Social engineering attacks life cycle and types

Abstract

Today, social engineering attacks are one of the most common methods for hackers to hack computer networks and information systems of organizations, steal credentials and other confidential information of users, and commit various cybercrimes. Socio-engineering attacks pose a particular threat to companies with large numbers of employees. Without proper training and education of staff, an attack on an employee who is not related to information security is more likely to be successful, but even such an employee may not be the main cause of a company's information security incident, but become one of the links in the attack chain. which the attacker created to achieve his ultimate goal. Given this, the need to raise awareness about socio-engineering attacks, namely how they are implemented and what types of them exist. This article describes the life cycle of social engineering attacks and the main methods that are used by attackers to implement such attacks. Company employees should be familiar with the signs and examples of various types of social engineering attacks in practice, the principles and rules for working with information, as well as the responsibility for violating these rules. To ensure data security, regulations and instructions should be created and communicated to the personnel, which should clearly spell out the rules for storing, processing, distributing and transferring information to third parties. Raising the awareness of the company's employees about the types of social engineering attacks will reduce the number of incidents implemented as a result of their occurrence.