Social Engineering Attacks and Defenses in the Physical World vs. Cyberspace: A Contrast Study

TL;DR

This paper compares social engineering attacks in the physical world and cyberspace, proposing a unified framework based on psychological principles to better understand and defend against these threats.

Contribution

It introduces a systematic model and unified framework for analyzing social engineering attacks and defenses across both physical and digital domains.

Findings

Unified model based on psychological principles

Systematization of attacks and defenses

Insights for future cybersecurity research

Abstract

Social engineering attacks are phenomena that are equally applicable to both the physical world and cyberspace. These attacks in the physical world have been studied for a much longer time than their counterpart in cyberspace. This motivates us to investigate how social engineering attacks in the physical world and cyberspace relate to each other, including their common characteristics and unique features. For this purpose, we propose a methodology to unify social engineering attacks and defenses in the physical world and cyberspace into a single framework, including: (i) a systematic model based on psychological principles for describing these attacks; (ii) a systematization of these attacks; and (iii) a systematization of defenses against them. Our study leads to several insights, which shed light on future research directions towards adequately defending against social engineering attacks in cyberspace.