Protection against attacks using social engineering tools and methods

Objective.  In the modern world, innovative technologies are actively developing, communications are moving into the Internet space. Nevertheless, new technologies turned out to be in demand in the segment of organizations, individuals, cyber fraudsters and hackers. The purpose of the study is to analyze the essence and structure of modern social engineering, including reverse social engineering in the context of the digitalization of society.

Method. Adapting the study to the current moment, it is clarified that technologies, developments and manipulative sociological tactics are picked up not just by hackers, but also by followers of radical ideas.

Result. The optimal definition of the term "social engineering" is proposed - the identification and exploitation of incompetence, insufficient professional level or negligence of employees of an organization or individuals to obtain unauthorized access to confidential data; a set of technologies based on the use of the psychological specifics of a person.

Conclusion. The novelty of the study lies in an in-depth study of the classification of types of attacks using social engineering methods and recommendations for countering and preventing them. 

1. Criminal Code of the Russian Federation dated 13.06.1996 n c 63-FZ (ed. dated 24.09.2022) // Electronic legal base "ConsultantPlus". – URL: http://www.consultant.ru/document/cons_doc_LAW_10699/ (accessed 18.10.2020).

2. Carroll E. Izard. Psychology of emotions. St. Petersburg:Peter. 1999; 357.

3. Laminina O.G. Possibilities of social engineering in information technologies. Humanities and social sciences. 2019; 2: 8-14.

4. Sozaev S.S., Kunashev D.A. Social engineering, its techniques and methods of its counteraction. Bulletin of Science. 2020; 1( 2(23): 85-88.

5. Stanislav Kuznetsov: an undeclared cyber war is being waged against Russia. S. Kuznetsov. RIA Novosti. 08.10.2022. – URL: https://ria.ru/20220418/kuznetsov-1784035779.html (accessed 16.10.2022).

6. Stetsenko Yu.A., Kholodkovskaya N.S. Fraud on the Internet / Yu.A. Stetsenko, N.S. Kholodkovskaya. Bulletin of the Taganrog Institute named after A.P. Chekhov. 2021; 4: 75-80.

7. V.V. Suvorova, L.A. Suvorova. Committing crimes using social engineering: problem statement. Theory and practice of priority scientific research: a collection of scientific papers based on materials from the VIII International Scientific and Practical Conference. Izd. MNITS "Naukosphere", 2019; 71-74.

8. Teplyakov S.P., Timokhovich A.S. Social engineering. Analysis and methods of protection. Academy. 2018; 11: 26-27.

9. Titkova E.V. Methods of initiating attacks with the use of engineering methods. Actual problems of aviation and cosmonautics. 2020; 2: 248-250.

10. Chebotareva S.S. The use of a socio-engineering approach in the dissemination and prevention of radical ideas Review. NCPTI. 2020; (21): 57-66.

11. Cialdini Robert B. Psychology of influence. St. Petersburg: Publishing house "Peter", 2016; 389.

12. Yangaeva M.O. Social engineering as a way of committing cybercrimes / M.O. Yangaeva. Bulletin of the Siberian Law Institute of the Ministry of Internal Affairs of Russia. 2021; 1(42): 133-138.

13. Hadnaghi Ch., Wilson P. Social engineering: the art of hacking people. Indianapolis: Wiley Publishing, Inc., 2020; 416.

14. How to avoid an attack using social engineering. Kaspersky Lab official website. – URL: https://www.kaspersky.ru/resourcecenter/threats/how-to-avoid-social-engineering-attacks (accessed 10.10.2022).

15. Report on cybercrime "Report on crimes on the Internet for 2019" // Federal Bureau of Investigation. – URL: https://www.ic3.gov/Media/PDF/AnnualReport/2019_IC3Report.pdf (accessed 14.10.2022).

16. The official website of the daily business newspaper RBC. – URL: https://www.rbc.ru/technology_and_media/17/04/2020/5e988cc29a7947ff6c7b4e6ePROSBERBANK (publication date: 10/18/2022).

17. Popper K.R. Open Society and its enemies / K.R. Popper. – Moscow: Prospect, 1992. URL: https://gtmarket.ru/laboratory/basis/3912/3913 (accessed: 09/20/2022).

18. Social engineering — how not to become a victim. URL: https://efsol . ru/articles/social-engineering.html (date of appeal: 06.05.2020).

19. Lithuanian Sentenced To 5 Years In Prison For Stealing More Than $ 120 Million In A Fraudulent Scheme Of Compromising Business Email. United States Department Of Justice. URL: https://www.justice.gov/usao-sdny/pr/lithuanian-mansentenced-5-years-prison-theft-over-120-million-fraudulent-business (accessed 09.10.2022).

20. Rating of mobile banking for business. Markswebb. URL: https://markswebb.ru/upload/iblock/255/2559c9b9ebc370b64a380c0af5135062.pdf (accessed 18.10.2022).

21. Krombholz K., Hobel H., Huber M., Weippl E. Advanced attacks of social engineering // Journal of Information Security and Applications. 2015;22:113-122. URL: https://doi.org/10.1016/j.jisa.2014.09.005 (accessed 20.10.2022).

22. Safa N.S., von Solms R., Futcher L. Human aspects of information security in organizations. Computer fraud and security. 2016; 2: 15-18. URL: https://doi.org/10.1016/S1361-3723 (16)30017-3 (accessed 18.10.2022).

23. Diverse arsenal of social engineering: types of attacks and ways to prevent them / Expert 1shaman // HABR. Blog of the company FirstVDS Information security. – URL: https://habr.com/ru/company/first/blog/670766/ (accessed 10.10.2022).