Social engineering – spear phishing

In summary, social engineering can be defined as an attack vector that depends greatly on human interactions or dealings and it normally involves deceiving people into breaching the normal security protocols. Some of the most popular kinds of social engineering attacks consist of:

  • This occurs when an attacker intentionally leaves a malware-infected tool, for instance, a USB flash drive at a place where it is easily found. A person will then pick the USB flash drive and insert it into a computer, thereby accidentally installing the virus (fireeye, 2014, 1-9).
  • Phishing occurs when a mischievous person sends a fake email concealed as if it is a genuine email. This mail normally seems as if it is from a reliable source. However, the mail is intended to trick the receiver into sharing private or financial data or connecting to a connection or link that mounts the malware (fireeye, 2014, 1-9).
  • Pretexting occurs when one individual deceives another in order to gain admission to confidential information (fireeye, 2014, 1-9).

In this context, spear phishing is custom-made to be used in a particular organization or meant for an individual.

Research questions

  1. What is social engineering and what preventive measures should be taken to best protect against attackers using it?
  2. Do personality influences have any consequences on how individuals deal with spear phishing?
  3. What is the association between online and offline practices and how does it affect the response to spear phishing?
  4. Which are the best ways to measure the extent of an organization’s susceptibility to social engineering?
  5. How do users mainly react to anti-phishing methods especially with the widely use of computers globally?

Reference List

fireeye, 2014. spear phishing attacks: why they are successful and how to stop them why automated analysis tools are not created equal, [online] 11 Nov. Available at: <http://www2.fireeye.com/rs/fireye/images/fireeye-how-stop-spearphishing.pdf> [Accessed 18 March 2016].