Impact Analysis and Performance Model of Social Engineering Techniques

Abstract

The field of information security is rapidly growing discipline. Although the effectiveness of security measures to protect sensitive information is increasing, the human factor that are open to manipulation remains the weakest link in the chain of security. Security of information is vital for organizations and governments. Also development of safeguards against illegal access to information is an area of increasing interest of researchers. Technology alone is not an adequate protection against information theft; human is often the weakest link in the chain of information security. The "art"of exposing people's vulnerabilities for sensitive information is known as social engineering. At the same time, the process of exploiting personal vulnerabilities is known as a social engineering attack. There are different kinds of this kinds of attacks. Targeting human weakness, social engineering attack uses various routing techniques to obtain sensitive information. In this work, the factors of the success of phishing, which is one of the social engineering attacks, were investigated. Some hypotheses have been developed according to these factors, and the accuracy of the hypotheses was shown with a questionnaire. A model that is used to calculate these parameters mathematically is proposed and the importance of being conscious to prevent such attacks is emphasized. © 2023 Elsevier B.V., All rights reserved.