Approaches to classifying social engineering attacks

Abstract

The purpose of this article is to develop a classification of social engineering attacks that considers the specifics of the attack and its stages. The study of approaches to the classification of social engineering attacks available in the literature made it possible to cover the identified types of attacks and identify intersections and gaps in existing classifications. The developed approach to classification allows us to identify various types of attacks that consider the phasing and complexity of the impact. The introduction of pretexting at the preparation stage allows us to distinguish between targeted and non-targeted attacks, which, in combination with the selected means of contact with the victim, provide a range of different types of attacks. The presented classification of social engineering attacks creates a basis for building probabilistic models for assessing user security and the success of the attack. The chosen approach to classification, associated with the stages of the attack, allows us to model the process and predict its results. The results of this study will be of interest to specialists in the field of personnel management, training, information security, information technology, artificial intelligence; managers, business owners, heads of state and municipal departments.