A Comprehensive Taxonomy of Social Engineering Attacks and Defense Mechanisms: Toward Effective Mitigation Strategies

Social engineering (SE) attacks are a growing concern for organizations that rely on technology to protect sensitive data. Identifying and preventing these attacks can be challenging, as they frequently rely on manipulating human behavior rather than exploiting technical vulnerabilities. Although va...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2024, Vol.12, p.72224-72241
Main Authors: Zaoui, Mohamed, Yousra, Belfaik, Yassine, Sadqi, Yassine, Maleh, Karim, Ouazzane
Format: Article
Language:English
Subjects:
Classification
Computer crime
Computer security
Cybersecurity
Defense mechanisms
Literature reviews
Organizations
Passwords
Phishing
Security
social engineering
Social engineering (security)
social engineering attacks
social engineering measures
social engineering taxonomy
Standards organizations
Taxonomy
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Social engineering (SE) attacks are a growing concern for organizations that rely on technology to protect sensitive data. Identifying and preventing these attacks can be challenging, as they frequently rely on manipulating human behavior rather than exploiting technical vulnerabilities. Although various studies have explored SE attacks and their defense mechanisms, there remains a gap in the literature concerning the holistic and layered classification of these threats and countermeasures. To address this, we conducted a comprehensive literature survey to understand existing taxonomies and subsequently identified areas that required a more structured and exhaustive categorization. Based on the survey results, we propose a comprehensive taxonomy of SE attacks, classifying them based on three levels: environment, approaches, and mediums. Additionally, we present a taxonomy of social engineering countermeasures, encompassing both technical and non-technical solutions. The proposed taxonomies serve as a foundation for future research and offer organizations a valuable framework for developing effective strategies to detect, prevent, and respond to social engineering incidents.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2024.3403197