An Advanced Taxonomy for Social Engineering Attacks
TLDR
This study creates an advanced taxonomy of social engineering attacks with the aim of facilitating the development and implementation of better prevention measures, stressing the importance of organizational awareness.Abstract:
Rapid technological advancement has not only resulted in a change in the pace of economic development, but also led to increase in cyber-threats. A social engineering attack is one such threat where an attacker not only accesses critical information about a user through technology, but also through manipulation. Although the types of attacks are different i.e. social, physical, technical or socio-technical, the process is the same. This study creates an advanced taxonomy of social engineering attacks with the aim of facilitating the development and implementation of better prevention measures, stressing the importance of organizational awareness.read more
Citations
More filters
Journal ArticleDOI
A Taxonomy for Threat Actors’ Delivery Techniques
TL;DR: This paper proposes a novel taxonomy for delivery techniques, which allows the detection of novel techniques and the identification of appropriate countermeasures, and significantly reduces the amount of effort needed to identify, analyze, and neutralize hostile activities from advanced threat actors, in particular their initial access stage.
Proceedings ArticleDOI
Triggering Empathy out of Malicious Intent: The Role of Empathy in Social Engineering Attacks
TL;DR: In this article , the tension between positive and negative aspects of empathy in HCI as it pertains to security-relevant behaviors is discussed. But they focus on the malicious ways in which empathy can be instrumentalized in social engineering and explore potential solutions (including the automated detection of empathy-triggering communication, or of empathetic communication on the part of a potential victim).
Journal ArticleDOI
Catch Me if You Can : "Delaying" as a Social Engineering Technique in the Post-Attack Phase
TL;DR: In this article , the authors conducted 17 narrative interviews with victims of cyber fraud and found that while it was seen to be important for victims to act immediately and to take countermeasures against attack, they often did not do so.
Journal ArticleDOI
Social Engineering Attacks in E-Government System: Detection and Prevention
TL;DR: The study identified phishing, Baiting, Pretexting, Quid Pro Quo, Honey Trap, Tail Gating, and Pharming as the major SEA techniques used to exploit E-government systems.
References
More filters
Proceedings ArticleDOI
A taxonomy of computer worms
TL;DR: A preliminary taxonomy based on worm target discovery and selection strategies, worm carrier mechanisms, worm activation, possible payloads, and plausible attackers who would employ a worm is described.
The Secure Sockets Layer (SSL) Protocol Version 3.0
TL;DR: This document specifies Version 3.0 of the Secure Sockets Layer protocol, a security protocol that provides communications privacy over the Internet that is designed to prevent eavesdropping, tampering, or message forgery.
Journal ArticleDOI
Advanced social engineering attacks
TL;DR: This paper provides a taxonomy of well-known social engineering attacks as well as a comprehensive overview of advanced socialengineering attacks on the knowledge worker.
Proceedings ArticleDOI
Uncovering Large Groups of Active Malicious Accounts in Online Social Networks
TL;DR: This work designs and implements a malicious account detection system called SynchroTrap that clusters user accounts according to the similarity of their actions and uncovers large groups of malicious accounts that act similarly at around the same time for a sustained period of time.