Understanding Social Engineering and Phishing Attacks: An In-Depth Analysis
Chapter from the book: Çevik Tekin, İ. (ed.) 2023. Management Information Systems: Digital Transformation Management in Businesses.

Yasin Emül
Gebze Technical University
Ceren Çubukçu Çerasi
Gebze Technical University

Synopsis

Social engineering and phishing attacks represent a formidable threat in today's digital environment, exploiting human psychology to exploit vulnerabilities and gain unauthorized access to sensitive information. This comprehensive paper explores the intricacies of these deceptive practices, shedding light on the tactics used, the legal and ethical implications, and the safeguards necessary to mitigate their impact. It begins by distinguishing between hackers and social engineers and explains the different approaches they use in their attempts to breach security systems. Careful examination of the common characteristics exhibited by victims of social engineering helps to uncover the vulnerabilities that malicious actors exploit, ultimately leading to successful attacks. Social engineering includes various attacks such as pretexting, baiting, stalking and others. By analyzing the social engineering attack cycle, the article describes the systematic process by which attackers identify targets, gather information, and implement their fraudulent plans. Central to the effectiveness of social engineering are the manipulation tactics used by malicious actors. The paper provides information on the most common strategies used to deceive targets, ranging from abuse of authority to emotional manipulation. Phishing attacks, a common subset of social engineering, deserve special attention. This paper examines various phishing attacks and explores their negative impact on both individuals and organizations. Addressing the urgent need for protection against social engineering, this paper outlines measures that can be implemented at both the individual and organizational level. Education and awareness initiatives emerge as important factors in empowering individuals to recognize and resist manipulation attempts. In conclusion, this paper underscores the imperative of constant awareness, education, and vigilance in the face of ever-evolving social engineering and phishing threats. By empowering individuals and institutions with knowledge and practical defense mechanisms, cyber defenses can be collectively strengthened, ensuring a safer digital environment for all.

How to cite this book

Emül, Y. & Çubukçu Çerasi, C. (2023). Understanding Social Engineering and Phishing Attacks: An In-Depth Analysis. In: Çevik Tekin, İ. (ed.), Management Information Systems: Digital Transformation Management in Businesses. Özgür Publications. DOI: https://doi.org/10.58830/ozgur.pub137.c1385

License

Published

October 23, 2023

DOI