A Primer on Social Engineering Threats

Abstract

Social Engineering Attacks are a form of deception using
communication or media network whereby the victim is tricked into
revealing usernames, passwords or other sensitive information to a
hacker, parting with a sum of money, or performing some insecure acts.
It is not limited to computer systems and can also be done through normal
telephone calls or face-to-face communication. World renowned
computer hacker Kevin Mitnick who evaded the authorities in the 1990’s
was the world’s first hacker known to widely employ social engineering
attacks above all else as the main medium of attack. Such attacks became
more prevalent as people began to rely more and more on social media
and social networking services. Among all the hacking incidents, the
basic principles employed in social engineering attacks have not changed
much over the years, as in this attack the hacker targets vulnerable users
by psychological manipulation. It has been said that a chain is only as
strong as its weakest link. More so when it comes to security. A security
system is only as strong as its weakest link - which is the human user.
Social engineering attacks lead to loss of finances, intellectual property,
private data and consumer credibility. This paper examines the anatomy
and execution of the attack and also presents a survey of the various
notable frameworks to study such attacks and concludes with some
mitigation countermeasures to deal with the threat.