Loading…
Social engineering attack examples, templates and scenarios
The field of information security is a fast-growing discipline. Even though the effectiveness of security measures to protect sensitive information is increasing, people remain susceptible to manipulation and thus the human element remains a weak link. A social engineering attack targets this weakne...
Saved in:
| Published in: | Computers & security 2016-06, Vol.59, p.186-209 |
|---|---|
| Main Authors: | , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c405t-bf2f6cac5b194f16592523f286337e914f7a66846ef5adb820a4aacb6cfda0c83 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c405t-bf2f6cac5b194f16592523f286337e914f7a66846ef5adb820a4aacb6cfda0c83 |
| container_end_page | 209 |
| container_issue | |
| container_start_page | 186 |
| container_title | Computers & security |
| container_volume | 59 |
| creator | Mouton, Francois Leenen, Louise Venter, H.S. |
| description | The field of information security is a fast-growing discipline. Even though the effectiveness of security measures to protect sensitive information is increasing, people remain susceptible to manipulation and thus the human element remains a weak link. A social engineering attack targets this weakness by using various manipulation techniques to elicit sensitive information. The field of social engineering is still in its early stages with regard to formal definitions, attack frameworks and templates of attacks. This paper proposes detailed social engineering attack templates that are derived from real-world social engineering examples. Current documented examples of social engineering attacks do not include all the attack steps and phases. The proposed social engineering attack templates attempt to alleviate the problem of limited documented literature on social engineering attacks by mapping the real-world examples to the social engineering attack framework. Mapping several similar real-world examples to the social engineering attack framework allows one to establish a detailed flow of the attack whilst abstracting subjects and objects. This mapping is then utilised to propose the generalised social engineering attack templates that are representative of real-world examples, whilst still being general enough to encompass several different real-world examples. The proposed social engineering attack templates cover all three types of communication, namely bidirectional communication, unidirectional communication and indirect communication. In order to perform comparative studies of different social engineering models, processes and frameworks, it is necessary to have a formalised set of social engineering attack scenarios that are fully detailed in every phase and step of the process. The social engineering attack templates are converted to social engineering attack scenarios by populating the template with both subjects and objects from real-world examples whilst still maintaining the detailed flow of the attack as provided in the template. Furthermore, this paper illustrates how the social engineering attack scenarios are applied to verify a social engineering attack detection model. These templates and scenarios can be used by other researchers to either expand on, use for comparative measures, create additional examples or evaluate models for completeness. Additionally, the proposed social engineering attack templates can also be used to develop social |
| doi_str_mv | 10.1016/j.cose.2016.03.004 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1816031155</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404816300268</els_id><sourcerecordid>1816031155</sourcerecordid><originalsourceid>FETCH-LOGICAL-c405t-bf2f6cac5b194f16592523f286337e914f7a66846ef5adb820a4aacb6cfda0c83</originalsourceid><addsrcrecordid>eNp9kD9PwzAQxS0EEqXwBZgisTCQcHYcxxUsqOKfVIkBmK2Lc64c0qTYKYJvT0qZGJjuSfd7p3ePsVMOGQeuLpvM9pEyMeoM8gxA7rEJ16VIlQC9zybjokwlSH3IjmJsAHiptJ6wq-feemwT6pa-Iwq-WyY4DGjfEvrE1bqleJEMNAocKCbY1Um01GHwfTxmBw7bSCe_c8pe725f5g_p4un-cX6zSK2EYkgrJ5yyaIuKz6TjqpiJQuROaJXnJc24dCUqpaUiV2BdaQEoEW2lrKsRrM6n7Hx3dx369w3Fwaz8GKJtsaN-Ew3XXEHOeVGM6NkftOk3oRvTGV7qslQiBzlSYkfZ0McYyJl18CsMX4aD2fZpGrPt02z7NJAb-DFd70w0vvrhKZhoPXWWah_IDqbu_X_2b2txfcU</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1787762304</pqid></control><display><type>article</type><title>Social engineering attack examples, templates and scenarios</title><source>ScienceDirect Journals</source><creator>Mouton, Francois ; Leenen, Louise ; Venter, H.S.</creator><creatorcontrib>Mouton, Francois ; Leenen, Louise ; Venter, H.S.</creatorcontrib><description>The field of information security is a fast-growing discipline. Even though the effectiveness of security measures to protect sensitive information is increasing, people remain susceptible to manipulation and thus the human element remains a weak link. A social engineering attack targets this weakness by using various manipulation techniques to elicit sensitive information. The field of social engineering is still in its early stages with regard to formal definitions, attack frameworks and templates of attacks. This paper proposes detailed social engineering attack templates that are derived from real-world social engineering examples. Current documented examples of social engineering attacks do not include all the attack steps and phases. The proposed social engineering attack templates attempt to alleviate the problem of limited documented literature on social engineering attacks by mapping the real-world examples to the social engineering attack framework. Mapping several similar real-world examples to the social engineering attack framework allows one to establish a detailed flow of the attack whilst abstracting subjects and objects. This mapping is then utilised to propose the generalised social engineering attack templates that are representative of real-world examples, whilst still being general enough to encompass several different real-world examples. The proposed social engineering attack templates cover all three types of communication, namely bidirectional communication, unidirectional communication and indirect communication. In order to perform comparative studies of different social engineering models, processes and frameworks, it is necessary to have a formalised set of social engineering attack scenarios that are fully detailed in every phase and step of the process. The social engineering attack templates are converted to social engineering attack scenarios by populating the template with both subjects and objects from real-world examples whilst still maintaining the detailed flow of the attack as provided in the template. Furthermore, this paper illustrates how the social engineering attack scenarios are applied to verify a social engineering attack detection model. These templates and scenarios can be used by other researchers to either expand on, use for comparative measures, create additional examples or evaluate models for completeness. Additionally, the proposed social engineering attack templates can also be used to develop social engineering awareness material.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2016.03.004</identifier><identifier>CODEN: CPSEDU</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Bidirectional communication ; Computer information security ; Data integrity ; Engineering ; Human ; Indirect communication ; Intrusion detection systems ; Leaking of information ; Links ; Manipulation ; Mapping ; Mitnick's attack cycle ; Social engineering ; Social engineering attack detection model ; Social engineering attack examples ; Social engineering attack framework ; Social engineering attack scenario ; Social engineering attack templates ; Studies ; Unidirectional communication</subject><ispartof>Computers & security, 2016-06, Vol.59, p.186-209</ispartof><rights>2016 Elsevier Ltd</rights><rights>Copyright Elsevier Sequoia S.A. Jun 2016</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c405t-bf2f6cac5b194f16592523f286337e914f7a66846ef5adb820a4aacb6cfda0c83</citedby><cites>FETCH-LOGICAL-c405t-bf2f6cac5b194f16592523f286337e914f7a66846ef5adb820a4aacb6cfda0c83</cites><orcidid>0000-0001-8804-7601</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27923,27924</link.rule.ids></links><search><creatorcontrib>Mouton, Francois</creatorcontrib><creatorcontrib>Leenen, Louise</creatorcontrib><creatorcontrib>Venter, H.S.</creatorcontrib><title>Social engineering attack examples, templates and scenarios</title><title>Computers & security</title><description>The field of information security is a fast-growing discipline. Even though the effectiveness of security measures to protect sensitive information is increasing, people remain susceptible to manipulation and thus the human element remains a weak link. A social engineering attack targets this weakness by using various manipulation techniques to elicit sensitive information. The field of social engineering is still in its early stages with regard to formal definitions, attack frameworks and templates of attacks. This paper proposes detailed social engineering attack templates that are derived from real-world social engineering examples. Current documented examples of social engineering attacks do not include all the attack steps and phases. The proposed social engineering attack templates attempt to alleviate the problem of limited documented literature on social engineering attacks by mapping the real-world examples to the social engineering attack framework. Mapping several similar real-world examples to the social engineering attack framework allows one to establish a detailed flow of the attack whilst abstracting subjects and objects. This mapping is then utilised to propose the generalised social engineering attack templates that are representative of real-world examples, whilst still being general enough to encompass several different real-world examples. The proposed social engineering attack templates cover all three types of communication, namely bidirectional communication, unidirectional communication and indirect communication. In order to perform comparative studies of different social engineering models, processes and frameworks, it is necessary to have a formalised set of social engineering attack scenarios that are fully detailed in every phase and step of the process. The social engineering attack templates are converted to social engineering attack scenarios by populating the template with both subjects and objects from real-world examples whilst still maintaining the detailed flow of the attack as provided in the template. Furthermore, this paper illustrates how the social engineering attack scenarios are applied to verify a social engineering attack detection model. These templates and scenarios can be used by other researchers to either expand on, use for comparative measures, create additional examples or evaluate models for completeness. Additionally, the proposed social engineering attack templates can also be used to develop social engineering awareness material.</description><subject>Bidirectional communication</subject><subject>Computer information security</subject><subject>Data integrity</subject><subject>Engineering</subject><subject>Human</subject><subject>Indirect communication</subject><subject>Intrusion detection systems</subject><subject>Leaking of information</subject><subject>Links</subject><subject>Manipulation</subject><subject>Mapping</subject><subject>Mitnick's attack cycle</subject><subject>Social engineering</subject><subject>Social engineering attack detection model</subject><subject>Social engineering attack examples</subject><subject>Social engineering attack framework</subject><subject>Social engineering attack scenario</subject><subject>Social engineering attack templates</subject><subject>Studies</subject><subject>Unidirectional communication</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><recordid>eNp9kD9PwzAQxS0EEqXwBZgisTCQcHYcxxUsqOKfVIkBmK2Lc64c0qTYKYJvT0qZGJjuSfd7p3ePsVMOGQeuLpvM9pEyMeoM8gxA7rEJ16VIlQC9zybjokwlSH3IjmJsAHiptJ6wq-feemwT6pa-Iwq-WyY4DGjfEvrE1bqleJEMNAocKCbY1Um01GHwfTxmBw7bSCe_c8pe725f5g_p4un-cX6zSK2EYkgrJ5yyaIuKz6TjqpiJQuROaJXnJc24dCUqpaUiV2BdaQEoEW2lrKsRrM6n7Hx3dx369w3Fwaz8GKJtsaN-Ew3XXEHOeVGM6NkftOk3oRvTGV7qslQiBzlSYkfZ0McYyJl18CsMX4aD2fZpGrPt02z7NJAb-DFd70w0vvrhKZhoPXWWah_IDqbu_X_2b2txfcU</recordid><startdate>201606</startdate><enddate>201606</enddate><creator>Mouton, Francois</creator><creator>Leenen, Louise</creator><creator>Venter, H.S.</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0001-8804-7601</orcidid></search><sort><creationdate>201606</creationdate><title>Social engineering attack examples, templates and scenarios</title><author>Mouton, Francois ; Leenen, Louise ; Venter, H.S.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c405t-bf2f6cac5b194f16592523f286337e914f7a66846ef5adb820a4aacb6cfda0c83</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Bidirectional communication</topic><topic>Computer information security</topic><topic>Data integrity</topic><topic>Engineering</topic><topic>Human</topic><topic>Indirect communication</topic><topic>Intrusion detection systems</topic><topic>Leaking of information</topic><topic>Links</topic><topic>Manipulation</topic><topic>Mapping</topic><topic>Mitnick's attack cycle</topic><topic>Social engineering</topic><topic>Social engineering attack detection model</topic><topic>Social engineering attack examples</topic><topic>Social engineering attack framework</topic><topic>Social engineering attack scenario</topic><topic>Social engineering attack templates</topic><topic>Studies</topic><topic>Unidirectional communication</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Mouton, Francois</creatorcontrib><creatorcontrib>Leenen, Louise</creatorcontrib><creatorcontrib>Venter, H.S.</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers & security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Mouton, Francois</au><au>Leenen, Louise</au><au>Venter, H.S.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Social engineering attack examples, templates and scenarios</atitle><jtitle>Computers & security</jtitle><date>2016-06</date><risdate>2016</risdate><volume>59</volume><spage>186</spage><epage>209</epage><pages>186-209</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><coden>CPSEDU</coden><abstract>The field of information security is a fast-growing discipline. Even though the effectiveness of security measures to protect sensitive information is increasing, people remain susceptible to manipulation and thus the human element remains a weak link. A social engineering attack targets this weakness by using various manipulation techniques to elicit sensitive information. The field of social engineering is still in its early stages with regard to formal definitions, attack frameworks and templates of attacks. This paper proposes detailed social engineering attack templates that are derived from real-world social engineering examples. Current documented examples of social engineering attacks do not include all the attack steps and phases. The proposed social engineering attack templates attempt to alleviate the problem of limited documented literature on social engineering attacks by mapping the real-world examples to the social engineering attack framework. Mapping several similar real-world examples to the social engineering attack framework allows one to establish a detailed flow of the attack whilst abstracting subjects and objects. This mapping is then utilised to propose the generalised social engineering attack templates that are representative of real-world examples, whilst still being general enough to encompass several different real-world examples. The proposed social engineering attack templates cover all three types of communication, namely bidirectional communication, unidirectional communication and indirect communication. In order to perform comparative studies of different social engineering models, processes and frameworks, it is necessary to have a formalised set of social engineering attack scenarios that are fully detailed in every phase and step of the process. The social engineering attack templates are converted to social engineering attack scenarios by populating the template with both subjects and objects from real-world examples whilst still maintaining the detailed flow of the attack as provided in the template. Furthermore, this paper illustrates how the social engineering attack scenarios are applied to verify a social engineering attack detection model. These templates and scenarios can be used by other researchers to either expand on, use for comparative measures, create additional examples or evaluate models for completeness. Additionally, the proposed social engineering attack templates can also be used to develop social engineering awareness material.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2016.03.004</doi><tpages>24</tpages><orcidid>https://orcid.org/0000-0001-8804-7601</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0167-4048 |
| ispartof | Computers & security, 2016-06, Vol.59, p.186-209 |
| issn | 0167-4048 1872-6208 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1816031155 |
| source | ScienceDirect Journals |
| subjects | Bidirectional communication Computer information security Data integrity Engineering Human Indirect communication Intrusion detection systems Leaking of information Links Manipulation Mapping Mitnick's attack cycle Social engineering Social engineering attack detection model Social engineering attack examples Social engineering attack framework Social engineering attack scenario Social engineering attack templates Studies Unidirectional communication |
| title | Social engineering attack examples, templates and scenarios |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-09T05%3A39%3A03IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Social%20engineering%20attack%20examples,%20templates%20and%20scenarios&rft.jtitle=Computers%20&%20security&rft.au=Mouton,%20Francois&rft.date=2016-06&rft.volume=59&rft.spage=186&rft.epage=209&rft.pages=186-209&rft.issn=0167-4048&rft.eissn=1872-6208&rft.coden=CPSEDU&rft_id=info:doi/10.1016/j.cose.2016.03.004&rft_dat=%3Cproquest_cross%3E1816031155%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c405t-bf2f6cac5b194f16592523f286337e914f7a66846ef5adb820a4aacb6cfda0c83%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1787762304&rft_id=info:pmid/&rfr_iscdi=true |