Contemporary deception techniques: Social engineering – semantic, phenomenological and security aspects

Abstract

The purpose of this paper is to establish a terminological framework in order to explain social engineering and analyze it from phenomenological and security aspect. From phenomenological point of view, the paper explains the phenomenon of social engineering as a contemporary, specific and sophisticated manner of manipulating people. Social engineering is characterized by attacker’s innovative method of selecting and approaching the victim and, when needed, an unlimited number of attack cycles, depending on the goal set by the attacker. Attacks are based on the use of various tools and techniques. From the aspect of security, social engineering holds a very important place in planning and executing cyber-attacks. This paper analyzes perpetrators’ criminogenic and motivational factors from the criminological point of view. Motive and profile of perpetrators cannot always be established due to spatial and temporal limitations, as well as architectural and environmental characteristics of the information and communication system, which is the final target of the attacks. Regardless of the fact that it is present in each phase of a cyber-attack, social engineering is always the foundation of the first phase, in which the attacker learns in details the information which will facilitate access to the information and communication system he plans to attack. In this initial and crucial phase, preconditions for successful continuation and termination of the cyber-attack are realized. At the end of the paper, there is a detailed classification of threat subjects based on motives that moves them and the goal that is supposed to be achieved. In the scientific and professional thematization, this has not been done yet.