Skip to main content
SpringerLink
Log in

A Taxonomy of Social Engineering Defense Mechanisms

  • Conference paper
  • First Online:
Advances in Information and Communication (FICC 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1130))

Included in the following conference series:

Abstract

Humans have become the weakest point in the information security chain, and social engineers take advantage of that fact. Social engineers manipulate people psychologically to convince them to divulge sensitive information or to perform malicious acts. Social engineering security attacks can be severe and difficult to detect. Therefore, to prevent these attacks, employees and their organizations should be aware of relevant defense mechanisms. This research develops a taxonomy of social engineering defense mechanisms that can be used to develop educational materials for use in various kinds of organizations. To develop the taxonomy, the authors conducted a systematic literature review of related research efforts and extracted the main target points of social engineers and the defense mechanisms regarding each target point.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Verizon 2018. 2018 data breach investigations report (2018)

    Google Scholar 

  2. Aldawood, H., Skinner, G.: An academic review of current industrial and commercial cyber security social engineering solutions. In: Proceedings of the 3rd International Conference on Cryptography, Security and Privacy, pp. 110–115. ACM (2019)

    Google Scholar 

  3. Applegate, S.D.: Social engineering: hacking the wetware! Inf. Secur. J.: Glob. Perspect. 18(1), 40–46 (2009)

    Google Scholar 

  4. Arachchilage, N.A.G., Love, S.: Security awareness of computer users: a phishing threat avoidance perspective. Comput. Hum. Behav. 38, 304–312 (2014)

    Article  Google Scholar 

  5. Aviv, A.J., Gibson, K.L., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. Woot 10, 1–7 (2010)

    Google Scholar 

  6. Bakhshi, T., Papadaki, M., Furnell, S.: A practical assessment of social engineering vulnerabilities. In: HAISA, pp. 12–23 (2008)

    Google Scholar 

  7. Berg, A.: Cracking a social engineer. LAN times (1995)

    Google Scholar 

  8. Beuran, R., Chinen, K., Tan, Y., Shinoda, Y.: Towards effective cybersecurity education and training (2016)

    Google Scholar 

  9. Chitrey, A., Singh, D., Singh, V.: A comprehensive study of social engineering based attacks in india to develop a conceptual model. Int. J. Inf. Netw. Secur. 1(2), 45 (2012)

    Google Scholar 

  10. Choi, M., Levy, Y., Hovav, A.: The role of user computer self-efficacy, cybersecurity countermeasures awareness, and cybersecurity skills influence on computer misuse. In: Proceedings of the Pre-International Conference of Information Systems (ICIS) SIGSEC–Workshop on Information Security and Privacy (WISP) (2013)

    Google Scholar 

  11. Fu, Z., Wu, S.F., Huang, H., Loh, K., Gong, F., Baldine, I., Xu, C.: IPSec/VPN security policy: correctness, conflict detection, and resolution. In: International Workshop on Policies for Distributed Systems and Networks, pp. 39–56. Springer, Heidelberg (2001)

    Google Scholar 

  12. Garba, A.B., Armarego, J., Murray, D., Kenworthy, W.: Review of the information security and privacy challenges in bring your own device (BYOD) environments. J. Inf. Privacy Secur. 11(1), 38–54 (2015)

    Article  Google Scholar 

  13. Ghafir, I., Prenosil, V., Alhejailan, A., Hammoudeh, M.: Social engineering attack strategies and defence approaches. In: 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), pp. 145–149. IEEE (2016)

    Google Scholar 

  14. Granger, S.: Social engineering fundamentals, part i: Hacker tactics. Security Focus, 18 December 2001

    Google Scholar 

  15. Greening, T.: Ask and ye shall receive: a study in “social engineering”. ACM SIGSAC Rev. 14(2), 8–14 (1996)

    Article  Google Scholar 

  16. Gupta, M., Sharman, R.: Social network theoretic framework for organizational social engineering susceptibility index. In: AMCIS 2006 Proceedings, p. 408 (2006)

    Google Scholar 

  17. Hadnagy, C.: Social Engineering: The Art of Human Hacking. Wiley, Indianapolis (2010)

    Google Scholar 

  18. Happ, C., Melzer, A., Steffgen, G.: Trick with treat-reciprocity increases the willingness to communicate personal data. Comput. Hum. Behav. 61, 372–377 (2016)

    Article  Google Scholar 

  19. Heartfield, R., Loukas, G.: A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Comput. Surv. (CSUR) 48(3), 37 (2016)

    Google Scholar 

  20. Herath, T., Rao, H.R.: Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decis. Supp. Syst. 47(2), 154–165 (2009)

    Google Scholar 

  21. Karakasiliotis, A., Furnell, S.M., Papadaki, M.: Assessing end-user awareness of social engineering and phishing (2006)

    Google Scholar 

  22. Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Advanced social engineering attacks. J. Inf. Secur. Appl. 22, 113–122 (2015)

    Google Scholar 

  23. Manske, K.: An introduction to social engineering. Inf. Syst. Secur. 9(5), 1–7 (2000)

    Article  Google Scholar 

  24. Medlin, B.D., Cazier, J.A., Foulk, D.P.: Analyzing the vulnerability of us hospitals to social engineering attacks: how many of your employees would share their password? Int. J. Inf. Secur. Privacy (IJISP), 2(3), 71–83 (2008)

    Google Scholar 

  25. Mouton, F., Malan, M.M., Leenen, L., Venter, H.S.: Social engineering attack framework. In: 2014 Information Security for South Africa, pp. 1–9. IEEE (2014)

    Google Scholar 

  26. Okoli, C., Schabram, K.: A guide to conducting a systematic literature review of information systems research (2010)

    Google Scholar 

  27. Orgill, G.L., Romney, G.W., Bailey, M.G., Orgill, P.M.: The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems. In: Proceedings of the 5th Conference on Information Technology Education, pp. 177–181. ACM (2004)

    Google Scholar 

  28. Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., Zwaans, T.: The human aspects of information security questionnaire (HAIS-Q): two further validation studies. Comput. Secur. 66, 40–51 (2017)

    Article  Google Scholar 

  29. Shane, S., Schmidt, M.S.: Hillary clinton emails take long path to controversy. The New York Times (2015)

    Google Scholar 

  30. Siponen, M.T., Iivari, J.: Is security design theory framework and six approaches to the application of ISPS and guidelines. J. Assoc. Inf. Syst. 7(7), 445–472 (2006)

    Google Scholar 

  31. Stoner, J.A.F.: Risky and cautious shifts in group decisions: the influence of widely held values. J. Exp. Soc. Psychol. 4(4), 442–459 (1968)

    Article  Google Scholar 

  32. Thapar, A.: Social engineering: An attack vector most intricate to tackle. CISSP: Infosec Writers (2007)

    Google Scholar 

  33. Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., Markov, Y., Comanescu, O., Eranti, V., Moscicki, A., et al.: Data breaches, phishing, or malware?: understanding the risks of stolen credentials. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1421–1434. ACM (2017)

    Google Scholar 

  34. Workman, M.: A test of interventions for security threats from social engineering. Inf. Manage. Comput. Secur. 16(5), 463–483 (2008)

    Article  Google Scholar 

Download references

Acknowledgment

The first author was supported by a generous fellowship from Shaqra University, Saudi Arabia. All errors and omissions are the responsibility of the authors alone.

Author information

Authors and Affiliations

  1. Computer Science Department, University of California, Irvine, USA

    Dalal N. Alharthi & Amelia C. Regan

  2. Software Engineering Department, Jordan University of Science and Technology, Irbid, Jordan

    Mahmoud M. Hammad

Authors
  1. Dalal N. Alharthi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mahmoud M. Hammad
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Amelia C. Regan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dalal N. Alharthi .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

  2. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Supriya Kapoor

  3. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Rahul Bhatia

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alharthi, D.N., Hammad, M.M., Regan, A.C. (2020). A Taxonomy of Social Engineering Defense Mechanisms. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Advances in Information and Communication. FICC 2020. Advances in Intelligent Systems and Computing, vol 1130. Springer, Cham. https://doi.org/10.1007/978-3-030-39442-4_3

Download citation

Publish with us

Policies and ethics

Search

Navigation