Taxonomy of Social Engineering Attacks: A Survey of Trends and Future Directions

Abstract

Hackers have many techniques available for breaching the security flaws of organizations. The human approach, called Social Engineering (SE), is probably the most difficult one to be dealt with. Social engineering is considered one of the most creative methods for gaining unauthorized access to information systems. This type of cyber threat does not require advanced technical knowledge because it relies mainly on human nature. Social engineers use different techniques, such as phishing, to manipulate people and cause significant damage to the organizations where they work. Therefore, organizations must raise the awareness of their users about social engineering attacks. Most organizations are putting all defense efforts into advanced technologies to prevent various threats. This is considered a wrong approach because employees of an organization use email, social networks, or other online sites as part of their work activities. Therefore, the prevention of attacks cannot be accomplished through advanced technologies alone, but the human aspect must also be studied. This paper comprehensively analyzes the existing literature in the taxonomy of social engineering attacks focusing on human aspects. It provides an overview of research opportunities that should be addressed and elaborated in future investigations.