CS406: Information Security

Currently, social engineering attacks are the biggest threats facing cybersecurity. According to the authors of, they can be detected but not stopped. Social engineers take advantage of victims to get sensitive information, which can be used for specific purposes or sold on the black market and dark web. With the Big Data advent, attackers use big data for capitalizing on valuable data for businesses purposes. They package up huge amounts of data to sell in bulk as goods of today’s markets.

Although social engineering attacks differ from each other, they have a common pattern with similar phases. The common pattern involves four phases: (1) collect information about the target; (2) develop relationship with the target; (3) exploit the available information and execute the attack; and (4) exit with no traces. Figure 1 illustrates the different stages of a social engineering attack.

Figure 1. Social engineering attack stages.

In the research phase, also called information gathering, the attacker selects a victim based on some requirements. In the hook phase, the attacker starts to gain the trust of the victim through direct contact or email communication. In the paly phase, the attacker influences the victim emotionally to provide sensitive information or perform security mistakes. In the out phase, the attacker quits without leaving any proof.