IEEE Access (Jan 2025)
Social Engineering Analysis Framework: A Comprehensive Playbook for Human Hacking
Abstract
Social Engineering attacks are among the most exploited methods in today’s cybersecurity threat landscape. Despite the impact and the volume of such incidents, there is still a surprising lack of comprehensive tools or frameworks offering an in-depth insight into Social Engineering attacks. The paper delivers a handy yet comprehensive framework for the analysis of the Social Engineering tactics, techniques, and procedures (TTPs), distinguishing six major phases of the Social Engineering process, together with detailed TTPs linked with each of them. In the long-term, it may lead to devising better and more effective defense mechanisms against such attacks by providing an in-depth insight into the process and methods behind them. The outcome presents that framework in the form of a legible, transparent, and ready-to-use matrix, similar to the MITRE ATT&CK matrix. The paper also contains a cross-comparison between the proposed framework and the MITRE ATT&CK to underline the added value of the proposed approach. In order to demonstrate the practical usefulness of the approach proposed in this paper, after formulating the entire framework, we apply it to decompose and analyze in detail some real-life Social Engineering scenarios.
Keywords
