Skip to main content
SpringerLink
Log in

Defense Methods Against Social Engineering Attacks

  • Chapter
  • First Online:
Computer and Network Security Essentials

Abstract

In this chapter, multiple Social Engineering defense methods are comprehensively reviewed. Focus has been placed on examining data, which supports the hypothesis that security awareness is one of the key strengths one can develop, to assist themselves and others, in avoiding and countering increased Social Engineering attacks in this day and age. Various case studies have also been analyzed and evaluated, which demonstrates positive impact on the security outlook of employees, once continuous and sufficient security training is delivered. Evidences of effective counter-techniques have been gathered using a variety of sources, all of which can be employed by businesses and individuals to deter and prevent Social Engineering attacks from taking place.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mitnick, K. (2005). Art of intrusion C: The real stories behind the exploits of hackers, intruders and deceivers (1st ed.). Princeton: Wiley.

    Google Scholar 

  2. Erbschloe, M. (2004). Physical security for IT (1st ed.). Dorset: Digital Press.

    Google Scholar 

  3. Shoniregun, C. A. (2014). Impacts and risk assessment of Technology for Internet Security (Advances in Information Security) (1st ed.). New York: Springer.

    Google Scholar 

  4. The Chromium Projects. (Unknown). Sandbox FAQ. Available at: https://www.chromium.org/developers/design-documents/sandbox/Sandbox-FAQ. Accessed 11 July 2016.

  5. Mozilla Wiki. (Unknown). Security/Sandbox. Available at: https://wiki.mozilla.org/Security/Sandbox. Accessed 11 July 2016.

  6. Lu, L., Yegneswaran, V., Porras, P., & Lee, W. (2010). BLADE: An attack-agnostic approach for preventing drive-by malware infections. Available at: http://ants.iis.sinica.edu.tw/3bkmj9ltewxtsrrvnoknfdxrm3zfwrr/17/BLADE-ACM-CCS-2010.pdf. Accessed 11 July 2016.

  7. Stringhini, G., & Thonnard, O. (2015). That ain’t you: Blocking spearphishing through behavioral modelling. Available at: http://www0.cs.ucl.ac.uk/staff/G.Stringhini/papers/spearphishing-dimva2015.pdf. Accessed 11 July 2016.

  8. Mitnick, K., & Simon, W. (2002). The art of deception. Indianapolis: Wiley.

    Google Scholar 

  9. Heartfield, R., & Loukas, G. (2015). A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Computing Surveys, 48(3), 37.

    Article  Google Scholar 

  10. Suehring, S. (2015). Linux firewalls: Enhancing security with Nftables and beyond (4th ed.). Boston: Addison Wesley.

    Google Scholar 

  11. Navigant. (2014). Cyber security trends for 2014—Part 1. Available at: http://www.navigant.com/insights/hot-topics/technology-solutions-experts-corner/cyber-security-trends-2014-part-1/. Accessed 12 August 2016.

  12. Mendelsohn, T. (2016). More than half of UK firms have been hit by ransomware—Report. Available at: http://arstechnica.co.uk/security/2016/08/more-than-half-of-uk-firms-have-been-hit-by-ransomware-report/. Accessed 12 August 2016.

  13. Ashford, W. (2016). One in five businesses hit by ransomware are forced to close, study shows. Available at: http://www.computerweekly.com/news/450301845/One-in-five-businesses-hit-by-ransomware-are-forced-to-close-study-shows. Accessed 12 August 2016.

  14. Kohn, A. (2014). Brain science: The forgetting curve–the dirty secret of corporate training. Available at: http://www.learningsolutionsmag.com/articles/1379/brain-science-the-forgetting-curvethe-dirty-secret-of-corporate-training. Accessed 13 August 2016.

  15. Robling, G., & Muller, M. (2009). Social engineering: a serious underestimated problem. Available at: https://www.researchgate.net/publication/220807213_Social_engineering_a_serious_underestimated_problem. Accessed 13 August 2016.

    Google Scholar 

  16. Gragg, D. (2002). A multi-level defense against social engineering. Available at: https://www.sans.org/reading-room/whitepapers/engineering/multi-level-defense-social-engineering-920. Accessed 15 August 2016.

  17. Granger, S. (2002). Social engineering fundamentals, part II: Combat strategies. Available at: http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-ii-combat-strategies . Accessed 15 August 2016.

  18. Smith, M. (2006). The importance of employee awareness to information security. Available at: http://digital-library.theiet.org/content/conferences/10.1049/ic_20060320. Accessed 16 August 2016.

  19. Talib, S., Clarke, N. L., & Furnell, S. M. (2010). An analysis of information security awareness within home and work environments. Available at: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5438096&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2 Fabs _all.jsp%3Farnumber%3D5438096. Accessed 16 August 2016.

    Google Scholar 

  20. ENISA. (2010). The new users’ guide: How to raise information security awareness (EN). Available at: https://www.enisa.europa.eu/publications/archive/copy_of_new-users-guide. Accessed 16 August 2016.

    Google Scholar 

  21. Palmer, K., & McGoogan, C. (2016). TalkTalk loses 101,000 customers after hack. Available at: http://www.telegraph.co.uk/technology/2016/02/02/talktalk-loses-101000-customers-after-hack/. Accessed 17 August 2016.

  22. KnowBe4. (2016). CASE STUDY Financial Institution. Available at: https://cdn2.hubspot.net/hubfs/241394/Knowbe4-May2015-PDF/CaseStudy_Financials.pdf?t=1471185563903. Accessed 17 August 2016.

  23. Eminagaoglu, M., Ucar, E., & Eren, S. (2010). The positive outcomes of information security awareness training in companies e A case study. Available at: http://www.csb.uncw.edu/people/cummingsj/classes/mis534/articles/Ch5UserTraining.pdf. Accessed 17 August 2016.

  24. ISO. (2013). ISO/IEC 27001:2005. Available at: http://www.iso.org/iso/catalogue_detail?csnumber=42103. Accessed 17 August 2016.

  25. Wombat. (2016). Global manufacturing company reduces malware infections by 46%. Available at: https://info.wombatsecurity.com/hs-fs/hub/372792/file-2557238064-pdf/WombatSecurity_CaseStudy_Manufacturing_46PercentMalwareReduction_090815.pdf? submissionGuid=ffd67461-ca8b-4466-9d8b-a4ad57a5d9df. Accessed 18 August 2016.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Manchester Metropolitan University, Manchester, UK

    Jibran Saleem & Mohammad Hammoudeh

Authors
  1. Jibran Saleem
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad Hammoudeh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jibran Saleem .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, Michigan, USA

    Kevin Daimi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this chapter

Cite this chapter

Saleem, J., Hammoudeh, M. (2018). Defense Methods Against Social Engineering Attacks. In: Daimi, K. (eds) Computer and Network Security Essentials. Springer, Cham. https://doi.org/10.1007/978-3-319-58424-9_35

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-58424-9_35

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-58423-2

  • Online ISBN: 978-3-319-58424-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation