Social engineering is an increasingly popular way to undermine information security, as it is often easier to exploit human weaknesses than network security or vulnerabilities. Taking certain precautions reduces the risk of falling victim to social engineering scams. The most famous social engineering attack dates back to the ancient Greek history of the deceptive Trojan horse that led to the fall of the city of Troy, where soldiers hid in a giant wooden horse presented to the Trojan army as a gift of peace. Typically, social engineering attackers have one of two goals: to develop a third-party risk management framework, a vendor management policy, and to conduct a cybersecurity risk assessment before hiring new vendors or continuing to use existing vendors. It`s much easier to prevent data breaches than to clean them up, especially after selling stolen data on the dark web. Look for software that can automate vendor risk management and continuously monitor and evaluate your vendors` cybersecurity assessment. The consequence of an attack is something that follows as a result or effect of a social engineering attack. The attacker sends it back to the target to decide if another attack is needed. The taxonomy of the consequence of the attack is similar to the taxonomy of the target, as shown in Fig. 13. Once the criminal has this email account under his control, he sends emails to all the person`s contacts or leaves messages on all the social pages of his friend and possibly on the pages of the friends of the person`s friend. Configure an information risk management program that includes security protocols, policies, and procedures that describe how to manage data security.

This form of social engineering often starts with access to an email account or other communication account on an instant messaging client, social network, chat, forum, etc. You can achieve this either through hacking, social engineering, or simply by guessing really weak passwords. Finally, after iterative review and validation, a social engineering domain ontology is developed. In addition to detecting an attack, you can also proactively take care of your privacy and security. Knowing how to prevent social engineering attacks is extremely important for all mobile and computer users. The cybercriminal aims to draw the user`s attention to the infected link or file and then get the user to click on it. Find out if your site is at risk of being compromised, click here for your free security report! Ontology is a term that comes from philosophy to describe the existence of beings in the world and has been adopted in the fields of computer science, semantic web, knowledge engineering, and artificial intelligence (AI), where an ontology provides a formal and explicit description of knowledge as a set of concepts in a field and the relationships between them (i.e., which entities are present in a field and how they are. linked). It defines a common vocabulary for researchers who need to share information and contains definitions of fundamental concepts in the field and their relationships (Noy and McGuinness 2001). In an ontology, semantic information and components such as concept, object, relationship, attribute, constraints, and axiom are coded or formally specified, making an ontology machine-readable and able to argue. In this way, ontology not only introduces a formal, explicit, divisible and reusable representation of knowledge, but can also add new knowledge about the field.

In the context of cybersecurity, social engineering describes a type of attack in which the attacker exploits human vulnerabilities (through influence, persuasion, deception, manipulation, and incitement) to violate security objectives (such as confidentiality, integrity, availability, controllability, and verifiability) of elements of cyberspace (such as infrastructure, data, resources, users, and operations). In short, social engineering is a type of attack in which the attacker exploits human vulnerability through social interactions to violate the security of cyberspace (Wang et al. 2020). Many peculiarities make social engineering a very popular attack in the hacker community and a serious, universal and ongoing threat to cybersecurity. 1) Compared to classic attacks such as brute force password cracking and software vulnerabilities, social engineering exploits human vulnerabilities to bypass or break through security barriers without having to fight with a firewall or antivirus software via deep coding. 2) For some attack scenarios, social engineering can be as simple as a phone call and impersonating an insider to obtain classified information. 3) Especially in recent decades, when defense has focused mainly on the digital realm, but neglects human factors when it comes to security. With the development of security technology, classic attacks are becoming more and more difficult and more and more attackers are turning to social engineering. 4) Human vulnerabilities seem inevitable, after all, there is no cyber system that does not rely on humans or integrate human factors on Earth, and these human factors are obviously vulnerable or can be largely turned into security vulnerabilities by experienced attackers. In addition, the threat of social engineering, as well as its evolution in new technical and cyber environments, is becoming increasingly serious. Social engineering not only receives large amounts of sensitive information about people, networks, and devices, but also more attack channels with the vast applications of social networking sites (SRS), the Internet of Things (IoT), the industrial internet, mobile communication, and wearable devices. And much of the above information is open source, making it easy to gather information for social engineering.