Study goals
The general objectives of this article are: to show how people are deceived by the social engineer, what techniques are used, best-known social engineers, the attacker's goal and how to mitigate attacks to protect information. The specific objectives are: To show the social engineering attack cycle, the concept of data and information, the value of information for organizations and the value of information for social engineers, how Phishing, vishing, Smishing, dumpster diving attacks are carried out , Shoulder Surfing, tailgate, personal approach, telephone attacks, reverse social engineering, financial losses, security policy to mitigate these attacks, training, employee awareness etc.
Relevance / originality
The choice of the “social engineering” theme was because companies constantly need to protect their information and certainly need people to maintain confidentiality. Organizations need to be aware of the safety of their employees, that is, they need to take measures to mitigate the attack of social engineering.
Methodology / approach
The choice of the “social engineering” theme was because companies constantly need to protect their information and certainly need people to maintain confidentiality. Organizations need to be aware of the safety of their employees, that is, they need to take measures to mitigate the attack of social engineering.
Main results
Due to the facts mentioned in this article, one can have a sense of the preciousness of information for organizations, investments only in technical equipment do not yield positive results if the human side is ignored. Therefore, the social engineer aims to explore people's feelings with the help of specific techniques.
Theoretical / methodological contributions
When carrying out a study on the topic of social engineering, the authors corroborated the bibliographic review in order to expand knowledge on the topic.
Social / management contributions
Therefore, corporations that left confidential information with only one employee were more likely to suffer the attacks. It can be noted that the percentage of companies that prioritize the security of this asset is balanced, however, those who did not make the information security policy in conjunction with training and awareness about the dangers of social engineering very clear had very high financial losses.