Advanced social engineering attacks

K. Krombholz, H. Hobel, M. Huber, E. Weippl:
"Advanced social engineering attacks";
Journal of Information Security and Applications,22(2015), S. 113 - 122.

[ Publication Database ]

Abstract:


Social engineering has emerged as a serious threat in virtual communities and is an effective means to attack information
systems. The services used by today's knowledge workers prepare the ground for sophisticated social engineering attacks.
The growing trend towards BYOD (bring your own device) policies and the use of online communication and collaboration
tools in private and business environments aggravate the problem. In globally acting companies, teams are no longer
geographically co-located, but staffed just-in-time. The decrease in personal interaction combined with a plethora of
tools used for communication (e-mail, IM, Skype, Dropbox, LinkedIn, Lync, etc.) create new attack vectors for social
engineering attacks. Recent attacks on companies such as the New York Times and RSA have shown that targeted
spear-phishing attacks are an effective, evolutionary step of social engineering attacks. Combined with zero-day-exploits,
they become a dangerous weapon that is often used by advanced persistent threats. This paper provides a taxonomy of
well-known social engineering attacks as well as a comprehensive overview of advanced social engineering attacks on the
knowledge worker.