Zaoui, Mohamed, Yousra, Belfaik, Yassine, Sadqi, Yassine, Maleh and Ouazzane, Karim (2024) A comprehensive taxonomy of social engineering attacks and defense mechanisms: toward effective mitigation strategies. IEEE Access, 12. pp. 72224-72241. ISSN 2169-3536
Social engineering (SE) attacks are a growing concern for organizations that rely on technology to protect sensitive data. Identifying and preventing these attacks can be challenging, as they frequently rely on manipulating human behavior rather than exploiting technical vulnerabilities. Although various studies have explored SE attacks and their defense mechanisms, there remains a gap in the literature concerning the holistic and layered classification of these threats and countermeasures. To address this, we conducted a comprehensive literature survey to understand existing taxonomies and subsequently identified areas that required a more structured and exhaustive categorization. Based on the survey results, we propose a comprehensive taxonomy of SE attacks, classifying them based on three levels: environment, approaches, and mediums. Additionally, we present a taxonomy of social engineering countermeasures, encompassing both technical and non-technical solutions. The proposed taxonomies serve as a foundation for future research and offer organizations a valuable framework for developing effective strategies to detect, prevent, and respond to social engineering incidents.
Available under License Creative Commons Attribution Non-commercial No Derivatives 4.0.
Download (2MB) | Preview
View Item |