Gaining Access with Social Engineering: An Empirical Study of the Threat

Abstract

ABSTRACT Recently, research on information security has expanded from its purely technological orientation into striving to understand and explain the role of human behavior in security breaches. However, an area that has been lacking theory-grounded empirical study is in social engineering attacks. While there exists an extensive body of anecdotal literature, factors that account for attack success remains largely speculative. To better understand this increasing phenomenon, we developed a theoretical framework and conducted an empirical field study to investigate social engineering attacks, and from these results, we make recommendations for practice and further research.