Social Engineering Analysis Framework: A Comprehensive Playbook for Human Hacking
Social Engineering attacks are among the most exploited methods in today’s cybersecurity threat landscape. Despite the impact and the volume of such incidents, there is still a surprising lack of comprehensive tools or frameworks offering an in-depth insight into Social Engineering attack...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10850908/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832576733285449728 |
|---|---|
| author | Wojciech Nowakowski |
| author_facet | Wojciech Nowakowski |
| author_sort | Wojciech Nowakowski |
| collection | DOAJ |
| description | Social Engineering attacks are among the most exploited methods in today’s cybersecurity threat landscape. Despite the impact and the volume of such incidents, there is still a surprising lack of comprehensive tools or frameworks offering an in-depth insight into Social Engineering attacks. The paper delivers a handy yet comprehensive framework for the analysis of the Social Engineering tactics, techniques, and procedures (TTPs), distinguishing six major phases of the Social Engineering process, together with detailed TTPs linked with each of them. In the long-term, it may lead to devising better and more effective defense mechanisms against such attacks by providing an in-depth insight into the process and methods behind them. The outcome presents that framework in the form of a legible, transparent, and ready-to-use matrix, similar to the MITRE ATT&CK matrix. The paper also contains a cross-comparison between the proposed framework and the MITRE ATT&CK to underline the added value of the proposed approach. In order to demonstrate the practical usefulness of the approach proposed in this paper, after formulating the entire framework, we apply it to decompose and analyze in detail some real-life Social Engineering scenarios. |
| format | Article |
| id | doaj-art-01d33abbdff3430883e279e98541af5e |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-01d33abbdff3430883e279e98541af5e2025-01-31T00:00:36ZengIEEEIEEE Access2169-35362025-01-0113188271884910.1109/ACCESS.2025.353299910850908Social Engineering Analysis Framework: A Comprehensive Playbook for Human HackingWojciech Nowakowski0https://orcid.org/0009-0004-7430-3255NASK-National Research Institute Warsaw, Warsaw, PolandSocial Engineering attacks are among the most exploited methods in today’s cybersecurity threat landscape. Despite the impact and the volume of such incidents, there is still a surprising lack of comprehensive tools or frameworks offering an in-depth insight into Social Engineering attacks. The paper delivers a handy yet comprehensive framework for the analysis of the Social Engineering tactics, techniques, and procedures (TTPs), distinguishing six major phases of the Social Engineering process, together with detailed TTPs linked with each of them. In the long-term, it may lead to devising better and more effective defense mechanisms against such attacks by providing an in-depth insight into the process and methods behind them. The outcome presents that framework in the form of a legible, transparent, and ready-to-use matrix, similar to the MITRE ATT&CK matrix. The paper also contains a cross-comparison between the proposed framework and the MITRE ATT&CK to underline the added value of the proposed approach. In order to demonstrate the practical usefulness of the approach proposed in this paper, after formulating the entire framework, we apply it to decompose and analyze in detail some real-life Social Engineering scenarios.https://ieeexplore.ieee.org/document/10850908/Social engineeringcybersecurityhuman factor in securitycybercrimecyber awareness |
| spellingShingle | Wojciech Nowakowski Social Engineering Analysis Framework: A Comprehensive Playbook for Human Hacking IEEE Access Social engineering cybersecurity human factor in security cybercrime cyber awareness |
| title | Social Engineering Analysis Framework: A Comprehensive Playbook for Human Hacking |
| title_full | Social Engineering Analysis Framework: A Comprehensive Playbook for Human Hacking |
| title_fullStr | Social Engineering Analysis Framework: A Comprehensive Playbook for Human Hacking |
| title_full_unstemmed | Social Engineering Analysis Framework: A Comprehensive Playbook for Human Hacking |
| title_short | Social Engineering Analysis Framework: A Comprehensive Playbook for Human Hacking |
| title_sort | social engineering analysis framework a comprehensive playbook for human hacking |
| topic | Social engineering cybersecurity human factor in security cybercrime cyber awareness |
| url | https://ieeexplore.ieee.org/document/10850908/ |
| work_keys_str_mv | AT wojciechnowakowski socialengineeringanalysisframeworkacomprehensiveplaybookforhumanhacking |