Social Engineering Threat and Defense: A Literature Survey

Abstract

This article surveys the literature on social engineering. There are lots of security application and hardware in market; still there are several methods that can be used to breach the information security defenses of an organization or individual. Social engineering attacks are interested in gaining information that may be used to carry out actions such as identity theft, stealing password or gaining information for another type of attack. The threat lies with the combinations of social engineering with another type of attacks like Phishing and Watering hole attack which make it hard to defense against. This research aims to investigate the impact of modern Social Engineering on the organization or individual. It describes the categories of Social Engineering, and how the attacker takes advantage of human behavior. At the same time, I also discuss the direct and indirect attack of social engineering and the defense mechanism against this attack.