IEEE vehicular technology conference. Porto, Portugal, pp 1–5, 3–6 June 2018

    Google Scholar 

  8. Pavkovi´c N, Perkov L (2011) Social engineering toolkit—a systematic approach to social engineering. In: Proceedings of the 34th IEEE international convention MIPRO. Opatija, Croatia, pp 1485–1489, 23–27 May 2011

    Google Scholar 

  9. Breda F, Barbosa H, Morais T (2017) Social engineering and cyber security. In: Proceedings of the international conference on technology, education and development. Valencia, Spain, 6–8 Mar 2017

    Google Scholar 

  10. Atwell C, Blasi T, Hayajneh T (2016) Reverse TCP and social engineering attacks in the era of big data. In: Proceedings of the IEEE international conference of intelligent data and security. New York, NY, USA, pp 1–6, 9–10 Apr 2016

    Google Scholar 

  11. Mahmood U, Afzal T (2013) Security analytics: big data analytics for cyber security: a review of trends, techniques and tools. In: Proceedings of the IEEE national conference on information assurance. Rawalpindi, Pakistan, pp 129–134, 11–12 Dec 2013

    Google Scholar 

  12. Mouton F, Leenen L, Venter H (2016) Social engineering attack examples, templates and scenarios. Comput Secur 59:186–209

    Article  Google Scholar 

  13. Segovia L, Torres F, Rosillo M, Tapia E, Albarado F, Saltos D (2017) Social engineering as an attack vector for ransom ware. In: Proceedings of the conference on electrical engineering and information communication technology. Pucon, Chile, pp 1–6, 18–20 Oct 2017

    Google Scholar 

  14. Xiangyu L, Qiuyang L, Chandel S (2017) Social engineering and Insider threats. In: Proceedings of the international conference on cyber-enabled distributed computing and knowledge discovery. Nanjing, China, pp 25–34, 12–14 Oct 2017

    Google Scholar 

  15. Koyun A, Aljanaby E (2017) Social engineering attacks. J Multidiscip Eng Sci Technol 4:1–6

    Google Scholar 

  16. Patil P, Devale P (2016) A literature survey of phishing attack technique. Int J Adv Res Comput Commun Eng 5:198–200

    Google Scholar 

  17. Gupta S, Singhal A, Kapoor A (2016) A literature survey on social engineering attacks: phishing attack. In: Proceedings of the international conference on computing, communication, and automation. Noida, India, pp 537–540, 29–30 Apr 2016

    Google Scholar 

  18. Ghafir I (2015) Social engineering attack strategies and defense approaches. In: Proceedings of the IEEE international conference on future internet of things and cloud. Vienna, Austria, pp 1–5, 22–24 Aug 2016

    Google Scholar 

  19. Beckers K, Pape, S (2016) A serious game for eliciting social engineering security requirements. In: Proceedings of the international requirements engineering conference. Beijing, China, pp. 16–25, 12–16 Sept 2016

    Google Scholar 

  20. Ivaturi K, Janczewski L (2011) A taxonomy for social engineering attacks. In: Proceedings of the international conference on information resources management, centre for information technology, organizations, and people. Ontario, Canada, pp 1–12, 18–20 June 2011

    Google Scholar 

  21. Foozy CFM, Ahmad R, Abdollah MF, Yusof R, Mas’ud MZ (2011) Generic taxonomy of social engineering attack and defense mechanism for handheld computer study. In: Proceedings of the Malaysian Technical Universities international conference on engineering and technology. Batu Pahat, Malaysia, pp 1–6, 13–15 Nov 2011

    Google Scholar 

  22. Kaushalya SA, Randeniya RM, Liyanage AD (2018) An overview of social engineering in the context of information security. In: Proceedings of the 5th IEEE international conference on engineering technologies and applied sciences. Bangkok, Thailand, pp. 1–6, 22–23 Nov 2018

    Google Scholar 

  23. Chothia T, Stefan-Ioan P, Oultram M (2018) Phishing attacks: learning by doing. In: Proceedings of the USENIX workshop on advances in security education. Baltimore, MD, USA, pp 1–2, 13 Aug 2018

    Google Scholar 

  24. Lohani S (2019) Social engineering: hacking into humans. Int J Adv Stud Sci Res 5

    Google Scholar 

  25. Mohammed S, Apeh E (2016) A model for social engineering awareness program for schools. In: Proceedings of the IEEE international conference on software, knowledge, information management and applications. Abuja, Nigeria, pp 392–397, 4–7 Nov 2016

    Google Scholar 

  26. Smutz C, Stavrou A (2012) Malicious PDF detection using metadata and structural features. In: Proceedings of the 28th ACM annual computer security applications conference. Orlando, FL, USA, pp 239–248, 3–7 Dec 2012

    Google Scholar 

  27. Ho G, Sharma A, Javed M, Paxson V, Wagner D (2017) Detecting credential spear phishing in enterprise settings. In: Proceedings of the 26th USENIX security symposium, Vancouver. BC, Canada, pp 469–485, 15–17 Aug 2017

    Google Scholar 

  28. Abeywardana K, Tunnicliffe M (2016) A layered defense mechanism for a social engineering aware perimeter. In: Proceedings of the SAI computing conference. London, UK, pp 1054–1062, 13–15 July 2016

    Google Scholar 

  29. Barbosa RRR, Sadre R, Pras A (2013) Flow white listing in SCADA networks. Int J Crit Infrastruct Prot 6:150–158

    Article  Google Scholar 

  30. Suri RK, Tomar DS, Sahu DR (2012) An approach to perceive tab nabbing attack. Int J Sci Technol Res 1:1–4

    Google Scholar 

  31. Abramov M, Azarov A (2016) Social engineering attack modeling with the use of Bayesian networks. In: Proceedings of the IEEE international conference on soft computing and measurements. Petersburg, Russia, pp 58–60, 25–27 May 2016

    Google Scholar 

  32. Albladi S, Weir G (2016) Vulnerability to social engineering in social networks: a proposed user centric framework. In: Proceedings of the IEEE international conference on cybercrime and computer Forensic, Vancouver. BC, Canada, pp1–6, 12–14 June 2016

    Google Scholar 

  33. Bakhshi T (2017) Social engineering: revisiting end-user awareness and susceptibility to classic attack vectors. In: Proceedings of the IEEE international conference on emerging technology. Islamabad, Pakistan, pp. 1–6, 27–28 Dec 2017

    Google Scholar 

  34. Algarni A, Xu Y, Chan T (2016) Measuring source credibility of social engineering attackers on Facebook. In: Proceedings of the IEEE Hawaii international conference on system sciences. Koloa, HI, USA, pp 3686–3695, 5–8 Jan 2016

    Google Scholar 

  35. Nagrath P, Aneja S, Gupta N, Madria S (2016) Protocols for mitigating black hole attacks in delay tolerant networks. Wirel Netw 22:235–246

    Article  Google Scholar 

  36. Thomson KL, Niekerk JV (2018) Towards culturally sensitive policy: Africanizing approaches to prevent social engineering. Adv Sci Lett 24:2499–2503

    Article  Google Scholar 

  37. Ali B, Awad A (2018) Cyber and physical security vulnerability assessment for IoT-based smart homes. Sensors 18:817

    Article  Google Scholar 

  38. Smith A, Papadaki M, Furnell M (2013) Improving awareness of social engineering attacks. In: Proceedings of the 8th world conference on information security education and training. Auckland, New Zealand, pp 249–256, 8–10 July 2013

    Google Scholar 

  39. Campbell CC (2018) Solutions for counteracting human deception in social engineering attacks. Inf Technol People

    Google Scholar 

  40. Algarni A, Yue X, TaizaN C, Yu-Chu T (2013) Social engineering in social networking sites: affect-based model. In: Proceedings of the 8th IEEE international conference for internet technology and secured transactions. London, UK, pp 508– 515, 9–12 Dec 2013

    Google Scholar 

  41. Hadlington L (2018) The “human factor” in cybersecurity: exploring the accidental insider. In: Psychological and behavioral examinations in cyber security. IGI Global: Hershey, PA, USA, pp 46–63

    Google Scholar 

  42. Zulkurnain AU, Hamidy AKB, Husain AB, Chizari H (2015) Social engineering attack mitigation. Int J Math Comput Sci 1:188–198

    Google Scholar 

  43. Rashid A, Danezis G, Chivers H, Lupu E, Martin A, Lewis M, Peersman C (2018) Scoping the Cyber security body of knowledge. IEEE Secur Priv 16:96–102

    Article  Google Scholar 

  44. Parekh S, Parikh D, Kotak S, Sankhe S (2018) A new method for detection of phishing web- sites: URl detection. In: Proceedings of the second IEEE international conference on inventive communication and computational technologies. Coimbatore, India, pp 949–952, 20–21 Apr 2018

    Google Scholar 

  45. Andronio N, Zanero S, Maggi F (2015) Heldroid: dissecting and detecting mobile ransomware. In: Proceedings of the international springer workshop on recent advances in intrusion detection. Kyoto, Japan, pp 382–404, 2–4 Nov 2015

    Google Scholar 

  46. Anwar S, Mohamad Zain J, Zolkipli MF, Inayat Z, Khan S, Anthony B, Chang V (2017) From intrusion detection to an intrusion response system: fundamentals, requirements, and future directions. Algorithms 10:39

    Article  Google Scholar 

  47. Scaife N, Carter H, Traynor P, Butler KR (2016) Cryptolock (and drop it): stopping ransom- ware attacks on user data. In: Proceedings of the 2016 IEEE 36th international conference on distributed computing systems. Nara, Japan, pp 303–312, 27–30 June 2016

    Google Scholar 

  48. Brewer R (2016) Ransom-ware attacks: detection, prevention and cure. Netw Secur 9:5–9

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Guru Nanak Institutions Technical Campus, Hyderabad, Telangana State, India

    Chatti Subbalakshmi & Rishi Sayal

  2. Department of Computer Science and Engineering, East West Institute of Technology, Bengaluru, India

    Piyush Kumar Pareek

Authors
  1. Chatti Subbalakshmi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Piyush Kumar Pareek
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rishi Sayal
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Guru Nanak Institutions, Ibrahimpatnam, Telangana, India

    H. S. Saini

  2. Guru Nanak Institutions, Ibrahimpatnam, Telangana, India

    Rishi Sayal

  3. Jawaharlal Nehru Technological University, Hyderabad, India

    A. Govardhan

  4. Cloud Computing and Distributed Systems (CLOUDS) Laboratory, University of Melbourne, Melbourne, VIC, Australia

    Rajkumar Buyya

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Subbalakshmi, C., Pareek, P.K., Sayal, R. (2022). A Study on Social Engineering Attacks in Cybersecurity. In: Saini, H.S., Sayal, R., Govardhan, A., Buyya, R. (eds) Innovations in Computer Science and Engineering. Lecture Notes in Networks and Systems, vol 385. Springer, Singapore. https://doi.org/10.1007/978-981-16-8987-1_7

Download citation

Publish with us

Policies and ethics

Search

Navigation