Abstract
Social engineering is the practice, which allows attackers to obtain sensitive or confidential information froma user of a system or organization, exploiting specific characteristics of the human being. This is considered to be still one of the most threatening attacks within the digital world. The current study aims to explore social engineering attacks with significant impact. We conducted a systematic literature review from 2011 to 2020, applying the Barbara Kitchenham Methodological Guide. The main findings are concentrated in companies, financial institutions, and even vehicle vulnerabilities, which has caused economic losses and a decrease in the image and reputation loss damage of individuals and companies. Most of the causes are related to human behavior, such as innocence, unconsciousness, and lack of training or capacity. The primary victims are newly contracted workers, people with a certain lack of knowledge, celebrities, politicians, and middle and senior managers. Furthermore, social networks and e-mail are the primary sources from which attacks occur. Finally, we identified that Phishing and Ransomware are the most significant attacks on companies and individuals.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
2020 phishing statistics you need to know to protect your organization (2020), https://www.keepnetlabs.com/phishing-statistics-you-need-to-know-to-protect-your-organization/
Algarni, A., Xu, Y., Chan, T., Tian, Y.-C.: Social engineering in social networking sites: affect-based model. In: 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013), pp. 508–515 (2013). https://doi.org/10.1109/ICITST.2013.6750253
Algarni, A., Xu, Y., Chan, T.: Susceptibility to social engineering in social networking sites: the case of facebook. Presented at the (2015)
Algarni, A., Xu, Y., Chan, T.: In: Measuring Source Credibility of Social Engineering Attackers on Facebook, pp. 3686–3695. IEEE (2016)
Algarni, A., Xu, Y., Chan, T.: An empirical study on the susceptibility to social engineering in social networking sites: the case of facebook. Eur. J. Inf. Syst. 26(6), 661–687 (2017)
Alotaibi, M.J., Furnell, S., Clarke, N.: A framework for reporting and dealing with end-user security policy compliance. Inf. Comput. Secur. (2019)
Beckers, K., Pape, S.: A Serious Game for Eliciting Social Engineering Security Requirements, pp. 16–25. IEEE (2016)
Benson, V., McAlaney, J., Frumkin, L.A.: Emerging threats for the human element and countermeasures in current cyber security landscape. In: Cyber Law, Privacy, and Security: Concepts, Methodologies, Tools, and Applications, pp. 1264–1269. IGI Global (2019)
Brown, S.D., Reavey, P.: False memories and real epistemic problems. Cult. Psychol. 23(2), 171–185 (2017). https://doi.org/10.1177/1354067X17695764
Cole, S., Kvavilashvili, L.: Spontaneous and deliberate future thinking: a dual process account. Psychol. Res. (2019). https://doi.org/10.1007/s00426-019-01262-7
Conteh, N.Y., Schmick, P.J.: Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks. Int. J. Adv. Comput. Res. 6(23), 31 (2016)
Costantino, G., La Marra, A., Martinelli, F., Matteucci, I.: Candy: A Social Engineering Attack to Leak Information From Infotainment System, pp. 1–5. IEEE (2018)
Drew, J.M., Cross, C.: Fraud and its prey: conceptualising social engineering tactics and its impact on financial literacy outcomes. Presented at the Springer 2016
Edwards, M., Larson, R., Green, B., Rashid, A., Baron, A.: Panning for gold: Automatically analysing online social engineering attack surfaces. Comput. Secur. 69, 18–34 (2017)
Ghafir, I., Saleem, J., Hammoudeh, M., Faour, H., Prenosil, V., Jaf, S., Jabbar, S., Baker, T.: Security threats to critical infrastructure: the human factor. J. Supercomput. 74(10), 4986–5002 (2018)
Gong, N.Z., Liu, B.: Attribute inference attacks in online social networks. ACM Trans. Privacy Secur. (TOPS) 21(1), 1–30 (2018)
Gupta, S., Singhal, A., Kapoor, A.: A Literature Survey on Social Engineering Attacks: Phishing Attack, pp. 537–540. IEEE (2016)
Hammour, R.A., Gharaibeh, Y.A., Qasaimeh, M., Al-Qassas, R.S.: The status of information security systems in banking sector from social engineering perspective. Presented at the (2019)
Irani, D., Balduzzi, M., Balzarotti, D., Kirda, E., Pu, C.: Reverse social engineering attacks in online social networks. Presented at the Springer 2011
Jaafor, O., Birregah, B.: Multi-layered Graph-Based Model for Social Engineering Vulnerability Assessment, pp. 1480–1488. IEEE (2015)
Jamil, A., Asif, K., Ghulam, Z., Nazir, M.K., Alam, S.M., Ashraf, R.: Mpmpa: A Mitigation and Prevention Model for Social Engineering Based Phishing Attacks on Facebook, pp. 5040–5048. IEEE (2018)
Joshi, C., Aliaga, J.R., Insua, D.R.: Insider threat modeling: an adversarial risk analysis approach. IEEE Trans. Inf. For. Secur. 16, 1131–1142 (2021). https://doi.org/10.1109/TIFS.2020.3029898
Kaushalya, S., Randeniya, R., Liyanage, A.: An Overview of Social Engineering in the Context of Information Security, pp. 1–6. IEEE (2018)
Khan, N.F., Ikram, N.: Development of students’ security and privacy habits scale. Presented at the Springer 2019
Kitchenham, B., Charters, S.: Guidelines for performing systematic literature reviews in software engineering (2007)
Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Social engineering attacks on the knowledge worker. Presented at the (2013)
Lancaster, K.: You may want to revise your cybersecurity plan after you see these 2020 ransomware statistics! (2020), https://www.idagent.com/blog/10-2020-ransomware-statistics-that-you-need-to-see/
Luo, X., Brody, R., Seazzu, A., Burd, S.: Social engineering: the neglected human factor for information security management. Inf. Resour. Manage. J. (IRMJ) 24(3), 1–8 (2011)
Meharchandani, D.: Staggering phishing statistics in 2020 (2020), https://www.kratikal.com/blog/staggering-phishing-statistics-in-2020/
Mouton, F., Leenen, L., Venter, H.S.: Social engineering attack examples, templates and scenarios. Comput. Secur. 59, 186–209 (2016)
Nelson, J., Lin, X., Chen, C., Iglesias, J., Li, J.: In: Social Engineering for Security Attacks, pp. 1–4. Data Science (2016)
Ovelgönne, M., Dumitraş, T., Prakash, B.A., Subrahmanian, V., Wang, B.: Understanding the relationship between human behavior and susceptibility to cyber attacks: a data-driven approach. ACM Trans. Intell. Syst. Technol. (TIST) 8(4), 1–25 (2017)
Purplesec: 2020 ransomware statistics, data, & trends (dec 2020), https://purplesec.us/resources/cyber-security-statistics/ransomware/
Rodríguez, G.E., Benavides, D.E., Torres, J., Flores, P., Fuertes, W.: Cookie scout: An analytic model for prevention of cross-site scripting (xss) using a cookie classifier. Presented at the Springer 2018
Salahdine, F., Kaabouch, N.: Social engineering attacks: a survey. Future Internet 11(4), 89 (2019)
Saleem, J., Hammoudeh, M.: Defense methods against social engineering attacks. In: Computer and Network Security Essentials, pp. 603–618. Springer (2018)
Sawa, Y., Bhakta, R., Harris, I.G., Hadnagy, C.: Detection of Social Engineering Attacks Through Natural Language Processing of Conversations, pp. 262–265. IEEE (2016)
Sethi, R.J.: Spotting fake news: a social argumentation framework for scrutinizing alternative facts. Presented at the (2017). https://doi.org/10.1109/ICWS.2017.108
Sumner, A., Yuan, X.: Mitigating phishing attacks: an overview. Presented at the (2019)
Wang, Z., Sun, L., Zhu, H.: Defining social engineering in cybersecurity. IEEE Access 8, 85094–85115 (2020)
Wilson, B.: Introducing cyber security by designing mock social engineering attacks. J. Comput. Sci. Coll. 34(1), 235–241 (2018)
Yeboah-Boateng, E.O., Amanor, P.M.: Phishing, smishing & vishing: an assessment of threats against mobile devices. J. Emerg. Trends Comput. Inf. Sci. 5(4), 297–307 (2014)
Younis, Y.A., Musbah, M.: A framework to protect against phishing attacks. Presented at the (2020)
Zambrano, P., Torres, J., Tello-Oquendo, L., Jácome, R., Benalcázar, M.E., Andrade, R., Fuertes, W.: Technical map** of the grooming anatomy using machine learning paradigms: an information security approach. IEEE Access 7, 142129–142146 (2019). https://doi.org/10.1109/ACCESS.2019.2942805
Acknowledgements
We want to thank the resources granted for develo** the research project entitled Detection and Mitigation of Social Engineering attacks applying Cognitive Security. The authors would also like to thank the RED CEDIA’s financial support in the development of this study within the GT-Cybersecurity.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Fuertes, W. et al. (2022). Impact of Social Engineering Attacks: A Literature Review. In: Rocha, Á., Fajardo-Toro, C.H., Rodríguez, J.M.R. (eds) Developments and Advances in Defense and Security . Smart Innovation, Systems and Technologies, vol 255. Springer, Singapore. https://doi.org/10.1007/978-981-16-4884-7_3
Download citation
DOI: https://doi.org/10.1007/978-981-16-4884-7_3
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-4883-0
Online ISBN: 978-981-16-4884-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)