Contemplating social engineering studies and attack scenarios: A review study

The previous year has seen an enormous increase in the studies related to social engineering. This increase is partly due to increasing number of social engineering attacks and partly due to people's inability to identify the attack. Thus, it is of great importance to find solutions which are helpful for human to understand the social engineering attacks and scenarios. To address this, we have performed a literature review of studies (on social engineering) in top‐notch journals and conferences. In this paper, we have enlisted the types of attacks, and the persuasion techniques used by social engineers as listed in the literature. We also combined different theories which researchers tried to use to explain various activities of social engineers. Furthermore, we have mentioned that a better understanding of the social engineering attack scenarios can be done using thematic and game‐based analysis techniques. Preliminary empirical evaluation of the proposed game based method shows overall neutral results. Future extension and evaluation is needed for the proposed methods.

[1]  Amanda Nolen,et al.  Thematic analysis of qualitative research data: Is it as easy as it sounds? , 2018, Currents in pharmacy teaching & learning.

[2]  Tim Watson,et al.  Motivation and opportunity based model to reduce information security insider threats in organisations , 2018, J. Inf. Secur. Appl..

[3]  George Loukas,et al.  Detecting semantic social engineering attacks with the weakest link: Implementation and empirical evaluation of a human-as-a-security-sensor framework , 2018, Comput. Secur..

[4]  Joseph M. Hatfield Social engineering in cybersecurity: The evolution of a concept , 2018, Comput. Secur..

[5]  Ian Goldberg,et al.  Robot Social Engineering: Attacking Human Factors with Non-Human Actors , 2018, HRI.

[6]  Steven Furnell,et al.  Information security collaboration formation in organisations , 2017, IET Inf. Secur..

[7]  Jianmin Wang,et al.  Design and preliminary evaluation of a cyber Security Requirements Education Game (SREG) , 2017, Inf. Softw. Technol..

[8]  Taimur Bakhshi,et al.  Social engineering: Revisiting end-user awareness and susceptibility to classic attack vectors , 2017, 2017 13th International Conference on Emerging Technologies (ICET).

[9]  Seok-Won Lee,et al.  Social Engineering Based Security Requirements Elicitation Model for Advanced Persistent Threats , 2017, APRES.

[10]  Jack F. Bravo-Torres,et al.  Social engineering as an attack vector for ransomware , 2017, 2017 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies (CHILECON).

[11]  Maksim Abramov,et al.  Approach to Identifying of Employees Profiles in Websites of Social Networks Aimed to Analyze Social Engineering Vulnerabilities , 2017 .

[12]  Kristian Beckers,et al.  A Structured Comparison of Social Engineering Intelligence Gathering Tools , 2017, TrustBus.

[13]  Awais Rashid,et al.  Panning for gold: Automatically analysing online social engineering attack surfaces , 2017, Comput. Secur..

[14]  Andrea J. Cullen,et al.  A preliminary radicalisation framework based on social engineering techniques , 2017, 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA).

[15]  Vince Bruno,et al.  Exploring behavioral information security networks in an organizational context: An empirical case study , 2017, J. Inf. Secur. Appl..

[16]  Sebastian Pape,et al.  Social engineering defence mechanisms and counteracting training strategies , 2017, Inf. Comput. Secur..

[17]  Markus Jakobsson,et al.  Mind your SMSes: Mitigating social engineering in second factor authentication , 2017, Comput. Secur..

[18]  Kristian Beckers,et al.  A Serious Game for Eliciting Social Engineering Security Requirements , 2016, 2016 IEEE 24th International Requirements Engineering Conference (RE).

[19]  Mohammad Hammoudeh,et al.  Social Engineering Attack Strategies and Defence Approaches , 2016, 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud).

[20]  Varun Dutt,et al.  Cybersecurity: Effect of information availability in security games , 2016, 2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA).

[21]  Hein S. Venter,et al.  Social engineering attack examples, templates and scenarios , 2016, Comput. Secur..

[22]  Mathias Ekstedt,et al.  Shaping intention to resist social engineering through transformational leadership, information security culture and awareness , 2016, Comput. Secur..

[23]  Abhishek Singhal,et al.  A literature survey on social engineering attacks: Phishing attack , 2016, 2016 International Conference on Computing, Communication and Automation (ICCCA).

[24]  Nabie Y. Conteh,et al.  Cybersecurity:risks, vulnerabilities and countermeasures to prevent social engineering attacks , 2016 .

[25]  G. A. Chukwudebe,et al.  Mitigating social engineering for improved cybersecurity , 2015, 2015 International Conference on Cyberspace (CYBER-Abuja).

[26]  Hein S. Venter,et al.  Necessity for ethics in social engineering research , 2015, Comput. Secur..

[27]  Yue Xu,et al.  Susceptibility to Social Engineering in Social Networking Sites: The Case of Facebook , 2015, ICIS.

[28]  Ana Ferreira,et al.  Principles of Persuasion in Social Engineering and Their Use in Phishing , 2015, HCI.

[29]  Edgar R. Weippl,et al.  Advanced social engineering attacks , 2015, J. Inf. Secur. Appl..

[30]  Richard G. Brody,et al.  Flying under the radar: social engineering , 2012 .

[31]  Colin F. Camerer,et al.  Behavioral Game Theory:: Predicting Human Behavior in Strategic Situations , 2011 .

[32]  Tansu Alpcan,et al.  Network Security , 2010 .

[33]  Avinash Dixit,et al.  The Art of Strategy: A Game Theorist's Guide to Success in Business and Life , 2010 .

[34]  Johnny Saldaña,et al.  The Coding Manual for Qualitative Researchers , 2009 .

[35]  Colin Camerer Behavioral Game Theory: Experiments in Strategic Interaction , 2003 .

[36]  Kennedy Njenga,et al.  Social Media Information Security Threats: Anthropomorphic Emoji Analysis on Social Engineering , 2018 .

[37]  Marianne Junger,et al.  Priming and warnings are not effective to prevent social engineering attacks , 2017, Comput. Hum. Behav..

[38]  Edward Apeh,et al.  A model for social engineering awareness program for schools , 2016, 2016 10th International Conference on Software, Knowledge, Information Management & Applications (SKIMA).

[39]  Karen Renaud,et al.  The Design and Evaluation of an Interactive Social Engineering Training Programme , 2016, HAISA.

[40]  Kristian Beckers,et al.  Analysis of Social Engineering Threats with Attack Graphs , 2014, DPM/SETOP/QASA.