SOCIAL ENGINEERING ATTACKS MODELS

Abstract

With the development of modern technologies, the Internet has become the key to the exchange of various information and communications. As a result, such an evolution has brought decentralized access to data and information through file sharing through platforms, in particular such as social networks, which are generally not sufficiently secure.

The article is devoted to the study of social engineering attack models that use both psychological features of human behavior and technical vulnerabilities of information systems. The authors integrate approaches from psychology, sociology, and cyber security, which allows for a deeper understanding of the nature of these attacks and the development of more effective means of preventing them.

The article describes key forms of social engineering attacks, including phishing, vishing, and other methods that manipulate trust and elicit emotional responses from victims. Considerable attention is paid to the analysis of the main attack vectors, the specificity of target characteristics and psychological triggers that attackers use to achieve their goals.

The proposed attack models cover the entire life cycle of attacking actions - from the stage of initial reconnaissance and gathering information about the victim to the implementation of manipulation methods and further analysis of the results after the attack. In addition, the models take into account behavioral and psychological aspects such as the effect of authority, fear, urgency and other factors that allow attackers to successfully manipulate victims. The article examines the influence of these factors on the ability of organizations to recognize and neutralize threats at various stages of their life cycle.

The results of the study are intended to improve the accuracy of attack prediction, contribute to the improvement of training programs for employees, increase the level of awareness of the risks of social engineering and strengthen the overall level of information security.

The authors offer recommendations for creating policies and protection tools that can significantly reduce the impact of social engineering attacks on organizations and individuals.