Social Engineering Threats Towards Non-IT Students : A Case Study on Mitigation Strategies

Abstract: Social engineering has been an extremely serious security threat for several years, and the number of social engineering attacks that have been executed, the majority of which have been successful, has been steadily increasing in rapid succession. This increase can be attributed to numerous factors, such as a general increase in the accessibility and affordability of networking services and sites. Furthermore, the COVID-19 pandemic has also led to an increase in the number of attacks that have been executed and has also contributed to social engineering attacks becoming more successful than ever, due to the fear and anxiety that has been become a prevalent issue due to the pandemic. While social engineering is still a detrimental issue to cyber security infrastructure and corporations everywhere no one solution can be implemented, either through the use of hardware or software, that can prevent social engineering attacks from occurring. In order to aid everyday users in gaining a better understanding and to inform them about social engineering, a set of research questions are proposed, where we seek to highlight modern social engineering attacks, present both scientific and practical defence strategies and determine how aware non-IT students are about social engineering attacks. To answer these questions, a literature survey is performed along with a case study, where we seek to gain a deeper insight into the understanding and awareness that both non-IT students and IT experts have about social engineering attacks, techniques and defense strategies. The results of this research project demonstrated that there are a number of practical solutions offered in both state-of-the-art and state-of-the-practice literature that can be used to counter various social engineering attack methods. Additionally, it seems that IT-experts seem to implement some form of these prevention methods in real life. Additionally, the study shows that generally, non-IT students are quite aware about social engineering attacks, but could still benefit from learning about the different mitigation strategies that are available.