Abstract
Due to improvements in data communication technology, humans can communicate with each other in the world instantly. Private and confidential information available on virtual community and e-services is not protected because of the absence of security procedures. Therefore, communication systems are more exposed and can be breached by malevolent users by means of social engineering attacks. These attacks are achieved by misleading people or organizations into performing activities that are advantageous to attackers or giving secret information like transaction codes, unique identification numbers, medical archives, and passwords. Social engineering attack is one of the major challenges in the field of security since it misuses the human inclination toward trust. This paper presents a detailed review on social engineering attacks, taxonomies, detection approaches, and prevention measures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Kalnin SR, Purin SJ, Alksnis G (2017) Security evaluation of wireless network access points. Appl Comput Syst 21:38–45
Pokrovskaia N (2017) Social engineering and digital technologies for the security of the social capital’ development. In: Proceedings of the international conference of quality management, transport and information security. Petersburg, Russia, pp 16–19, 24–30 Sept 2017
Aroyo AM, Rea F, Sandini G, Sciutti A (2018) Trust and social engineering in human robot interaction: will a robot make you disclose sensitive information, conform to its recommendations or gamble? IEEE Robot Autom Lett 3:3701–3708
Arana M (2017) How much does a cyberattack cost companies?. Open Data Secur 1–4
Chargo M (2018) You’ve been hacked: how to better incentivize corporations to protect consumers’ data. Trans Tenn J Bus Law 20:115–143
Libicki M (2018) Could the issue of DPRK hacking benefit from benign neglect? Georg J Int Aff 19:83–89
Costantino G, La Marra A, Martinelli F, Matteucci, I (2018) CANDY: a social engineering attack to leak information from infotainment system. In: Proceedings of the IEEE vehicular technology conference. Porto, Portugal, pp 1–5, 3–6 June 2018
Pavkovi´c N, Perkov L (2011) Social engineering toolkit—a systematic approach to social engineering. In: Proceedings of the 34th IEEE international convention MIPRO. Opatija, Croatia, pp 1485–1489, 23–27 May 2011
Breda F, Barbosa H, Morais T (2017) Social engineering and cyber security. In: Proceedings of the international conference on technology, education and development. Valencia, Spain, 6–8 Mar 2017
Atwell C, Blasi T, Hayajneh T (2016) Reverse TCP and social engineering attacks in the era of big data. In: Proceedings of the IEEE international conference of intelligent data and security. New York, NY, USA, pp 1–6, 9–10 Apr 2016
Mahmood U, Afzal T (2013) Security analytics: big data analytics for cyber security: a review of trends, techniques and tools. In: Proceedings of the IEEE national conference on information assurance. Rawalpindi, Pakistan, pp 129–134, 11–12 Dec 2013
Mouton F, Leenen L, Venter H (2016) Social engineering attack examples, templates and scenarios. Comput Secur 59:186–209
Segovia L, Torres F, Rosillo M, Tapia E, Albarado F, Saltos D (2017) Social engineering as an attack vector for ransom ware. In: Proceedings of the conference on electrical engineering and information communication technology. Pucon, Chile, pp 1–6, 18–20 Oct 2017
Xiangyu L, Qiuyang L, Chandel S (2017) Social engineering and Insider threats. In: Proceedings of the international conference on cyber-enabled distributed computing and knowledge discovery. Nanjing, China, pp 25–34, 12–14 Oct 2017
Koyun A, Aljanaby E (2017) Social engineering attacks. J Multidiscip Eng Sci Technol 4:1–6
Patil P, Devale P (2016) A literature survey of phishing attack technique. Int J Adv Res Comput Commun Eng 5:198–200
Gupta S, Singhal A, Kapoor A (2016) A literature survey on social engineering attacks: phishing attack. In: Proceedings of the international conference on computing, communication, and automation. Noida, India, pp 537–540, 29–30 Apr 2016
Ghafir I (2015) Social engineering attack strategies and defense approaches. In: Proceedings of the IEEE international conference on future internet of things and cloud. Vienna, Austria, pp 1–5, 22–24 Aug 2016
Beckers K, Pape, S (2016) A serious game for eliciting social engineering security requirements. In: Proceedings of the international requirements engineering conference. Beijing, China, pp. 16–25, 12–16 Sept 2016
Ivaturi K, Janczewski L (2011) A taxonomy for social engineering attacks. In: Proceedings of the international conference on information resources management, centre for information technology, organizations, and people. Ontario, Canada, pp 1–12, 18–20 June 2011
Foozy CFM, Ahmad R, Abdollah MF, Yusof R, Mas’ud MZ (2011) Generic taxonomy of social engineering attack and defense mechanism for handheld computer study. In: Proceedings of the Malaysian Technical Universities international conference on engineering and technology. Batu Pahat, Malaysia, pp 1–6, 13–15 Nov 2011
Kaushalya SA, Randeniya RM, Liyanage AD (2018) An overview of social engineering in the context of information security. In: Proceedings of the 5th IEEE international conference on engineering technologies and applied sciences. Bangkok, Thailand, pp. 1–6, 22–23 Nov 2018
Chothia T, Stefan-Ioan P, Oultram M (2018) Phishing attacks: learning by doing. In: Proceedings of the USENIX workshop on advances in security education. Baltimore, MD, USA, pp 1–2, 13 Aug 2018
Lohani S (2019) Social engineering: hacking into humans. Int J Adv Stud Sci Res 5
Mohammed S, Apeh E (2016) A model for social engineering awareness program for schools. In: Proceedings of the IEEE international conference on software, knowledge, information management and applications. Abuja, Nigeria, pp 392–397, 4–7 Nov 2016
Smutz C, Stavrou A (2012) Malicious PDF detection using metadata and structural features. In: Proceedings of the 28th ACM annual computer security applications conference. Orlando, FL, USA, pp 239–248, 3–7 Dec 2012
Ho G, Sharma A, Javed M, Paxson V, Wagner D (2017) Detecting credential spear phishing in enterprise settings. In: Proceedings of the 26th USENIX security symposium, Vancouver. BC, Canada, pp 469–485, 15–17 Aug 2017
Abeywardana K, Tunnicliffe M (2016) A layered defense mechanism for a social engineering aware perimeter. In: Proceedings of the SAI computing conference. London, UK, pp 1054–1062, 13–15 July 2016
Barbosa RRR, Sadre R, Pras A (2013) Flow white listing in SCADA networks. Int J Crit Infrastruct Prot 6:150–158
Suri RK, Tomar DS, Sahu DR (2012) An approach to perceive tab nabbing attack. Int J Sci Technol Res 1:1–4
Abramov M, Azarov A (2016) Social engineering attack modeling with the use of Bayesian networks. In: Proceedings of the IEEE international conference on soft computing and measurements. Petersburg, Russia, pp 58–60, 25–27 May 2016
Albladi S, Weir G (2016) Vulnerability to social engineering in social networks: a proposed user centric framework. In: Proceedings of the IEEE international conference on cybercrime and computer Forensic, Vancouver. BC, Canada, pp1–6, 12–14 June 2016
Bakhshi T (2017) Social engineering: revisiting end-user awareness and susceptibility to classic attack vectors. In: Proceedings of the IEEE international conference on emerging technology. Islamabad, Pakistan, pp. 1–6, 27–28 Dec 2017
Algarni A, Xu Y, Chan T (2016) Measuring source credibility of social engineering attackers on Facebook. In: Proceedings of the IEEE Hawaii international conference on system sciences. Koloa, HI, USA, pp 3686–3695, 5–8 Jan 2016
Nagrath P, Aneja S, Gupta N, Madria S (2016) Protocols for mitigating black hole attacks in delay tolerant networks. Wirel Netw 22:235–246
Thomson KL, Niekerk JV (2018) Towards culturally sensitive policy: Africanizing approaches to prevent social engineering. Adv Sci Lett 24:2499–2503
Ali B, Awad A (2018) Cyber and physical security vulnerability assessment for IoT-based smart homes. Sensors 18:817
Smith A, Papadaki M, Furnell M (2013) Improving awareness of social engineering attacks. In: Proceedings of the 8th world conference on information security education and training. Auckland, New Zealand, pp 249–256, 8–10 July 2013
Campbell CC (2018) Solutions for counteracting human deception in social engineering attacks. Inf Technol People
Algarni A, Yue X, TaizaN C, Yu-Chu T (2013) Social engineering in social networking sites: affect-based model. In: Proceedings of the 8th IEEE international conference for internet technology and secured transactions. London, UK, pp 508– 515, 9–12 Dec 2013
Hadlington L (2018) The “human factor” in cybersecurity: exploring the accidental insider. In: Psychological and behavioral examinations in cyber security. IGI Global: Hershey, PA, USA, pp 46–63
Zulkurnain AU, Hamidy AKB, Husain AB, Chizari H (2015) Social engineering attack mitigation. Int J Math Comput Sci 1:188–198
Rashid A, Danezis G, Chivers H, Lupu E, Martin A, Lewis M, Peersman C (2018) Scoping the Cyber security body of knowledge. IEEE Secur Priv 16:96–102
Parekh S, Parikh D, Kotak S, Sankhe S (2018) A new method for detection of phishing web- sites: URl detection. In: Proceedings of the second IEEE international conference on inventive communication and computational technologies. Coimbatore, India, pp 949–952, 20–21 Apr 2018
Andronio N, Zanero S, Maggi F (2015) Heldroid: dissecting and detecting mobile ransomware. In: Proceedings of the international springer workshop on recent advances in intrusion detection. Kyoto, Japan, pp 382–404, 2–4 Nov 2015
Anwar S, Mohamad Zain J, Zolkipli MF, Inayat Z, Khan S, Anthony B, Chang V (2017) From intrusion detection to an intrusion response system: fundamentals, requirements, and future directions. Algorithms 10:39
Scaife N, Carter H, Traynor P, Butler KR (2016) Cryptolock (and drop it): stopping ransom- ware attacks on user data. In: Proceedings of the 2016 IEEE 36th international conference on distributed computing systems. Nara, Japan, pp 303–312, 27–30 June 2016
Brewer R (2016) Ransom-ware attacks: detection, prevention and cure. Netw Secur 9:5–9
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Subbalakshmi, C., Pareek, P.K., Sayal, R. (2022). A Study on Social Engineering Attacks in Cybersecurity. In: Saini, H.S., Sayal, R., Govardhan, A., Buyya, R. (eds) Innovations in Computer Science and Engineering. Lecture Notes in Networks and Systems, vol 385. Springer, Singapore. https://doi.org/10.1007/978-981-16-8987-1_7
Download citation
DOI: https://doi.org/10.1007/978-981-16-8987-1_7
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-8986-4
Online ISBN: 978-981-16-8987-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)