Toward understanding social engineering

There is no doubt that social engineering plays a vital role in compromising most security defenses, and in attacks on people, organizations, companies, or even governments. It is the art of deceiving and tricking people to reveal critical information or to perform an action that benefits the attacker in some way. Fraudulent and deceptive people have been using social engineering traps and tactics using information technology such as e-mails, social networks, web sites, and applications to trick victims into obeying them, accepting threats, and falling victim to various crimes and attacks such as phishing, sexual abuse, financial abuse, identity theft, impersonation, physical crime, and many other forms of attack. Although organizations, researchers, practitioners, and lawyers recognize the severe risk of social engineering-based threats, there is a severe lack of understanding and controlling of such threats. One side of the problem is perhaps the unclear concept of social engineering as well as the complexity of understand human behaviors in behaving toward, approaching, accepting, and failing to recognize threats or the deception behind them. The aim of this paper is to explain the definition of social engineering based on the related theories of the many related disciplines such as psychology, sociology, information technology, marketing, and behaviourism. We hope, by this work, to help researchers, practitioners, lawyers, and other decision makers to get a fuller picture of social engineering and, therefore, to open new directions of collaboration toward detecting and controlling it.

[1]  Jyh-Jeng Wu,et al.  Trust factors influencing virtual community members: A study of transaction communities , 2010 .

[2]  Sadie Creese,et al.  Trustworthy and effective communication of cybersecurity risks: A review , 2011, 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST).

[3]  Michael Workman,et al.  A test of interventions for security threats from social engineering , 2008, Inf. Manag. Comput. Secur..

[4]  C. Daniel Batson,et al.  More evidence that empathy is a source of altruistic motivation. , 1982 .

[5]  淳子 井上 Emotion and Reason in Consumer Behavior , 2007 .

[6]  Abdulrazzak Charbaji,et al.  Individuality, willingness to take risk, and use of a personal e‐card: A Lebanese study , 2005 .

[7]  W. Cannon The James-Lange theory of emotions: a critical examination and an alternative theory. By Walter B. Cannon, 1927. , 1927, American Journal of Psychology.

[8]  A. Jøsang,et al.  Trust and Reputation Management in Web-based Social Network , 2010 .

[9]  Michael Workman,et al.  Gaining Access with Social Engineering: An Empirical Study of the Threat , 2007, Inf. Secur. J. A Glob. Perspect..

[10]  D. Spalding The Principles of Psychology , 1873, Nature.

[11]  S. Grazioli Where Did They Go Wrong? An Analysis of the Failure of Knowledgeable Internet Consumers to Detect Deception Over the Internet , 2004 .

[12]  K. Fam,et al.  Trust and the online relationship—an exploratory study from New Zealand , 2004 .

[13]  Richard E. Petty,et al.  Source Credibility and Attitude Certainty: A Metacognitive Analysis of Resistance to Persuasion , 2004 .

[14]  M. Bateson,et al.  Cues of being watched enhance cooperation in a real-world setting , 2006, Biology Letters.

[15]  C. Daniel Batson,et al.  Negative-state relief and the empathy—altruism hypothesis. , 1989 .

[16]  E. Erikson,et al.  [Growth and crises of the healthy personality]. , 1953, Psyche.

[17]  John B. Watson,et al.  A schematic outline of the emotions. , 1919 .

[18]  Richard E Petty,et al.  Thought confidence as a determinant of persuasion: the self-validation hypothesis. , 2002, Journal of personality and social psychology.

[19]  David Landy,et al.  Liking a Person as a Function of Doing Him a Favour , 1969 .

[20]  Michael G. Bailey,et al.  The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems , 2004, CITC5 '04.

[21]  P. H. Munley,et al.  Erik Erikson's Theory of Psychosocial Development and Vocational Behavior. , 1975 .

[22]  I. Rosenstock Historical Origins of the Health Belief Model , 1974 .

[23]  J. Singer,et al.  Cognitive, social, and physiological determinants of emotional state. , 1962, Psychological review.

[24]  Stuart J. Barnes,et al.  Initial trust and online buyer behaviour , 2007, Ind. Manag. Data Syst..

[25]  X. Bosch The Lucifer Effect: Understanding How Good People Turn Evil , 2007 .

[26]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[27]  C. L. Hull The conflicting psychologies of learning—a way out. , 1935 .

[28]  Michael J. Baker,et al.  The Marketing Book , 2002 .

[29]  John S. Seiter,et al.  Persuasion: Social Inflence and Compliance Gaining , 2015 .

[30]  Judee K. Burgoon,et al.  An Investigation of Heuristics of Human Judgment in Detecting Deception and Potential Implications in Countering Social Engineering , 2007, 2007 IEEE Intelligence and Security Informatics.

[31]  R. Cialdini Influence: Science and Practice , 1984 .

[32]  S. Kerr On the folly of rewarding A, while hoping for B. , 1975, Academy of Management journal. Academy of Management.

[33]  Dejan Verčič,et al.  Public relations research : an international perspective , 1997 .

[34]  Chenghua Yan,et al.  Analysis of Influence for Social Engineering in Information Security Grade Test , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[35]  W. James II.—WHAT IS AN EMOTION ? , 1884 .

[36]  J. Burgoon,et al.  Interpersonal Deception Theory , 1996 .