An Overview of Social Engineering in the Context of Information Security

摘要

Social engineering in the context of information security is the exploitation of human psychology to gain access into secure data. Human emotion can act as both a strength and a weakness. When it comes to the world booming with technology, human emotions which are completely unrelated to the matter is made to relate through social engineering. Social engineering employs `traps' to pry on human emotion and its vulnerability, taking advantage of the flaws of human psychology. Information security breaches utilising social engineering techniques are vast, so that social engineering in this context is a topic which could not be neglected. This research paper presents an overview of social engineering attacks and suggested defence mechanisms. An introduction to social engineering attacks are given, with context to the current trends and related vulnerabilities. Main reasons for the spread of social engineering attacks in the current context are also presented. Attack frameworks are presented and defence approaches are proposed at the end.