Sekundarni povzetek: |
Social engineering, in which an internet user is manipulated so that their private information can be obtained and misused, is a serious threat in the cyber environment. As human beings are of a trusting nature, they are an easier target for the disclosure of private information, and social engineers are also becoming increasingly professional. Before the attack, they extensively study their victim, and they are skilled in psychological manipulation, communication, recognition of emotions and behaviour, and therefore they easily gain the trust of their victim. Internet users and businesses suffer a lot of damage due to social engineering, with attacked businesses losing an average of US$130,000 due to destroyed data and other abuses. The over 90% rate of presence of social engineering in the cyber environment is alarming. Its effectiveness can be attributed to the simplicity of methods, the professionalisation of social engineers, the development of digitisation and also the emergence of artificial intelligence. Among the 34 discussed cases of social engineering globally, the most high-profile and financially largest case is the attack on Google and Facebook between 2013 and 2015, the value of which is estimated at a record US$121 million. The most frequent form of attack by social engineers, both globally and in Slovenia, is phishing, in which the victim is deceived by phone calls, e-mails, fake websites or advertisements that are used to obtain their sensitive and confidential information, such as credit card information, insurance, full name, address, etc. Due to the complexity of the performed attacks and the combination of several forms of attacks, defending against social engineering is not easy, but it is possible to focus on prevention by strengthening precautionary behaviour. It is necessary to strengthen the consciousness and awareness of internet users about social engineering and establish reliable security policies in companies. |