The Evolution of Social Engineering Attacks: A Cybersecurity Engineering Perspective
Article Sidebar
Main Article Content
Abstract
Social engineering attacks have become one of the most sophisticated threats for modern cybersecurity, where social engineering itself is the best weapon for attackers. This is different from the conventional methods of cyber-attacks such as software and hardware through which the attackers deceived people and took their precious information through manipulation. From a cybersecurity engineering point of view, this paper presents the historical evolution, current trends, and implication of social engineering attacks. Various attack methods are examined: from phishing, vishing, baiting, pretexting to the tailgating, all them is analyzed in the context of their ability to bypass the security measure. It makes clear where the cybercriminals take advantage of technological advances like artificial intelligence (AI) these days, as well as deepfake technology to increase the precision and scalability of social engineering campaigns. AI driven reconnaissance tools helps attackers tailor their messages towards victors online behavior, enabling more deceptive try and more convincing. The study also assesses the consequences and impacts of social engineering attacks on the organizations by looking at possibilities of financial losses and reputation damage, among other things. In addition, this paper has detailed mitigation strategies; these include employee-training programs, multi factor authentication (MFA), email-filtering technologies and AI based threat detection systems. Case studies such as the Google and Facebook financial fraud scheme will show you how even well secured business are still susceptible to the social engineering tactics. Out of the findings numerous are there which urges for a multi layered approach towards the cybersecurity – both technological and human aspect. Recent studies with the rapid technology advancement suggest that cybersecurity experts collaborating with psychologists are urged to create more resilient defense systems against social engineering for a better resilience against cyber threats. Knowing what psychological manipulation techniques attackers use in order to attack is how organizations can proactively implement security by reducing the chance of a breach caused by human error.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Licensed under a CC-BY license: https://creativecommons.org/licenses/by-nc-sa/4.0/
How to Cite
References
"Social Engineering Attacks Targeting the HPH Sector". HC3. Apr 2024. https://www.hhs.gov/sites/default/files/social-engineering-targeting-the-hph-sector-tlpclear.pdf
C. Avey. "The Impact of AI on Social Engineering Cyber Attacks". Aug 2023. https://www.secureworld.io/industry-news/impact-ai-social-engineering-attacks
"10 Types of Social Engineering Attacks | CrowdStrike". Oct 2024. https://www.crowdstrike.com/en-us/cybersecurity-101/social-engineering/types-of-social-engineering-attacks/
W. Fuertes, D. Arévalo, J. D. Castro, M. Ron, C. A. Estrada, R. Andrade, F. F. Peña and E. Benavides. "Impact of Social Engineering Attacks: A Literature Review". Jan 2022. https://www.researchgate.net/publication/355754456_Impact_of_Social_Engineering_Attacks_A_Literature_Review
C. M. University. "Social Engineering". Aug 2023. https://www.cmu.edu/iso/aware/dont-take-the-bait/social-engineering.html
V. Sushruth, K. Rahul Reddy and B. R. Chandavarkar. "Social Engineering Attacks During the COVID-19 Pandemic". Apr 2021. https://link.springer.com/article/10.1007/s42979-020-00443-1
V. Chinnasamy. "10 Ways Businesses Can Prevent Social Engineering Attacks". Sep 2020. https://www.indusface.com/blog/10-ways-businesses-can-prevent-social-engineering-attacks/
"What Is Social Engineering? - Definition, Types & More | Proofpoint US". Dec 2024. https://www.proofpoint.com/us/threat-reference/social-engineering
"What Is Social Engineering?". Nov 2024. https://www.cisco.com/c/en/us/products/security/what-is-social-engineering.html
"7 Essential Tips to Prevent Social Engineering | Lookout". (accessed Feb 06, 2025). https://www.lookout.com/blog/7-essential-tips-to-prevent-social-engineering
"What is social engineering?". Jun 2014. https://www.ibm.com/think/topics/social-engineering
"What Is Social Engineering and How Does It Work? | Black Duck". (accessed Feb 06, 2025). https://www.blackduck.com/glossary/what-is-social-engineering.html
F. Salahdine and N. Kaabouch. "Social Engineering Attacks: A Survey". Feb 2019. https://www.mdpi.com/1999-5903/11/4/89
"Social engineering | MMA". (accessed Feb 06, 2025). https://www.marshmma.com/us/insights/details/social-engineering.html
S. Limited. "Impact Of Social Engineering Attacks on Businesses | SiteLock". Jan 2025. https://www.sitelock.com/blog/the-impact-of-social-engineering/
U. o. Tulsa. "How to Prevent Social Engineering Attacks". Feb 2024. https://online.utulsa.edu/blog/how-to-prevent-social-engineering-attacks/
"What Are Social Engineering Attacks? A Detailed Explanation | Splunk". (accessed Feb 06, 2025). https://www.splunk.com/en_us/blog/learn/social-engineering-attacks.html
"Understanding Social Engineering Tactics: 8 Attacks to Watch Out For". Aug 2024. https://www.tripwire.com/state-of-security/5-social-engineering-attacks-to-watch-out-for
"What Are Social Engineering Attacks? (Types & Definition)". Jan 2021. https://www.digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack
"202404031000_Help Desk Social Engineering Sector Alert_TLPCLEAR". HC3. Mar 2024. https://www.hhs.gov/sites/default/files/help-desk-social-engineering-sector-alert-tlpclear.pdf
"How to Reduce the Impact of Social Engineering Attacks | Verizon ". (accessed Feb 06, 2025). https://www.verizon.com/business/resources/articles/s/how-to-reduce-the-impact-of-social-engineering-attacks/
Uniqkey. "Social Engineering Attacks Impact on Businesses". Sep 2023. https://blog.uniqkey.eu/impact-of-social-engineering-attacks/
"Social Engineering Testing: Safeguard Your Organization with Proactive and Effective Strategies - NaviSec Cyber Security". May 2023. https://navisec.io/Social-engineering-testing
H. Khachunts. "How Does Social Engineering Impact an Organization?". Jan 2022. https://easydmarc.com/blog/how-does-social-engineering-affect-an-organization/
"Social Engineering Attacks: Dangers & Impact | Indusface". Feb 2024. https://www.indusface.com/learning/what-is-a-social-engineering-attack/
Lindiwe T. Hove. "Strategies Used to Mitigate Social Engineering Attacks". Jan 2020. https://scholarworks.waldenu.edu/context/dissertations/article/10644/viewcontent/Hove_waldenu_0543D_25134.pdf
"What is Social Engineering? | Definition". Aug 2020. https://www.kaspersky.com/resource-center/definitions/what-is-social-engineering
K. Chetioui, B. Bah, A. O. Alami and A. Bahnasse. "Overview of Social Engineering Attacks on Social Networks". Jan 2021. https://www.researchgate.net/publication/358132130_Overview_of_Social_Engineering_Attacks_on_Social_Networks
None. "2023 Data Breach Investigations Report: frequency and cost of social engineering attacks skyrocket". Aug 2023. https://www.verizon.com/about/news/2023-data-breach-investigations-report
N. Sharma. "Social Engineering Attacks Impact on Businesses". May 2023. https://itsecuritywire.com/featured/impact-of-social-engineering-on-business/
M. Security. "How Social Engineering Can Affect an Organization". (accessed Feb 06, 2025). https://www.mitnicksecurity.com/blog/how-social-engineering-can-affect-an-organization
Ekta. "The Real-World Impacts of Social Engineering". Jan 2024. https://sennovate.com/the-real-world-impacts-of-social-engineering/
"Defending Your Organization Against Social Engineering Attacks". (accessed Feb 06, 2025). https://www.jamf.com/blog/mitigating-social-engineering-attacks/
E. d. Wet. "Social engineering and how it can impact your company". Jun 2023. https://www.4cit.group/social-engineering-and-how-it-can-impact-your-company/
"CYBV481 - Social Engineering Attacks". (accessed Feb 06, 2025). https://azcast.arizona.edu/academics/cyber-operations/courses/cybv481-social-engineering-attacks
E. J. Dansu. "Mitigation Strategies for Social Engineering". Aug 2023. https://www.linkedin.com/pulse/mitigation-strategies-social-engineering-emmanuel-jesuyon-dansu
"9 Examples of Social Engineering Attacks". Nov 2024. https://www.terranovasecurity.com/blog/examples-of-social-engineering-attacks
"ThreatLocker Blog: How to protect yourself from social engineering". (accessed Feb 06, 2025). https://www.threatlocker.com/blog/how-to-protect-yourself-social-engineering
B. Naqvi, K. Perova, A. Farooq, I. Makhdoom, S. Oyedeji and J. Porras. "Mitigation strategies against the phishing attacks: A systematic literature review". Jan 2023. https://www.sciencedirect.com/science/article/pii/S0167404823002973
"8 Ways Organisations Prevent Social Engineering Attacks". (accessed Feb 06, 2025). https://www.stickmancyber.com/cybersecurity-blog/8-ways-organisations-prevent-social-engineering-attacks
I. Faculty. "How to Prevent and Mitigate Social Engineering Attacks". May 2022. https://www.iansresearch.com/resources/all-blogs/post/security-blog/2022/05/31/how-to-prevent-and-mitigate-social-engineering-attacks
M. Hijji and G. Alam. "A Multivocal Literature Review on Growing Social Engineering Based Cyber-Attacks/Threats During the COVID-19 Pandemic: Challenges and Prospective Solutions". (accessed Feb 06, 2025). https://ieeexplore.ieee.org/document/9312039/
"North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks". Mar 2024. https://www.ic3.gov/PSA/2024/PSA240903
"Avoiding Social Engineering and Phishing Attacks". (accessed Feb 06, 2025). https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks
"Social engineering – Protection & Prevention". Aug 2020. https://www.kaspersky.com/resource-center/threats/how-to-avoid-social-engineering-attacks