Skip to main content
Springer Nature Link
Log in

Overview of Social Engineering Protection and Prevention Methods

  • Conference paper
  • First Online:
Computer Security. ESORICS 2023 International Workshops (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14398))

Included in the following conference series:

  • 573 Accesses

Abstract

Recently, with the increasing use of social networks, services, and computers in general plus the enhanced capabilities of remote working, especially during quarantine periods due to Covid-19, social engineering attacks are a growing phenomenon. These attacks are, nowadays, the most common, since no matter how protected an information system is from security attacks, the weakest link is the human factor. As such, it is imperative to address and prevent such attacks. This paper reviews the most common social engineering attack prevention and protection methods and classifies them based on various criteria. Based on the analysis, it identifies the most effective methods in their protection degree, while it supplies some challenges to maximise such degree.

Supported by organization x.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Klimburg-Witjes, N., Wentland, A.: Hacking humans? Social engineering and the construction of the “deficient user’’ in cybersecurity discourses. Sci. Technol. Hum. Values 46, 1316–1339 (2021)

    Article  Google Scholar 

  2. Khalid, A., Nazir, M., Hussain, S., Asim, M.: A comprehensive review of social engineering attacks and defense mechanisms. J. Inf. Secur. (2016)

    Google Scholar 

  3. Heartfield, R., Loukas, G.: A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Comput. Surv. 48(3), 1–39 (2016). https://doi.org/10.1145/2835375

    Article  Google Scholar 

  4. Odeh, A.E.N.A., Eleyan, D.: A survey of social engineering attacks: detection and prevention tools (2021)

    Google Scholar 

  5. Aldawood, H., Skinner, G.: Reviewing cyber security social engineering training and awareness programs—pitfalls and ongoing issues. Fut. Internet 11(3), 73 (2019). https://doi.org/10.3390/fi11030073

    Article  Google Scholar 

  6. Greamo, C., Ghosh, A.: Sandboxing and virtualization: modern tools for combating malware. IEEE Secur. Priv. 9(2), 79–82 (2011)

    Article  Google Scholar 

  7. Ghafir, I., Prenosil, V., Svoboda, J., Hammoudeh, M.: A survey on network security monitoring systems, pp. 77–82, August 2016

    Google Scholar 

  8. Subha, T., Jayashri, S.: Efficient privacy preserving integrity checking model for cloud data storage security. In: 2016 Eighth International Conference on Advanced Computing (ICoAC), pp. 55–60 (2017)

    Google Scholar 

  9. Xue, M., Yuan, C., Wu, H., Zhang, Y., Liu, W.: Machine learning security: threats, countermeasures, and evaluations. IEEE Access 8, 74720–74742 (2020)

    Article  Google Scholar 

  10. Samakovitis, G., Petridis, M., Lansley, M., Polatidis, N., Kapetanakis, S., Amin, K.: Seen the villains: detecting social engineering attacks using case-based reasoning and deep learning, July 2019

    Google Scholar 

  11. Sedjelmaci, H., Senouci, S.-M., Ansari, N., Boualouache, A.: A trusted hybrid learning approach to secure edge computing. IEEE Consum. Electron. Mag. 11(3), 30–37 (2022)

    Article  Google Scholar 

  12. Krombholz, K., Hobel, H., Donko-Huber, M., Weippl, E.: Advanced social engineering attacks. J. Inf. Secur. Appl. 22, 10 (2014)

    Google Scholar 

  13. Peltier, T.R.: Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management (2001)

    Google Scholar 

  14. Frauenstein, E.D., von Solms, R.: An enterprise anti-phishing framework, March 2011

    Google Scholar 

  15. Kumaraguru, P.: PhishGuru: a system for educating users about semantic attacks, p. 199, April 2009

    Google Scholar 

  16. Arachchilage, N.A.G., Love, S., Scott, M.: Designing a mobile game to teach conceptual knowledge of avoiding ‘phishing attacks’. Int. J. e-Learn. Secur. 2(1), 127–132 (2012). https://doi.org/10.20533/ijels.2046.4568.2012.0016

    Article  Google Scholar 

  17. Lin, E., Greenberg, S., Trotter, E., Ma, D., Aycock, J.: Does domain highlighting help people identify phishing sites?, pp. 2075–2084, May 2011

    Google Scholar 

  18. Lee, J., Bauer, L., Mazurek, M.: Studying the effectiveness of security images in internet banking. IEEE Internet Comput. 13 (2015)

    Google Scholar 

  19. Kritzinger, E., von Solms, S.H.: Cyber security for home users: a new way of protection through awareness enforcement. Comput. Secur. 29(8), 840–847 (2010)

    Article  Google Scholar 

  20. Anderson, B., Kirwan, B., Jenkins, J., Eargle, D., Howard, S., Vance, A.: How polymorphic warnings reduce habituation in the brain: insights from an fMRI Study, pp. 2883–2892, April 2015

    Google Scholar 

  21. Barth, A., Reis, C.: The security architecture of the chromium browser (2009)

    Google Scholar 

  22. Mozilla Wiki-Security/Sandbox (2015)

    Google Scholar 

  23. The chromium projects-sandbox (2015)

    Google Scholar 

  24. Lu, L., Yegneswaran, V., Porras, P., Lee, W.: BLADE: an attack-agnostic approach for preventing drive-by malware infections, pp. 440–450, October 2010

    Google Scholar 

  25. Bianchi, A., Corbetta, J., Invernizzi, L., Fratantonio, Y., Kruegel, C., Vigna, G.: What the app is that? Deception and countermeasures in the android user interface, pp. 931–948, July 2015

    Google Scholar 

  26. Desmond, R.A.B., Richards, J., Lowe-Norris, A.G.: Active Directory, 5th edn. (2013)

    Google Scholar 

  27. Motiee, S., Hawkey, K., Beznosov, K.: Do windows users follow the principle of least privilege? Investigating user account control practices, July 2010

    Google Scholar 

  28. Salem, M.B., Stolfo, S.J.: Modeling user search behavior for masquerade detection. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 181–200. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23644-0_10

    Chapter  Google Scholar 

  29. Lu, L., Perdisci, R., Lee, W.: SURF: detecting and measuring search poisoning, pp. 467–476, October 2011

    Google Scholar 

  30. Li, Z., Alrwais, S., Xie, Y., Yu, F., Wang, X.: Finding the linchpins of the dark web: a study on topologically dedicated hosts on malicious web infrastructures, pp. 112–126, May 2013

    Google Scholar 

  31. Lee, S., Kim, J.: WARNINGBIRD: detecting suspicious URLs in Twitter stream, January 2012

    Google Scholar 

  32. Udzir, N., Samsudin, K.: Towards a dynamic file integrity monitor through a security classification. Int. J. New Comput. Archit. Appl. (IJNCAA) 3, 789–802 (2011)

    Google Scholar 

  33. Dhanalakshmi, R., Chellappan, C.: Detection and recognition of file masquerading for e-mail and data security. In: Meghanathan, N., Boumerdassi, S., Chaki, N., Nagamalai, D. (eds.) CNSA 2010. CCIS, vol. 89, pp. 253–262. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14478-3_26

    Chapter  Google Scholar 

  34. Hara, M., Yamada, A., Miyake, Y.: Visual similarity-based phishing detection without victim site information, pp. 30–36, May 2009

    Google Scholar 

  35. Bhardwaj, T., Sharma, T.K., Pandit, M.R.: Social engineering prevention by detecting malicious URLs using artificial bee colony algorithm. In: Pant, M., Deep, K., Nagar, A., Bansal, J.C. (eds.) Proceedings of the Third International Conference on Soft Computing for Problem Solving. AISC, vol. 258, pp. 355–363. Springer, New Delhi (2014). https://doi.org/10.1007/978-81-322-1771-8_31

    Chapter  Google Scholar 

  36. Singhal, P., Raul, N.: Malware detection module using machine learning algorithms to assist in centralized security in enterprise networks. Int. J. Netw. Secur. Appl. 4, 61–67 (2012)

    Google Scholar 

  37. Sandouka, H., Cullen, A., Mann, I.: Social engineering detection using neural networks, pp. 273–278, January 2009

    Google Scholar 

  38. Basnet, R., Mukkamala, S., Sung, A.H.: Detection of phishing attacks: a machine learning approach. In: Prasad, B. (eds.) Soft Computing Applications in Industry. Studies in Fuzziness and Soft Computing, vol. 226, pp. 373–383. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-77465-5_19

  39. Raskin, V., Rayz, J., Hempelmann, C.: Ontological semantic technology for detecting insider threat and social engineering. In: Proceedings New Security Paradigms Workshop, September 2010

    Google Scholar 

  40. Xiang, G., Hong, J., Rose, C.P., Cranor, L.: CANTINA+: a feature-rich machine learning framework for detecting phishing web sites. ACM Trans. Inf. Syst. Secur. 14(2), 1–28 (2011)

    Article  Google Scholar 

  41. Cova, M., Krügel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious JavaScript code, pp. 281–290, April 2010

    Google Scholar 

  42. Aggarwal, A., Rajadesingan, A., Kumaraguru, P.: PhishAri: automatic realtime phishing detection on Twitter. In: eCrime Researchers Summit, eCrime, January 2013

    Google Scholar 

  43. Stringhini, G., Thonnard, O.: That ain’t you: blocking spearphishing through behavioral modelling. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 78–97. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_5

    Chapter  Google Scholar 

  44. Basit, A., Zafar, M., Liu, X., Javed, A.R., Jalil, Z., Kifayat, K.: A comprehensive survey of AI-enabled phishing attacks detection techniques. Telecommun. Syst. 76(1), 139–154 (2020). https://doi.org/10.1007/s11235-020-00733-2

    Article  Google Scholar 

  45. Maurya, S., Jain, A.: Deep learning to combat phishing. J. Stat. Manag. Syst. 23, 07 (2020)

    Google Scholar 

  46. Subasi, A., Molah, E., Almkallawi, F., Chaudhery, T.J.: Intelligent phishing website detection using random forest classifier, pp. 1–5, November 2017

    Google Scholar 

  47. Abdelhamid, N., Thabtah, F., Abdel-jaber, H.: Phishing detection: a recent intelligent machine learning comparison based on models content and features, pp. 72–77, July 2017

    Google Scholar 

  48. Mao, J., et al.: Detecting phishing websites via aggregation analysis of page layouts. Procedia Comput. Sci. 129, 224–230 (2018)

    Article  Google Scholar 

  49. Lansley, M., Polatidis, N., Kapetanakis, S.: SEADer: a social engineering attack detection method based on natural language processing and artificial neural networks. In: Nguyen, N.T., Chbeir, R., Exposito, E., Aniorté, P., Trawiński, B. (eds.) ICCCI 2019. LNCS (LNAI), vol. 11683, pp. 686–696. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28377-3_57

    Chapter  Google Scholar 

  50. Begum, A., Badugu, S.: A study of malicious URL detection using machine learning and heuristic approaches. In: Satapathy, S.C., Raju, K.S., Shyamala, K., Krishna, D.R., Favorskaya, M.N. (eds.) Advances in Decision Sciences, Image Processing, Security and Computer Vision. LAIS, vol. 4, pp. 587–597. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-24318-0_68

    Chapter  Google Scholar 

  51. Chouhan, A.Y., Fatima, R., Liu, L., Yasin, A., Wang, J.: Contemplating social engineering studies and attack scenarios: a review study. Secur. Priv. 2, e73 (2019)

    Article  Google Scholar 

  52. Al-Hamar, Y., Kolivand, H., Tajdini, M., Saba, T., Ramachandran, V.: Enterprise credential spear-phishing attack detection. Comput. Electr. Eng. 94, 107363 (2021)

    Article  Google Scholar 

  53. Fatima, R., Chouhan, A.Y., Liu, L., Wang, J.: How persuasive is a phishing email? A phishing game for phishing awareness. J. Comput. Secur. 27, 1–32 (2019)

    Google Scholar 

  54. Chiew, K.L., Yong, K., Tan, C.C.L.: A survey of phishing attacks: their types, vectors and technical approaches. Exp. Syst. Appl. 106, 1–20 (2018)

    Article  Google Scholar 

  55. Yao, W., Ding, Y., Li, X.: LogoPhish: a new two-dimensional code phishing attack detection method, pp. 231–236, December 2018

    Google Scholar 

  56. Mao, J., et al.: Phishing page detection via learning classifiers from page layout feature. EURASIP J. Wirel. Commun. Netw. 2019, 43 (2019). https://doi.org/10.1186/s13638-019-1361-0

    Article  Google Scholar 

  57. Sahingoz, O., Buber, E., Demir, O., Diri, B.: Machine learning based phishing detection from URLs. Exp. Syst. Appl. 117, 345–357 (2019)

    Article  Google Scholar 

  58. Adebowale, M., Lwin, K., Sanchez, E., Hossain, A.: Intelligent web-phishing detection and protection scheme using integrated features of images, frames and text. Exp. Syst. Appl. 115, 300–313 (2018)

    Article  Google Scholar 

  59. Pandey, A., Gill, N., Sai Prasad Nadendla, K., Thaseen, I.S.: Identification of phishing attack in websites using random forest-SVM hybrid model. In: Abraham, A., Cherukuri, A.K., Melin, P., Gandhi, N. (eds.) ISDA 2018 2018. AISC, vol. 941, pp. 120–128. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-16660-1_12

    Chapter  Google Scholar 

  60. Niranjan, A., Haripriya, D.K., Pooja, R., Sarah, S., Deepa Shenoy, P., Venugopal, K.R.: EKRV: ensemble of kNN and random committee using voting for efficient classification of phishing. In: Pati, B., Panigrahi, C.R., Misra, S., Pujari, A.K., Bakshi, S. (eds.) Progress in Advanced Computing and Intelligent Engineering. AISC, vol. 713, pp. 403–414. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-1708-8_37

    Chapter  Google Scholar 

  61. Patil, V., Thakkar, P., Shah, C., Bhat, T., Godse, S.P.: Detection and prevention of phishing websites using machine learning approach, pp. 1–5, August 2018

    Google Scholar 

  62. Flowerday, S.: Information security policy development and implementation: a content analysis approach, July 2014

    Google Scholar 

  63. Lee, J., Bauer, L., Mazurek, M.L.: The effectiveness of security images in internet banking. IEEE Internet Comput. 19(1), 54–62 (2015)

    Article  Google Scholar 

  64. Heartfield, R., Loukas, G.: A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Comput. Surv. 48, 02 (2016)

    Article  Google Scholar 

  65. Rifat, N., Ahsan, M., Chowdhury, M., Gomes, R.: BERT against social engineering attack: phishing text detection, pp. 1–6, May 2022

    Google Scholar 

  66. Wang, Z., Ren, Y., Zhu, H., Sun, L.: Threat detection for general social engineering attack using machine learning techniques, March 2022

    Google Scholar 

  67. Arrieta, A.B., et al.: Explainable artificial intelligence (XAI): concepts, taxonomies, opportunities and challenges toward responsible AI. Inf. Fusion 58, 82–115 (2019)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information and Communication Systems Engineering, University of Aegean, Mytilene, Greece

    Konstantinos Kontogeorgopoulos & Kyriakos Kritikos

Authors
  1. Konstantinos Kontogeorgopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kyriakos Kritikos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Konstantinos Kontogeorgopoulos .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. Polytechnique Montréal, Montreal, QC, Canada

    Frédéric Cuppens

  3. Polytechnique Montréal, Montreal, QC, Canada

    Nora Cuppens-Boulahia

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. Télécom SudParis, Palaiseau, France

    Joaquin Garcia-Alfaro

  6. Universitat Autonoma de Barcelona, Bellaterra, Spain

    Guillermo Navarro-Arribas

  7. University of Murcia, Murcia, Spain

    Pantaleone Nespoli

  8. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  9. University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  10. Georgia Institute of Technology, Atlanta, GA, USA

    Annie Antón

  11. University of Piraeus, Piraeus, Greece

    Stefanos Gritzalis

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kontogeorgopoulos, K., Kritikos, K. (2024). Overview of Social Engineering Protection and Prevention Methods. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14398. Springer, Cham. https://doi.org/10.1007/978-3-031-54204-6_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54204-6_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54203-9

  • Online ISBN: 978-3-031-54204-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics