Dissecting social engineering

Abstract

In information security terms, social engineering (SE) refers to incidents in which an information system is penetrated through the use of social methods. The literature to date (40 texts), which was reviewed for this article, emphasises individual techniques in its description of SE. This leads to a very scattered, anecdotal, and vague notion of SE. In addition, due to the lack of analytical concepts, research conducted on SE encounters difficulties in explaining the success of SE. In such explanations, the victim's psychological traits are overemphasised, although this kind of explanation can cover only a small portion of SE cases. In this article, we have sought to elaborate the concept of SE through analysis of the functions of different techniques. In this way, we have been able to extrapolate three dimensions of SE: persuasion, fabrication, and data gathering. By utilising these dimensions, SE can be grasped in all its aspects instead of through individual techniques. Furthermore, research can benefit from our multidimensional approach as each of the dimensions pertains to a different theory. Therefore, the victim's personal traits cannot function as the only explanation. All in all, the analysis, understanding, and explanation of the success of SE can be furthered using our new approach.