International Journal of

ADVANCED AND APPLIED SCIENCES

EISSN: 2313-3724, Print ISSN: 2313-626X

Frequency: 12
line decor
  
line decor

 Volume 11, Issue 4 (April 2024), Pages: 139-154

----------------------------------------------

 Review Paper

A comprehensive survey on social engineering-based attacks on social networks

 Author(s): 

 Anam Naz 1, Madiha Sarwar 1, Muhammad Kaleem 1, *, Muhammad Azhar Mushtaq 1, Salman Rashid 2

 Affiliation(s):

 1Department of CS and IT, University of Sargodha, Sargodha, Pakistan
 2Department of Computer Science, University of Lahore, Lahore, Pakistan

 Full text

  Full Text - PDF

 * Corresponding Author. 

  Corresponding author's ORCID profile: https://orcid.org/0000-0002-6407-4178

 Digital Object Identifier (DOI)

 https://doi.org/10.21833/ijaas.2024.04.016

 Abstract

Threats based on social engineering in social networks are becoming a more common problem. Social engineering is a type of attack that relies on trickery and exploiting human psychology to gain access to confidential information or resources. It involves deceptive techniques like phishing, pretexting, and baiting, tricking individuals into revealing sensitive information or performing specific actions. These tactics can lead to unauthorized access to user accounts, identity theft, or the distribution of harmful content. This study offers a detailed review of threats related to social engineering on social networks. It explores various social engineering attacks, the methods used to execute these threats, and measures that can be adopted to minimize the risk of becoming a victim. The research aimed to develop a new, broad classification of social engineering attacks and strategies for responding to them. It also examines the challenges that social engineering poses to algorithms on social media platforms and highlights the need for more research. The study concludes by pointing out the shortcomings of current approaches and suggesting future research directions, stressing the importance of standardized protective measures and increasing awareness among potential victims. This thorough examination improves our understanding of social engineering attacks and encourages the development of innovative solutions and ethical practices, contributing to a more secure digital environment.

 © 2024 The Authors. Published by IASE.

 This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

 Keywords

 Social engineering threats, Social networks, Psychological manipulation, Countermeasures, Digital security

 Article history

 Received 17 December 2023, Received in revised form 10 April 2024, Accepted 12 April 2024

 Acknowledgment 

No Acknowledgment.

 Compliance with ethical standards

 Conflict of interest: The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

 Citation:

 Naz A, Sarwar M, Kaleem M, Mushtaq MA, and Rashid S (2024). A comprehensive survey on social engineering-based attacks on social networks. International Journal of Advanced and Applied Sciences, 11(4): 139-154

 Permanent Link to this page

 Figures

 Fig. 1 Fig. 2 Fig. 3 Fig. 4 Fig. 5

 Tables

 Table 1 Table 2 Table 3 Table 4 Table 5 

----------------------------------------------   

 References (61)

  1. Abroshan H, Devos J, Poels G, and Laermans E (2021a). A phishing mitigation solution using human behaviour and emotions that influence the success of phishing attacks. In Adjunct Proceedings of the 29th ACM Conference on User Modeling, Adaptation and Personalization, ACM, Utrecht, Netherlands: 345-350. https://doi.org/10.1145/3450614.3464472   [Google Scholar]
  2. Abroshan H, Devos J, Poels G, and Laermans E (2021b). Phishing happens beyond technology: The effects of human behaviors and demographics on each step of a phishing process. IEEE Access, 9: 44928-44949. https://doi.org/10.1109/ACCESS.2021.3066383   [Google Scholar]
  3. Abu Hweidi RF and Eleyan D (2023). Social engineering attack concepts, frameworks, and awareness: A systematic literature review. International Journal of Computing and Digital Systems, 13(1): 691-700. https://doi.org/10.12785/ijcds/130155   [Google Scholar]
  4. Ahmetoglu H and Das R (2022). A comprehensive review on detection of cyber-attacks: Data sets, methods, challenges, and future research directions. Internet of Things, 20: 100615. https://doi.org/10.1016/j.iot.2022.100615   [Google Scholar]
  5. Al Salti I and Zhang N (2022). LINK-GUARD: An effective and scalable security framework for link discovery in SDN networks. IEEE Access, 10: 130233-130252. https://doi.org/10.1109/ACCESS.2022.3229899   [Google Scholar]
  6. Albladi SM and Weir GR (2020). Predicting individuals’ vulnerability to social engineering in social networks. Cybersecurity, 3: 7. https://doi.org/10.1186/s42400-020-00047-5   [Google Scholar]
  7. Aldawood H and Skinner G (2020). Analysis and findings of social engineering industry experts explorative interviews: Perspectives on measures, tools, and solutions. IEEE Access, 8: 67321-67329. https://doi.org/10.1109/ACCESS.2020.2983280   [Google Scholar]
  8. Alkawaz MH, Steven SJ, Hajamydeen AI, and Ramli R (2021). A comprehensive survey on identification and analysis of phishing website based on machine learning methods. In the 11th IEEE Symposium on Computer Applications and Industrial Electronics, IEEE, Penang, Malaysia: 82-87. https://doi.org/10.1109/ISCAIE51753.2021.9431794   [Google Scholar]
  9. Almousa M and Anwar M (2023). A URL-based social semantic attacks detection with character-aware language model. IEEE Access, 11: 10654-10663. https://doi.org/10.1109/ACCESS.2023.3241121   [Google Scholar]
  10. AlMudahi GF, AlSwayeh LK, AlAnsary SA, and Latif R (2022). Social media privacy issues, threats, and risks. In the 5th International Conference of Women in Data Science at Prince Sultan University (WiDS PSU), IEEE, Riyadh, Saudi Arabia: 155-159. https://doi.org/10.1109/WiDS-PSU54548.2022.00043   [Google Scholar]
  11. Al-Musib NS, Al-Serhani FM, Humayun M, and Jhanjhi NZ (2023). Business email compromise (BEC) attacks. Materials Today: Proceedings, 81: 497-503. https://doi.org/10.1016/j.matpr.2021.03.647   [Google Scholar]
  12. Al-Otaibi AF and Alsuwat ES (2020). A study on social engineering attacks: Phishing attack. International Journal of Recent Advances in Multidisciplinary Research, 7(11): 6374-6380.   [Google Scholar]
  13. Andrade RO, Ortiz-Garcés I, and Cazares M (2020). Cybersecurity attacks on smart home during COVID-19 pandemic. In the 4th World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4), IEEE, London, UK: 398-404. https://doi.org/10.1109/WorldS450073.2020.9210363   [Google Scholar]
  14. Anne WR and CarolinJeeva S (2021). Performance analysis of boosting techniques for classification and detection of malicious websites. In the ICCAP 2021: Proceedings of the First International Conference on Combinatorial and Optimization, European Alliance for Innovation, Chennai, India: 405-415.   [Google Scholar]
  15. Ansari MF, Panigrahi A, Jakka G, Pati A, and Bhattacharya K (2022). Prevention of phishing attacks using AI algorithm. In the 2nd Odisha International Conference on Electrical Power Engineering, Communication and Computing Technology, IEEE, Bhubaneswar, India: 1-5. https://doi.org/10.1109/ODICON54453.2022.10010185   [Google Scholar]
  16. Carroll F, Adejobi JA, and Montasari R (2022). How good are we at detecting a phishing attack? Investigating the evolving phishing attack email and why it continues to successfully deceive society. SN Computer Science, 3: 170. https://doi.org/10.1007/s42979-022-01069-1   [Google Scholar] PMid:35224514 PMCid:PMC8864450
  17. Chetioui K, Bah B, Alami AO, and Bahnasse A (2022). Overview of social engineering attacks on social networks. Procedia Computer Science, 198: 656-661. https://doi.org/10.1016/j.procs.2021.12.302   [Google Scholar]
  18. Chng S, Lu HY, Kumar A, and Yau D (2022). Hacker types, motivations and strategies: A comprehensive framework. Computers in Human Behavior Reports, 5: 100167. https://doi.org/10.1016/j.chbr.2022.100167   [Google Scholar]
  19. Distler V, Abdrabou Y, Dietz F, and Alt F (2023). Triggering empathy out of malicious intent: The role of empathy in social engineering attacks. In the Proceedings of the 2nd Empathy-Centric Design Workshop, ACM, Hamburg, Germany: 1-6. https://doi.org/10.1145/3588967.3588969   [Google Scholar]
  20. Eftimie S, Moinescu R, and Răcuciu C (2022). Spear-phishing susceptibility stemming from personality traits. IEEE Access, 10: 73548-73561. https://doi.org/10.1109/ACCESS.2022.3190009   [Google Scholar]
  21. Erdodi L and Zennaro FM (2020). The agent web model-Modelling web hacking for reinforcement learning. ArXiv Preprint ArXiv:2009.11274. https://doi.org/10.48550/arXiv.2009.11274    [Google Scholar]
  22. Fatima A, Khan TA, Abdellatif TM, Zulfiqar S, Asif M, Safi W, Al Hamadi H, and Al-Kassem AH (2023). Impact and research challenges of penetrating testing and vulnerability assessment on network threat. In the International Conference on Business Analytics for Technology and Security, IEEE, Dubai, UAE: 1-8. https://doi.org/10.1109/ICBATS57792.2023.10111168   [Google Scholar]
  23. Fuertes W, Arévalo D, Castro JD, Ron M, Estrada CA, Andrade R, and Benavides E (2022). Impact of social engineering attacks: A literature review. In: Rocha Á, Fajardo-Toro CH, Rodríguez JMR (Eds.), Developments and advances in defense and security. Smart innovation, systems and technologies: 25-35. Volume 255, Springer, Singapore, Singapore. https://doi.org/10.1007/978-981-16-4884-7_3   [Google Scholar]
  24. Gomes V, Reis J, and Alturas B (2020). Social engineering and the dangers of phishing. In the 15th Iberian Conference on Information Systems and Technologies, IEEE, Seville, Spain: 1-7. https://doi.org/10.23919/CISTI49556.2020.9140445   [Google Scholar]
  25. Gupta M, Akiri C, Aryal K, Parker E, and Praharaj L (2023). From ChatGpt to ThreatGpt: Impact of generative AI in cybersecurity and privacy. IEEE Access, 11: 80218- 80245. https://doi.org/10.1109/ACCESS.2023.3300381   [Google Scholar]
  26. He D, Lv X, Xu X, Yu S, Li D, Chan S, and Guizani M (2022). An effective double-layer detection system against social engineering attacks. IEEE Network, 36(6): 92-98. https://doi.org/10.1109/MNET.105.2100425   [Google Scholar]
  27. Hijji M and Alam G (2021). A multivocal literature review on growing social engineering based cyber-attacks/threats during the COVID-19 pandemic: Challenges and prospective solutions. IEEE Access, 9: 7152-7169. https://doi.org/10.1109/ACCESS.2020.3048839   [Google Scholar] PMid:34786300 PMCid:PMC8545234
  28. Huseynov F and Ozdenizci Kose B (2022). Using machine learning algorithms to predict individuals’ tendency to be victim of social engineering attacks. Information Development, 40(2): 298-318. https://doi.org/10.1177/02666669221116336   [Google Scholar]
  29. Ivanov N, Lou J, Chen T, Li J, and Yan Q (2021). Targeting the weakest link: Social engineering attacks in Ethereum smart contracts. In the Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, ACM, Hong Kong, China: 787-801. https://doi.org/10.1145/3433210.3453085   [Google Scholar]
  30. Kelly D, Glavin FG, and Barrett E (2021). Denial of wallet—Defining a looming threat to serverless computing. Journal of Information Security and Applications, 60: 102843. https://doi.org/10.1016/j.jisa.2021.102843   [Google Scholar]
  31. Kelly D, Glavin FG, and Barrett E (2023). DoWTS–Denial-of-wallet test simulator: Synthetic data generation for preemptive defence. Journal of Intelligent Information Systems, 60: 325-348. https://doi.org/10.1007/s10844-022-00735-3   [Google Scholar]
  32. Khoei TT, Slimane HO, and Kaabouch N (2022). A comprehensive survey on the cyber-security of smart grids: Cyber-attacks, detection, countermeasure techniques, and future directions. ArXiv Preprint ArXiv:2207.07738. https://doi.org/10.4236/cn.2022.144009   [Google Scholar]
  33. Kikerpill K and Siibak A (2021). Mazephishing: The COVID-19 pandemic as credible social context for social engineering attacks. TRAMES: A Journal of the Humanities and Social Sciences, 25(4): 371-393. https://doi.org/10.3176/tr.2021.4.01   [Google Scholar]
  34. Kilavo HJ, Mselle LJ, Rais RI, and Mrutu SI (2023). Reverse social engineering to counter social engineering in mobile money theft: A Tanzanian context. Journal of Applied Security Research, 18(3): 546-558. https://doi.org/10.1080/19361610.2022.2031702   [Google Scholar]
  35. Lefoane M, Ghafir I, Kabir S, and Awan IU (2022). Multi-stage attack detection: Emerging challenges for wireless networks. In the International Conference on Smart Applications, Communications and Networking (SmartNets), IEEE, Palapye, Botswana: 1-5. https://doi.org/10.1109/SmartNets55823.2022.9994027   [Google Scholar]
  36. Madhubala R, Rajesh N, Shaheetha L, and Arulkumar N (2022). Survey on malicious URL detection techniques. In the 6th International Conference on Trends in Electronics and Informatics, IEEE, Tirunelveli, India: 778-781. https://doi.org/10.1109/ICOEI53556.2022.9777221   [Google Scholar]
  37. Mattera M and Chowdhury MM (2021). Social engineering: The looming threat. In the IEEE International Conference on Electro Information Technology (EIT), IEEE, Mt. Pleasant, USA: 56-61. https://doi.org/10.1109/EIT51626.2021.9491884   [Google Scholar]
  38. Matyokurehwa K, Rudhumbu N, Gombiro C, and Chipfumbu‐Kangara C (2022). Enhanced social engineering framework mitigating against social engineering attacks in higher education. Security and Privacy, 5(5): e237. https://doi.org/10.1002/spy2.237   [Google Scholar]
  39. Mihretu AM, Mdumuka J, Shetto M, Rice OP, Iradukunda P, Chamisso TT, and Byiringiro Y (2023). Effective mitigation strategies for social engineering attacks in mobile money services: A case study in Kenya. In the IEEE AFRICON, IEEE, Nairobi, Kenya: 1-3. https://doi.org/10.1109/AFRICON55910.2023.10293606   [Google Scholar]
  40. Mohammed AHY, Dziyauddin RA, and Latiff LA (2023). Current multi-factor of authentication: Approaches, requirements, attacks and challenges. International Journal of Advanced Computer Science and Applications, 14(1): 166-178. https://doi.org/10.14569/IJACSA.2023.0140119   [Google Scholar]
  41. Montañez R, Golob E, and Xu S (2020). Human cognition through the lens of social engineering cyberattacks. Frontiers in Psychology, 11: 528099. https://doi.org/10.3389/fpsyg.2020.01755   [Google Scholar] PMid:33101096 PMCid:PMC7554349
  42. Neelakandan S and Paulraj D (2020). A gradient boosted decision tree-based sentiment classification of twitter data. International Journal of Wavelets, Multiresolution and Information Processing, 18(4): 2050027. https://doi.org/10.1142/S0219691320500277   [Google Scholar]
  43. Odemis M, Yucel C, and Koltuksuz A (2022). Detecting user behavior in cyber threat intelligence: Development of honeypsy system. Security and Communication Networks, 2022: 7620125. https://doi.org/10.1155/2022/7620125   [Google Scholar]
  44. Pandey AR, Sharma T, Basnet S, Kumar A, and Setia S (2022). An effective phishing site prediction using machine learning. In the International Conference on Computing, Communication, and Intelligent Systems (ICCCIS), IEEE, Greater Noida, India: 611-616. https://doi.org/10.1109/ICCCIS56430.2022.10037744   [Google Scholar] PMid:36006700 PMCid:PMC10152515
  45. Rastenis J, Ramanauskaitė S, Janulevičius J, Čenys A, Slotkienė A, and Pakrijauskas K (2020). E-mail-based phishing attack taxonomy. Applied Sciences, 10(7): 2363. https://doi.org/10.3390/app10072363   [Google Scholar]
  46. Sadqi Y and Maleh Y (2022). A systematic review and taxonomy of web applications threats. Information Security Journal: A Global Perspective, 31(1): 1-27. https://doi.org/10.1080/19393555.2020.1853855   [Google Scholar]
  47. Salahdine F and Kaabouch N (2019). Social engineering attacks: A survey. Future Internet, 11(4): 89. https://doi.org/10.3390/fi11040089   [Google Scholar]
  48. Sánchez-Paniagua M, Fernández EF, Alegre E, Al-Nabki W, and Gonzalez-Castro V (2022). Phishing URL detection: A real-case scenario through login URLs. IEEE Access, 10: 42949-42960. https://doi.org/10.1109/ACCESS.2022.3168681   [Google Scholar]
  49. Șandor A, Tont G, and Simion E (2022). A mathematical model for risk assessment of social engineering attacks. TEM Journal, 11(1): 334–338. https://doi.org/10.18421/TEM111-42   [Google Scholar]
  50. Saura JR, Ribeiro-Soriano D, and Palacios-Marqués D (2022). Evaluating security and privacy issues of social networks based information systems in Industry 4.0. Enterprise Information Systems, 16(10-11): 1694-1710. https://doi.org/10.1080/17517575.2021.1913765   [Google Scholar]
  51. Schneier B (2021). Invited talk: The coming AI hackers. In: Dolev S, Margalit O, Pinkas B, and Schwarzmann A (Eds.), Cyber security cryptography and machine learning: Lecture notes in computer science: 336-360. Volume 12716, Springer, Cham, Switzerland. https://doi.org/10.1007/978-3-030-78086-9_26   [Google Scholar]
  52. Shahrivari V, Darabi MM, and Izadi M (2020). Phishing detection using machine learning techniques. ArXiv Preprint ArXiv:2009.11116. https://doi.org/10.48550/arXiv.2009.11116   [Google Scholar]
  53. Sharma P, Dash B, and Ansari MF (2022). Anti-phishing techniques–A review of cyber defense mechanisms. International Journal of Advanced Research in Computer and Communication Engineering, 11(7): 153-160. https://doi.org/10.17148/IJARCCE.2022.11728   [Google Scholar]
  54. Siddiqi MA, Pak W, and Siddiqi MA (2022). A study on the psychology of social engineering-based cyberattacks and existing countermeasures. Applied Sciences, 12(12): 6042. https://doi.org/10.3390/app12126042   [Google Scholar]
  55. Sui Y, Wang X, Zheng K, Shi Y, and Cao S (2022). Personality privacy protection method of social users based on generative adversarial networks. Computational Intelligence and Neuroscience, 2022: 2419987. https://doi.org/10.1155/2022/2419987   [Google Scholar] PMid:35463264 PMCid:PMC9020900
  56. Syafitri W, Shukur Z, Asma’Mokhtar U, Sulaiman R, and Ibrahim MA (2022). Social engineering attacks prevention: A systematic literature review. IEEE Access, 10: 39325-39343. https://doi.org/10.1109/ACCESS.2022.3162594   [Google Scholar]
  57. Venkatesha S, Reddy KR, and Chandavarkar BR (2021). Social engineering attacks during the COVID-19 pandemic. SN Computer Science, 2: 78. https://doi.org/10.1007/s42979-020-00443-1   [Google Scholar] PMid:33585823 PMCid:PMC7866964
  58. Wang Z, Zhu H, and Sun L (2021). Social engineering in cybersecurity: Effect mechanisms, human vulnerabilities and attack methods. IEEE Access, 9: 11895-11910. https://doi.org/10.1109/ACCESS.2021.3051633   [Google Scholar]
  59. Weber K, Schütz AE, Fertig T, and Müller NH (2020). Exploiting the human factor: Social engineering attacks on cryptocurrency users. In: Zaphiris P and Ioannou A (Eds.), Learning and collaboration technologies: Human and technology ecosystems: 650-668. Springer International Publishing, New York, USA. https://doi.org/10.1007/978-3-030-50506-6_45   [Google Scholar]
  60. Weichbroth P and Łysik Ł (2020). Mobile security: Threats and best practices. Mobile Information Systems, 2020: 8828078. https://doi.org/10.1155/2020/8828078   [Google Scholar]
  61. Yasin A, Fatima R, Liu L, Yasin A, and Wang J (2019). Contemplating social engineering studies and attack scenarios: A review study. Security and Privacy, 2(4): e73. https://doi.org/10.1002/spy2.73   [Google Scholar]