The Art of Deception: Controlling the Human Element of Security
The Art of Deception: Controlling the Human Element of Security
Communications of the ACM
Social networks and context-aware spam
Proceedings of the 2008 ACM conference on Computer supported cooperative work
All your contacts are belong to us: automated identity theft attacks on social networks
Proceedings of the 18th international conference on World wide web
A profitless endeavor: phishing as tragedy of the commons
Proceedings of the 2008 workshop on New security paradigms
Towards Automating Social Engineering Using Social Networking Sites
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
The psychology of password management: a tradeoff between security and convenience
Behaviour & Information Technology
Attack Surfaces: A Taxonomy for Attacks on Cloud Services
CLOUD '10 Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing
Cheap and automated socio-technical attacks based on social networking sites
Proceedings of the 3rd ACM workshop on Artificial intelligence and security
Abusing social networks for automated user profiling
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Privacy Aspects of Mashup Architecture
SOCIALCOM '10 Proceedings of the 2010 IEEE Second International Conference on Social Computing
Friend-in-the-Middle Attacks: Exploiting Social Networking Sites for Spam
IEEE Internet Computing
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
Reverse social engineering attacks in online social networks
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Dark clouds on the horizon: using cloud storage as attack vector and online slack space
SEC'11 Proceedings of the 20th USENIX conference on Security
Who can you trust in the cloud?: a review of security issues within cloud computing
Proceedings of the 2011 Information Security Curriculum Development Conference
The socialbot network: when bots socialize for fame and money
Proceedings of the 27th Annual Computer Security Applications Conference
Social snapshots: digital forensics for online social networks
Proceedings of the 27th Annual Computer Security Applications Conference
Plagiarizing smartphone applications: attack strategies and defense techniques
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
BYOD: Security and Privacy Considerations
IT Professional
The Human Element of Information Security
IEEE Security and Privacy
SoK: The Evolution of Sybil Defense via Social Networks
SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
Social engineering has become an emerging threat in virtual communities and is an effective means to attack information systems. Today's knowledge workers make use of a number of services that leverage sophisticated social engineering attacks. Moreover, there is a trend towards BYOD (bring your own device) policies and the usage of online communication and collaboration tools in private and business environments. In globally acting companies, teams are no longer geographically co-located but staffed just-in-time. The decrease in personal interaction combined with the plethora of tools used (E-Mail, IM, Skype, Dropbox, LinkedIn, Lync, etc.) create new attack vectors for social engineering attacks. Recent attacks on companies such as the New York Times, RSA, or Apple have shown that targeted spear-phishing attacks are an effective evolution of social engineering attacks. When combined with zero-day-exploits they become a dangerous weapon, often used by advanced persistent threats. This paper provides a taxonomy of well-known social engineering attacks as well as a comprehensive overview of advanced social engineering attacks on the knowledge worker.