Social Engineering 2.0: A Foundational Work: Invited Paper

During the past few years, social engineering has rapidly evolved and has become a mainstream technique in cybercrime and terrorism. It is used especially in targeted attacks involving complex human and technological exploits, aimed at deceiving humans and IT systems. Building on the work carried out in the DOGANA project, funded by the European Union, this paper provides an overview of the evolution and of the current landscape of social engineering, and introduces as its main contribution a theoretical model of how human exploits are built, named the Victim Communication Stack.

[1]  Sarah Granger,et al.  Social Engineering Fundamentals, Part I: Hacker Tactics , 2003 .

[2]  Alan F. Smeaton,et al.  Combining Social Network Analysis and Sentiment Analysis to Explore the Potential for Online Radicalisation , 2009, 2009 International Conference on Advances in Social Network Analysis and Mining.

[3]  Enrico Frumento,et al.  How the Evolution of Workforces Influences Cybercrime Strategies: The Example of Healthcare , 2016 .

[4]  I. Mann Hacking the Human: Social Engineering Techniques and Security Countermeasures , 2008 .

[5]  S. Blackmore The Meme Machine , 1999 .

[6]  Yue Xu,et al.  Social engineering in social networking sites: Affect-based model , 2013, 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013).

[7]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[8]  Douglas Otis,et al.  Operation Pawn Storm Using Decoys to Evade Detection , 2014 .

[9]  G. Farrell,et al.  OF TARGETS AND SUPERTARGETS: A ROUTINE ACTIVITY THEORY OF HIGH CRIME RATES , 2005 .

[10]  Aziz Mohaisen,et al.  The Landscape of Domain Name Typosquatting: Techniques and Countermeasures , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[11]  William L. Simon,et al.  The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders & Deceivers , 2005 .

[12]  E. Frumento,et al.  Pfeiffer An innovative and comprehensive framework for Social Vulnerability Assessment , 2014 .

[13]  Stewart Kowalski,et al.  Towards Automating Social Engineering Using Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.