Abstract:

Social engineering attacks are possibly one of the most dangerous forms of security and privacy attacks since they are technically oriented to non-technical manipulation. There is much easier to exploit the weakest layer of information security systems, which is human factor, than discovering backdoors or breaking technological vulnerabilities. This paper surveys some manipulation techniques and explains why they are effective. Some identified attacks are described and explain why were successful. The absence of users thinking leads them to take impulsive actions and make bad decisions. That is why education, corrective actions through post-accident training and regular IT security exercises are so important. The research study assessed the phishing campaign carried out in one corporation and the results are presented. Despite the revealing signs of a social engineering campaign, the results indicated that a still high percentage of the users failed