Social Engineering and Defense against Social Engineering

Authors

  • K. Narendra  Department of MCA, Sree Vidyanikethan Institute of Management, Sri Venkateswara University, Tirupati, Andhra Pradesh, India
  • E. Sreedevi  Assistant Professor, Department of MCA, Sree Vidyanikethan Institute of Management, Tirupati, Andhra Pradesh, India

Keywords:

Social Engineering, Social Technology, Social Attacks, Phishing, Information Security

Abstract

Social engineering is a standout amongst the most productive and powerful methods for accessing secure frameworks and acquiring touchy data, yet requires insignificant specialized learning. Attacks shift from mass phishing messages with little refinement through to very focused on, multi-layered attacks which utilize a scope of social engineering procedures. Social engineering works by controlling typical human behavioral attributes and all things considered there are just restricted specialized answers for make preparations for it. Subsequently, the best barrier is to teach clients on the methods utilized by social designers, and bringing issues to light with respect to how the two people and PC frameworks can be controlled to make a bogus level of trust. This can be supplemented by an authoritative disposition towards security that advances the sharing of concerns, upholds data security guidelines and backings clients for sticking to them. All things considered, a decided attacker with adequate expertise, assets and at last, good fortune will have the capacity to recover the data they are looking for. Consequently, associations and people ought to have measures set up to react to, and recuperate from, an effective attack.

References

  1. D. Bisson, “5 Social Engineering Attacks to Watch Out For," March 2015,
  2. http://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/ (accessed April 7, 2016)
  3. S. D. Applegate, “Social engineering: hacking the wetware!" Information Security Journal: a Global Perspective, vol. 18, 2009, pp. 40-46.
  4. K. Manske, “An introduction to social engineering," Security Management Practices, November/December 2000, pp. 53-59.
  5. F. Mouton et al., “Social engineering attack framework," Proc. of Information Security for South Africa (ISSA), 2014, pp. 1-9.
  6. P. Tetri and J. Vuorinen, “Dissecting social engineering," Behavior and Information Technology, vol. 32, no. 10, 2013, pp. 1014-1023.
  7. T. R. Peltier, “Social engineering: concepts and solutions," Information Security and Risk Management, Nov. 2006, pp. 13-21.
  8. M. Rouse, “Social engineering," http://searchsecurity.techtarget.com/definition/social-engineering (accessed April 7, 2016)
  9. Havenstein, H. Video games poised to boost corporate training. Computerworld, 26 August 2008 (2008).
  10. Rhodes, C. Safeguarding Against Social Engineering, East Carolina University, Article at http://www.infosecwriters.com/text_resources/pdf/Social_Engineering_CRhodes.pdf (2007).
  11. Microsoft. How to Protect Insiders from Social Engineering Threats, Midsize Business Security Guidance. http://technet.microsoft.com/en-us/library/cc875841.aspx (2006).
  12. Thapar, A. Social Engineering : An Attack Vector Most Intricate to Tackle, Infosec Writers, www.infosecwriters.com/text_resources/pdf/Social_Engineering_AThapar.pdf (2007).
  13. Bakhshi, T., Papadaki, M., Furnell, S.M. A Practical Assessment of Social Engineering Vulnerabilities. In: Clarke, N.L., Furnell, S.M. (eds.) Second International Symposium on Human Aspects of Information Security and Assurance (HAISA 2008), pp. 12--23, University of Plymouth (2008).
  14. APWG. Phishing Activity Trends Report Q2/2008. Anti-Phishing Working Group, AprilJune 2008, http://www.apwg.org/reports/apwg_report_Q2_2008.pdf (2008).
  15. Evers, J. Security expert: User education is pointless. http://news.cnet.com/2100-7350_3- 6125213.html (2006).
  16. Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L.F., Hong, J., Hong, E. Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System. Institute for Software Research, Carnegie Mellon University (2007).
  17. Robila, S.A., James, J., Ragucci, W. Don't be a phish: steps in user education, in 11th Annual SIGCSE Conference on Technology and Technology In Computer Science Education (ITICSE '06), pp. 237—241 (2006).

IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology

Downloads

Published

2018-04-30

Issue

Volume 3, Issue 4, March-April-2018

Section

Research Articles

License

Copyright (c) IJSRCSEIT

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
K. Narendra, E. Sreedevi, " Social Engineering and Defense against Social Engineering, IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology(IJSRCSEIT), ISSN : 2456-3307, Volume 3, Issue 4, pp.235-239, March-April-2018.