Abstract | ||
---|---|---|
Social engineering is the clever manipulation of the human tendency to trust to acquire information assets. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Traditional penetration testing approaches often focus on vulnerabilities in network or software systems. Few approaches even consider the exploitation of humans via social engineering. While the amount of social engineering attacks and the damage they cause rise every year, the defences against social engineering do not evolve accordingly. However, tools exist for social engineering intelligence gathering, which means the gathering of information about possible victims that can be used in an attack. We survey these tools and present an overview of their capabilities. We concluded that attackers have a wide range of intelligence gathering tools at their disposal, which increases the likelihood of future attacks and allows even non-technical skilled users to apply these tools. |
Year | DOI | Venue |
---|---|---|
2017 | 10.1007/978-3-319-64483-7_15 | Lecture Notes in Computer Science |
Keywords | Field | DocType |
Social engineering,Threat analysis,Security awareness,Security tools | Data science,Security awareness,Computer security,Computer science,Asset (computer security),Social engineering (security),Software system,Vulnerability | Conference |
Volume | ISSN | Citations |
10442 | 0302-9743 | 0 |
PageRank | References | Authors |
0.34 | 4 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Kristian Beckers | 1 | 164 | 31.93 |
Daniel Schosser | 2 | 0 | 0.34 |
Sebastian Pape | 3 | 17 | 10.95 |
Peter Schaab | 4 | 0 | 0.68 |