An Overview of Social Engineering
Social engineering preys on the fact that humans are the weakest link in information security. This article explains the social engineering model, outlines the two categories of social engineering attacks, and discusses techniques for preventing and mitigating social engineering.
The advancements in digital communication technology have made communication between humans more accessible and instant. However, personal and sensitive information may be available online through social networks and online services that lack the security measures to protect this information. Communication systems are vulnerable and can easily be penetrated by malicious users through social engineering attacks. These attacks aim at tricking individuals or enterprises into accomplishing actions that benefit attackers or providing them with sensitive data such as social security number, health records, and passwords. Social engineering is one of the biggest challenges facing network security because it exploits the natural human tendency to trust. This paper provides an in-depth survey about the social engineering attacks, their classifications, detection strategies, and prevention procedures.
Keywords: social engineering attacks; cyber security; phishing; vishing; spear phishing; scams; baiting; robocalls