CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Social Engineering Attacks: A Clearer Perspective

by Samuel Adu-Gyimah, George Asante, Oliver Kufuor Boansi
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 184 - Number 8
Year of Publication: 2022
Authors: Samuel Adu-Gyimah, George Asante, Oliver Kufuor Boansi
10.5120/ijca2022922057

Samuel Adu-Gyimah, George Asante, Oliver Kufuor Boansi . Social Engineering Attacks: A Clearer Perspective. International Journal of Computer Applications. 184, 8 ( Apr 2022), 53-62. DOI=10.5120/ijca2022922057

@article{ 10.5120/ijca2022922057,
author = { Samuel Adu-Gyimah, George Asante, Oliver Kufuor Boansi },
title = { Social Engineering Attacks: A Clearer Perspective },
journal = { International Journal of Computer Applications },
issue_date = { Apr 2022 },
volume = { 184 },
number = { 8 },
month = { Apr },
year = { 2022 },
issn = { 0975-8887 },
pages = { 53-62 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume184/number8/32353-2022922057/ },
doi = { 10.5120/ijca2022922057 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:20:59.961963+05:30
%A Samuel Adu-Gyimah
%A George Asante
%A Oliver Kufuor Boansi
%T Social Engineering Attacks: A Clearer Perspective
%J International Journal of Computer Applications
%@ 0975-8887
%V 184
%N 8
%P 53-62
%D 2022
%I Foundation of Computer Science (FCS), NY, USA
Abstract

This modern time has seen a rise in technology and its associated tools. The rapid development of technology has also grown along with what the researchers termed as diabolic computing. The advancement of technology has moved along with security risks and threats. Cybercriminals are aware of the prospects that the internet has in connecting billions of people across the world. Their operations have also focused on the exploitation of users since humans are perceived to be the weakest link to every firm or establishment. This human exploitation and attacks are termed social engineering. The internet community is the biggest casualty of social engineering attacks. Social Engineering attacks are dangerous and can lead to financial losses, data losses, and even denial of service. These can affect an organization’s reputation. The effects of social engineering attacks are very treacherous. Some have long standing effects and can also result in the closedown of businesses. The study gives a clearer view of social engineering attacks. This view creates awareness of social engineering. This awareness helps to mitigate the various social engineering attacks. The study is focused on computer and internet users. The study reviewed the concept of social engineering, its various attack methods, and how to mitigate them. The study was concluded with a summary of SE attacks and appropriate countermeasures.

References
  1. M. O. Baseskioglu and A. Tepecik, “Cybersecurity, Computer Networks Phishing, Malware, Ransomware, and Social Engineering Anti-Piracy Reviews,” in HORA 2021 - 3rd International Congress on Human-Computer Interaction, Optimization and Robotic Applications, Proceedings, 2021, pp. 1–5, doi: 10.1109/HORA52,670.,2021.ApplApplications
  2. N. Klimburg-Witjes and A. Wentland, “Hacking Humans? Social Engineering and the Construction of the ‘Deficient User’ in Cybersecurity Discourses,” Technol. Hum. Values, vol. 46, no. 6, pp. 1316–1339, 2021, DOI: 10.1177/0162243921992844.
  3. S. Refaat, H. Q. Supervisor, and A. Y. Mahmoud, “Analysis and Evaluation of Cybersecurity Techniques for Social Engineering,” Al-Azhar Univ. Fac. Eng. Inf. Technol., 2019.
  4. H. Saini, Y. S. Rao, and T. C. Panda, “Cyber-Crimes and their Impacts : A Review,” Int. J. Eng. Res. Appl., vol. 2, no. 2, pp. 202–209, 2012.
  5. Y. Shah and S. Sengupta, “A survey on Classification of Cyber-attacks on IoT and IIoT devices,” in 2020 11th IEEE Annual Ubiquitous Computing, Electronics, and Mobile Communication Conference, UEMCON 2020, 2020, pp. 0406–0413, DOI: 10.1109/UEMCON51285.2020.9298138.
  6. K. Krombholz, H. Hobel, M. Huber, and E. Weippl, “Advanced social engineering attacks,” J. Inf. Secure. Appl., vol. 22, pp. 113–122, 2015, DOI: 10.1016/j.jisa.2014.09.005.
  7. H. Aldawood and G. Skinner, “An Advanced Taxonomy for Social Engineering Attacks,” Int. J. Comput. Appl., vol. 177, no. 30, pp. 1–11, 2020,DOI: 10.5120/ijca2020919744.
  8. I. Ghafir, V. Prenosil, A. Alhejailan, and M. Hammoudeh, Social engineering attack strategies and defense approaches. City, 2016.
  9. J. Garcia-Alfaro and G. Navarro-Arribas, “A Survey on Cross-Site Scripting Attacks,” May 2009. Accessed: Jan. 14, 2022. [Online]. Available: http://arxiv.org/abs/0905.4850.
  10. A. Yasin, R. Fatima, L. Liu, A. Yasin, and J. Wang, “Contemplating social engineering studies and attack scenarios: A review study,” Securer. Priv., vol. 2, no. 4, p. 4, 2019, DOI: 10.1002/spy2.73.
  11. S. Ali, N. Islam, A. Rauf, I. U. Din, M. Guizani, and J. J. P. C. Rodrigues, “Privacy and security issues in online social networks,” Futur. Internet, vol. 10, no. 12, p. 114, 2018, doi: 10.3390/fi10120114.
  12. H. Choi, B. B. Zhu, and H. Lee, “Detecting malicious web links and identifying their attack types,” WebApps, vol. 11, no. 11, p. 11, 2011, [Online]. Available: http://dl.acm.org/citation.cfm?id=2002168.2002179.
  13. S. Granger, “Social Engineering Fundamentals, Part I: Hacker Tactics | Symantec Connect,” Soc. Eng. Fundam., vol. 1527, pp. 1–17, 2001, [Online]. Available: https://d1wqtxts1xzle7.cloudfront.net/33172114/04SocialEngineeringWebQuest.pdf?1394377994=&response-content-disposition=inline%3B+filename%3D04Social_Engineering_Web_Quest.pdf&Expires=1606651137&Signature=It~KlzlbkZX6OTd9WUOJHkMjUSE6fNhWsnSF~M4YYmAAfn0Uns.
  14. H. Aldawood and G. Skinner, Educating and Raising Awareness on Cyber Security Social Engineering: A Literature Review. Australia: Wollongong, 2019.
  15. H. Aldawood and G. Skinner, “Analysis and Findings of Social Engineering Industry Experts Explorative Interviews: Perspectives on Measures, Tools, and Solutions,” IEEE Access, vol. 8, pp. 67321–67329, 2020, DOI: 10.1109/ACCESS.2020.2983280.
  16. W. Fan, K. Lwakatare, and R. Rong, “Social Engineering: I-E based Model of Human Weakness for Attack and Defense Investigations,” Int. J. Comput. Netw. Inf. Secur., vol. 9, no. 1, pp. 1–11, 2017, DOI: 10.5815/ijcnis.2017.01.01.
  17. J. M. Hatfield, “Social engineering in cybersecurity: The evolution of a concept,” Comput. Secur., vol. 73, pp. 102–113, 2018, doi: 10.1016/j.cose.2017.10.008.
  18. K. Ivaturi and L. Janczewski, A Taxonomy for Social Engineering attack A Taxonomy for Social Engineering attacks. Organizations, and People, City: Centre for Information Technology, 2011.
  19. K. F. Steinmetz, A. Pimentel, and W. R. Goe, “Performing social engineering: A qualitative study of information security deceptions,” Comput. Human Behav., vol. 124, p. 106930, 2021, DOI: 10.1016/j.chb.2021.106930.
  20. F. Salahdine and N. Kaabouch, “Social engineering attacks: A survey,” Futur. Internet, vol. 11, no. 4, 2019, doi: 10.3390/FI11040089.
  21. K. Ilgun, R. A. Kemmerer, and P. A. Porras, “State Transition Analysis: A Rule-Based Intrusion Detection Approach,” IEEE Trans. Softw. Eng., vol. 21, no. 3, pp. 181–199, 1995, doi: 10.1109/32.372146.
  22. M. T. Banday, J. A. Qadri, and N. A. Shah, “Study of Botnets and their threats to Internet Security,” 2009.
  23. B. Saha and A. B. an overview Gairola, “CERT-In White Paper,” CIWP-, vol. 240, p. 2005, 2005.
  24. “WordWeb Online Dictionary and Thesaurus.” https://www.wordwebonline.com/ (accessed Oct. 07, 2021).
  25. A. Shah and J. Griffin, “Analysis of Rootkits : Attack Approaches and Detection Mechanisms,” 2008.
  26. T. R. S. engineering: C. Peltier, “solutions,” Inf. Secur. J., vol. 15, no. 5, p. 13, 2006.
  27. A. Koyun, E. A. J.-J. of M. E. Science, and undefined 2017, “Social engineering attacks,” jmest.org, vol. 4, pp. 2458–9403, 2017, Accessed: Jan. 12, 2022. [Online]. Available: https://www.jmest.org/wp-content/uploads/JMESTN42352270.pdf.
  28. H. Aldawood and G. Skinner, “Reviewing cyber security social engineering training and awareness programs-pitfalls and ongoing issues,” Futur. Internet, vol. 11, no. 3, 2019, doi: 10.3390/fi11030073.
  29. D. Goel and A. K. Jain, “Mobile phishing attacks and defence mechanisms: State of art and open research challenges,” Comput. Secur., vol. 73, pp. 519–544, 2018, doi: 10.1016/j.cose.2017.12.006.
  30. A. Elhady and M. Email, Complete Cross-site Scripting Walkthrough is Dangerous. City, 2017.
  31. O. Toutonji and S. M. Yoo, “An approach against a computer worm attack,” Int. J. Commun. Networks Inf. Secur., vol. 1, no. 2, pp. 47–53, 2009, Accessed: Jan. 12, 2022. [Online]. Available: https://www.researchgate.net/profile/Seong-Moo-Yoo/publication/220178864_An_Approach_against_a_Computer_Worm_Attack/links/0912f511e4f158298c000000/An-Approach-against-a-Computer-Worm-Attack.pdf.
  32. B. Rajesh, Y. R. J. Reddy, and B. D. K. Reddy, “A Survey Paper on Malicious Computer Worms,” Int. J. Adv. Res. Comput. Sci. Technol., vol. 3, no. 2, pp. 161–167, 2015, Accessed: Jan. 12, 2022. [Online]. Available: http://www.ijarcst.com/doc/vol3issue2/ver2/brajesh.pdf.
  33. N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, “A taxonomy of computer worms,” WORM’03 - Proc. 2003 ACM Work. Rapid Malcode, pp. 11–18, 2003, doi: 10.1145/948187.948190.
  34. Y. Tang, J. Luo, B. Xiao, and G. Wei, “Concept, characteristics and defending mechanism of worms,” IEICE Trans. Inf. Syst., vol. E92-D, no. 5, pp. 799–809, 2009, DOI: 10.1587/transinf.E92.D.799.
  35. T. F. Stafford and A. S. Urbaczewski, “The ghost in the machine,” Commun. Assoc. Inf. Syst., vol. 14, no. 1, p. 49, 2004, doi: 10.17705/1cais.01415.
  36. G. M. W. Al-Saadoon, A. Professor, and H. M. Y. Al-Bayatti, “A Comparison of Trojan Virus Behavior in Linux and Windows Operating Systems,” World Comput. Sci. Inf. Technol. J., vol. 1, no. 3, pp. 56–62, May 2011, Accessed: Jan. 14, 2022. [Online]. Available: http://arxiv.org/abs/1105.1234.
  37. M. Chinta, J. Alaparthi, and E. Kodali, “A Study on Social Engineering Attacks and Defence Mechanisms,” Int. J. Comput. Sci. Inf. Secur., vol. 14, no. Icetcse, pp. 225–231, 2016, Accessed: Jan. 14, 2022. [Online]. Available: https://www.academia.edu/download/49624130/40_IJCSIS_ICETCSE2016_paper_84_pp._225-231.pdf.
  38. A. Kumar, M. Chaudhary, and N. Kumar, “Social Engineering Threats and Awareness: A Survey,” Eur. J. Adv. Eng. Technol., vol. 2, no. 11, pp. 15–19, 2015, Accessed: Jan. 14, 2022. [Online]. Available: www.ejaet.com.
  39. K. Krombholz, H. Hobel, M. Huber, and E. Weippl, “Social engineering attacks on the knowledge worker,” SIN 2013 - Proc. 6th Int. Conf. Secur. Inf. Networks, pp. 28–35, 2013, doi: 10.1145/2523514.2523596.
  40. D. Antonioli, G. Bernieri, and N. O. T. control Tippenhauer, “Design and implementation of botnets for cyber-physical attacks with cpsbot. arXiv,” 2018.
  41. I. I. Barankova, U. V. Mikhailova, and G. I. Lukyanov, “Software development and hardware means of hidden USB-keylogger devices identification,” J. Phys. Conf. Ser., vol. 1441, no. 1, 2020, DOI: 10.1088/1742-6596/1441/1/012032.
  42. S. A. Chandy and A. Jose, “An Approach to Disclose the Existence of Keylogger,” ijtrm.com, vol. 3, pp. 2348–9006, 2016, Accessed: Jan. 14, 2022. [Online]. Available: http://ijtrm.com/PublishedPaper/3Vol/Issue4/2016IJTRM420166493-730f5cc4-5781-4fc7-9c69-e351bfb1390d18384.pdf.
  43. A. de Almeida, “Rootkits-Detection and prevention,” 2008, Accessed: Jan. 14, 2022. [Online]. Available: https://vx-underground.org/papers/VXUG/VxHeavenPdfs/Rootkits - Detection and prevention.pdf.
  44. A. Shah and J. A. of rootkits Giffin, “Attack approaches and detection mechanisms,” 2008.
  45. S. Wang, J. Cao, X. He, K. Sun, and Q. Li, “When the Differences in Frequency Domain are Compensated: Understanding and Defeating Modulated Replay Attacks on Automatic Speech Recognition,” Proc. ACM Conf. Comput. Commun. Secur., pp. 1103–1119, Oct. 2020, doi: 10.1145/3372297.3417254.
  46. Z. K. Anjum and R. K. Swamy, “Spoofing and countermeasures for speaker verification: A review,” Proc. 2017 Int. Conf. Wirel. Commun. Signal Process. Networking, WiSPNET 2017, vol. 2018-Janua, pp. 467–471, 2018, doi: 10.1109/WiSPNET.2017.8299800.
  47. C. Yan, X. Ji, Y. Long, and W. Xu, “The catcher in the field: A field print-based spoofing detection for text-independent speaker verification,” Proc. ACM Conf. Comput. Commun. Secur., pp. 1215–1229, Nov. 2019, doi: 10.1145/3319535.3354248.
  48. N. Kapoor, Y. Kumar, and M. Sharma, “Security on Voice over Internet Protocol from Spoofing Attacks,” Int. J. Res., vol. 1, no. 10, pp. 1035–1043, 2014, Accessed: Jan. 14, 2022. [Online]. Available: http://edupediapublications.org/journals/index.php/ijr/article/view/928.
  49. U. Shaw and B. Sharma, “A Survey Paper on Voice over Internet Protocol (VOIP),” Int. J. Comput. Appl., vol. 139, no. 2, pp. 16–22, 2016, doi: 10.5120/ijca2016909112.
  50. G. Vennila, M. S. K. Manikandan, and M. N. Suresh, “Detection and prevention of spam over Internet telephony in Voice over Internet Protocol networks using Markov chain with incremental SVM,” Int. J. Commun. Syst., vol. 30, no. 11, Jul. 2017, doi: 10.1002/dac.3255.
  51. Y. Cho and G. Qu, “Detection and prevention of selective forwarding-based denial-of-service attacks in WSNs,” Int. J. Distrib. Sens. Networks, vol. 2013, 2013, doi: 10.1155/2013/205920.
  52. A. K. Jain and B. B. Gupta, “Feature based approach for detection of smishing messages in the mobile environment,” J. Inf. Technol. Res., vol. 12, no. 2, pp. 17–35, 2019, doi: 10.4018/JITR.2019040102.
  53. E. O. Yeboah-Boateng and P. M. Amanor, “Phishing, SMiShing&Vishing : An Assessment of Threats against Mobile Devices,” J. Emerg. Trends Comput. Inf. Sci., vol. 5, no. 4, pp. 297–307, 2014, Accessed: Jan. 17, 2022. [Online]. Available: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.682.2634&rep=rep1&type=pdf.
  54. Q. Cao, X. Yang, J. Yu, and C. Palow, “Uncovering large groups of active malicious accounts in online social networks,” Proc. ACM Conf. Comput. Commun. Security., pp. 477–488, 2014, doi: 10.1145/2660267.2660269.
  55. M. Fire, G. Katz, and Y. Elovici, “Strangers intrusion detection-detecting spammers and fake proles in social networks based on topology anomalies,” Human, pp. 26–39, 2012, Accessed: Jan. 17, 2022. [Online]. Available: http://ojs.scienceengineering.org/index.php/human/article/view/28.
  56. K. Krombholz, D. Merkl, and E. Weippl, “Fake identities in social media: A case study on the sustainability of the Facebook business model,” J. Serv. Sci. Res., vol. 4, no. 2, pp. 175–212, 2012, doi: 10.1007/s12927-012-0008-z.
  57. N. Usman Aijaz, M. Misbahuddin, and S. Raziuddin, “Survey on dns-specific security issues and solution approaches,” Lect. Notes Networks Syst., vol. 132, pp. 79–89, 2021, doi: 10.1007/978-981-15-5309-7_9.
  58. M. Janbeglou, M. Zamani, and S. Ibrahim, “Redirecting network traffic toward a fake DNS server on a LAN,” Proc. - 2010 3rd IEEE Int. Conf. Comput. Sci. Inf. Technol. ICCSIT 2010, vol. 2, pp. 429–433, 2010, doi: 10.1109/ICCSIT.2010.5565196.
  59. J. Military, “Technical Trends in Phishing Attacks,” Tech. Trends Phishing, pp. 1–17, 2005, Accessed: Jan. 17, 2022. [Online]. Available: https://resources.sei.cmu.edu/asset_files/WhitePaper/2005_019_001_50315.pdf.
  60. B. B. Gupta, A. Tewari, A. K. Jain, and D. P. Agrawal, “Fighting against phishing attacks: state of the art and future challenges,” Neural Comput. Appl., vol. 28, no. 12, pp. 3629–3654, Dec. 2017, doi: 10.1007/s00521-016-2275-y.
  61. S. Gangan, “A Review of Man-in-the-Middle Attacks,” Apr. 2015, Accessed: Jan. 17, 2022. [Online]. Available: http://arxiv.org/abs/1504.02115.
  62. N. Nikiforakis, Y. Younan, and W. Joosen, “HProxy: Client-side detection of SSL stripping attacks,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 6201 LNCS, pp. 200–218, 2010, doi: 10.1007/978-3-642-14215-4_12.
  63. O. Berthold, H. Federrath, and S. Kopsell, “Web MIXes: A system for anonymous and unobservabInternetnet access,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 2009, pp. 115–129, 2001, doi: 10.1007/3-540-44702-4_7.
  64. Z. Ramzan, “Phishing Attacks and Countermeasures,” Handb. Inf. Commun. secure, pp. 433–448, 2010, DOI: 10.1007/978-3-642-04117-4_23.
  65. R. S. Rao and A. R. Pais, “Jail-Phish: An improved search engine based phishing detection system,” Comput. Security., vol. 83, pp. 246–267, 2019, DOI: 10.1016/j.cose.2019.02.011.
  66. M. Thelwall and L. Hasler, “Blog search engines,” Online Inf. Rev., vol. 31, no. 4, pp. 467–479, 2007, DOI: 10.1108/14684520710780421.
  67. S. Khanna and H. Chaudhry, “Anatomy of compromising email accounts,” 2012 IEEE Int. Conf. Inf. Autom. ICIA 2012, pp. 640–645, 2012, DOI: 10.1109/ICInfA.2012.6246756.
  68. D. Geneiatakiset al., “Survey of security vulnerabilities in session initiation protocol,” IEEE Commun. Surv. Tutorials, vol. 8, no. 3, pp. 68–81, 2006, DOI: 10.1109/COMST.2006.253270.
  69. V.-L. Nguyen, P.-C. Lin, and R.-H. Hwang, “Preventing the attempts of abusing cheap-hosting Web-servers for monetization attacks,” Mar. 2019, Accessed: Jan. 18, 2022. [Online]. Available: http://arxiv.org/abs/1903.05470.
  70. M. Chinta, J. Alaparthi, and E. A. Kodali, “Study on Social Engineering Attacks and Defense Mechanisms, (2013),” Vol., vol. 1, no. 3, pp. 23–32, 2016, Accessed: Jan. 14, 2022. [Online]. Available: https://www.academia.edu/download/49624130/40_IJCSIS_ICETCSE2016_paper_84_pp._225-231.pdf.
  71. K. TanácsadóKft, “Social Engineering Audit and Security Awareness IT Risk Advisory Services,”
Index Terms

Computer Science
Information Sciences

Keywords

Cybercriminals Social Engineering cyber-attacks in-person technology-based mitigate Cyber Security

Powered by PhDFocusTM