Dissecting Social Engineering Attacks Through the Lenses of Cognition.

In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW 2021), 2021

Abstract

In this paper we present, showcase, and analize a novel framework to dissect Social Engineering (SE) attacks. The framework is based on extant theories in the cognitive sciences, and is meant as an instrument for researchers and practitioners alike to structure and analyze SE attacks of varying sophistication, isolating specific features and their effects at the cognitive level, and providing a common structure for comparisons across different attacks. We showcase the framework against attacks reproduced in the academic literature as well as against real (highly-targeted) SE attacks reported in the wild, isolating and relating effects and techniques adopted by the attackers to the target’s cognitive process. We discuss implications for research and practice of the proposed framework.

URL: https://doi.org/10.1109/EuroSPW54576.2021.00024