Social engineering in the context of information security is the exploitation of human psychology to gain access into secure data. Human emotion can act as both a strength and a weakness. When it comes to the world booming with technology, human emotions which are completely unrelated to the matter is made to relate through social engineering. Social engineering employs ‘traps’ to pry on human emotion and its vulnerability, taking advantage of the flaws of human psychology. Information security breaches utilising social engineering techniques are vast, so that social engineering in this context is a topic which could not be neglected. This research paper presents an overview of social engineering attacks and suggested defence mechanisms. An introduction to social engineering attacks are given, with context to the current trends and related vulnerabilities. Main reasons for the spread of social engineering attacks in the current context are also presented. Attack frameworks are presented and defence approaches are proposed at the end.
[1]
Stewart Kowalski,et al.
The cycle of deception - a model of social engineering attacks, defenses and victims
,
2008,
HAISA.
[2]
D. Spence.
The art of deception
,
2013,
BMJ.
[3]
Christopher Hadnagy,et al.
Unmasking the Social Engineer: The Human Element of Security
,
2014
.
[4]
Christopher Hadnagy,et al.
Phishing Dark Waters: The Offensive and Defensive Sides of Malicious E-mails
,
2015
.
[5]
Hein S. Venter,et al.
Social engineering attack detection model: SEADM
,
2010,
2010 Information Security for South Africa.
[6]
I. Mann.
Hacking the Human: Social Engineering Techniques and Security Countermeasures
,
2008
.