TY - JOUR
T1 - Understanding and deciphering of social engineering attack scenarios
AU - Yasin, Affan
AU - Fatima, Rubia
AU - Liu, Lin
AU - Wang, Jianmin
AU - Ali, Raian
AU - Wei, Ziqi
PY - 2021/7
Y1 - 2021/7
N2 - Malicious scammers and social engineers are causing great harms to modern society, as they have led to the loss of data, information, money, and many more for individuals and companies. Knowledge about social engineering (SE) is wide-spread and it exits in non-academic papers and communication channels. Knowledge is mostly based on expert opinion and experience reports. Such knowledge, if articulated, can provide a valid source of knowledge and information. We performed the analysis of such sources, guided by academic principles around SE, and solicit existing SE scenarios from public awareness education materials, news stories, research literature, official advisories to public departments. We adopted grounded theory to extract the general knowledge behind SE, such as, attacking cycles, information gathering strategies, psychological principles, attack vectors, and so on. In this article, we aim to review and synthesize a body of knowledge (rationale and motivation of social engineers). The study aims to: (a) understand the rationale of social engineers; (b) capture the knowledge of SE attacks and extract important information from the sources; (c) propose an activity for counteracting SE attacks, and how it can be used in security education.
AB - Malicious scammers and social engineers are causing great harms to modern society, as they have led to the loss of data, information, money, and many more for individuals and companies. Knowledge about social engineering (SE) is wide-spread and it exits in non-academic papers and communication channels. Knowledge is mostly based on expert opinion and experience reports. Such knowledge, if articulated, can provide a valid source of knowledge and information. We performed the analysis of such sources, guided by academic principles around SE, and solicit existing SE scenarios from public awareness education materials, news stories, research literature, official advisories to public departments. We adopted grounded theory to extract the general knowledge behind SE, such as, attacking cycles, information gathering strategies, psychological principles, attack vectors, and so on. In this article, we aim to review and synthesize a body of knowledge (rationale and motivation of social engineers). The study aims to: (a) understand the rationale of social engineers; (b) capture the knowledge of SE attacks and extract important information from the sources; (c) propose an activity for counteracting SE attacks, and how it can be used in security education.
KW - Attack cycle
KW - Cyber-crime
KW - Cyber-security
KW - Education
KW - Human factors
KW - Human-centered
KW - i (iStar model)
KW - Information security
KW - Social engineering
UR - https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=hbku_researchportal&SrcAuth=WosAPI&KeyUT=WOS:000710531900001&DestLinkType=FullRecord&DestApp=WOS_CPL
U2 - 10.1002/spy2.161
DO - 10.1002/spy2.161
M3 - Article
SN - 2475-6725
VL - 4
JO - Security and Privacy
JF - Security and Privacy
IS - 4
M1 - e161
ER -