Illusion of Presence: Physical Deception and Direct Manipulation in Social Engineering

Khan, Jibran Rasheed; Qureshi, Sumaira Mustafa; Siddiqui, Farhan Ahmed; Ali, Syed Asim

doi:10.2478/ias-2025-0008

Abstract

This paper proposes a novel taxonomy of physical social engineering attacks that require physical & direct interaction with the target. It addresses the classification challenge found in the literature, where approximately 35% of non-SEA cases are identified. This helps in understanding diverse methodologies employed by attackers. This paper presents a comprehensive state-of-the-art study of each attack’s concept, background, methodology, and impact on individuals or organisations, to estimate the severity of the attack. Also, social and psychological factors associated with attacks, such as trust, obedience, respect, and kindness, are exploited, which requires a critical need to enhance awareness and integrate psychology with security measures. This emphasises considering the human element in cybersecurity solutions and their understanding.

References

Z. Wang, L. Sun, and H. Zhu, “Defining Social Engineering in Cybersecurity,” IEEE Access, vol. 8, pp. 85094–85115, 2020, doi: 10.1109/ACCESS.2020.2992807.
Open DOI Search in Google Scholar Back to article
A. Ferreira, L. Coventry, and G. Lenzini, “Principles of persuasion in social engineering and their use in phishing,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 9190, no. May 2017, pp. 36–47, 2015, doi: 10.1007/978-3-319-20376-8_4.
Open DOI Search in Google Scholar Back to article
M. A. Siddiqi, W. Pak, and M. A. Siddiqi, “A Study on the Psychology of Social Engineering-Based Cyberattacks and Existing Countermeasures,” Appl. Sci., vol. 12, no. 12, 2022, doi: 10.3390/app12126042.
Open DOI Search in Google Scholar Back to article
G. Sarkar and S. K. Shukla, “Behavioral analysis of cybercrime: Paving the way for effective policing strategies,” J. Econ. Criminol., vol. 2, no. August, p. 100034, 2023, doi: 10.1016/j.jeconc.2023.100034.
Open DOI Search in Google Scholar Back to article
H. Taherdoost, “Analyzing Influential Psychological Factors in Social Engineering; Human Psyche and Cybersecurity,” Psychomachina, vol. 1, pp. 1–7, Feb. 2024, doi: 10.59388/pm00374.
Open DOI Search in Google Scholar Back to article
S. Kuraku, D. Kalla, N. Smith, and F. Samaah, “Exploring How User Behavior Shapes Cybersecurity Awareness in the Face of Phishing Attacks,” Int. J. Comput. Trends Technol., vol. 71, no. 11, pp. 74–79, 2023, [Online]. Available: https://doi.org/10.14445/22312803/IJCTT-V71I11P111
Search in Google Scholar Back to article
N. F. Khan, N. Ikram, S. Saleem, and S. Zafar, Cyber-security and risky behaviors in a developing country context: a Pakistani perspective, vol. 36, no. 2. Palgrave Macmillan UK, 2023. doi: 10.1057/s41284-022-00343-4.
Open DOI Search in Google Scholar Back to article
Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, “Phishing Attacks: A Recent Comprehensive Study and a New Anatomy,” Front. Comput. Sci., vol. 3, no. March, pp. 1–23, 2021, doi: 10.3389/fcomp.2021.563060.
Open DOI Search in Google Scholar Back to article
A. H. Washo, “An interdisciplinary view of social engineering: A call to action for research,” Comput. Hum. Behav. Reports, vol. 4, p. 100126, 2021, doi: 10.1016/j.chbr.2021.100126.
Open DOI Search in Google Scholar Back to article
A. Abzakh and A. Althunibat, “A Review: Human Factor and Cybersecurity,” IEEE Xplore, 2023, doi: 10.1109/ICIT58056.2023.10225828.
Open DOI Search in Google Scholar Back to article
G. Desolda, L. S. Ferro, A. Marrella, T. Catarci, and M. F. Costabile, “Human Factors in Phishing Attacks: A Systematic Literature Review,” ACM Comput. Surv., vol. 54, no. 8, 2022, doi: 10.1145/3469886.
Open DOI Search in Google Scholar Back to article
M. F. Arroyabe, C. F. A. Arranz, I. F. De Arroyabe, and J. C. F. de Arroyabe, “Revealing the realities of cybercrime in small and medium enterprises: Understanding fear and taxonomic perspectives,” Comput. Secur., vol. 141, no. February, p. 103826, 2024, doi: 10.1016/j.cose.2024.103826.
Open DOI Search in Google Scholar Back to article
W. Syafitri, Z. Shukur, U. A. Mokhtar, R. Sulaiman, and M. A. Ibrahim, “Social Engineering Attacks Prevention: A Systematic Literature Review,” IEEE Access, vol. 10, pp. 39325–39343, 2022, doi: 10.1109/ACCESS.2022.3162594.
Open DOI Search in Google Scholar Back to article
B. S. Almutairi and A. Alghamdi, “The Role of Social Engineering in Cybersecurity and Its Impact,” J. Inf. Secur., vol. 13, no. 04, pp. 363–379, 2022, doi: 10.4236/jis.2022.134020.
Open DOI Search in Google Scholar Back to article
R. F. Abu Hweidi and D. Eleyan, “Social Engineering Attack concepts, frameworks, and Awareness: A Systematic Literature Review,” Int. J. Comput. Digit. Syst., vol. 13, no. 1, pp. 691–700, 2023, doi: 10.12785/ijcds/130155.
Open DOI Search in Google Scholar Back to article
M. Dixon-Woods et al., “Conducting a critical interpretive synthesis of the literature on access to healthcare by vulnerable groups,” BMC Med. Res. Methodol., vol. 6, no. 1, p. 35, Dec. 2006, doi: 10.1186/1471-2288-6-35.
Open DOI Search in Google Scholar Back to article
M. Dixon-Woods et al., “How can systematic reviews incorporate qualitative research? A critical perspective,” Qual. Res., vol. 6, no. 1, pp. 27–44, Feb. 2006, doi: 10.1177/1468794106058867.
Open DOI Search in Google Scholar Back to article
E. Barnett-Page and J. Thomas, “Methods for the synthesis of qualitative research: a critical review,” BMC Med. Res. Methodol., vol. 9, no. 1, p. 59, Dec. 2009, doi: 10.1186/1471-2288-9-59.
Open DOI Search in Google Scholar Back to article
F. Salahdine and N. Kaabouch, “Social engineering attacks: A survey,” Futur. Internet, vol. 11, no. 4, 2019, doi: 10.3390/FI11040089.
Open DOI Search in Google Scholar Back to article
J. M. Hatfield, “Social engineering in cybersecurity: The evolution of a concept,” Comput. Secur., vol. 73, pp. 102–113, 2018, doi: 10.1016/j.cose.2017.10.008.
Open DOI Search in Google Scholar Back to article
B. B. Gupta, A. Tewari, A. K. Jain, and D. P. Agrawal, “Fighting against phishing attacks: state of the art and future challenges,” Neural Comput. Appl., vol. 28, no. 12, pp. 3629–3654, 2017, doi: 10.1007/s00521-016-2275-y.
Open DOI Search in Google Scholar Back to article
A. Smith, M. Papadaki, and S. M. Furnell, “Improving Awareness of Social Engineering Attacks,” in IFIP International Federation for Information Processing 2013, Springer, 2013, pp. 249–256.
Search in Google Scholar Back to article
Z. Wang, H. Zhu, and L. Sun, “Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods,” IEEE Access, vol. 9, pp. 11895–11910, 2021, doi: 10.1109/ACCESS.2021.3051633.
Open DOI Search in Google Scholar Back to article
B. Banire, D. Al Thani, and Y. Yang, “Investigating the experience of social engineering victims: Exploratory and user testing study,” Electron., vol. 10, no. 21, 2021, doi: 10.3390/electronics10212709.
Open DOI Search in Google Scholar Back to article
A. A. Dziwa, C. CISA, and C. CEH, “How Social Engineering Bypasses Technical Controls,” ISACA J., vol. 5, pp. 23–26, 2022, [Online]. Available: https://www.isaca.org/resources/isaca-journal/issues/2022/volume-5/how-social-engineering-bypasses-technical-controls
Search in Google Scholar Back to article
W. Fuertes et al., “Impact of Social Engineering Attacks: A Literature Review,” Smart Innov. Syst. Technol., vol. 255, no. September, pp. 25–35, 2022, doi: 10.1007/978-981-16-4884-7_3.
Open DOI Search in Google Scholar Back to article
P. Burda, L. Allodi, and N. Zannone, “Cognition in Social Engineering Empirical Research: A Systematic Literature Review,” ACM Trans. Comput. Interact., vol. 31, no. 2, 2024, doi: 10.1145/3635149.
Open DOI Search in Google Scholar Back to article
A. Maraj and W. Butler, “Taxonomy of Social Engineering Attacks: A Survey of Trends and Future Directions,” in International Conference on Cyber Warfare and Security, Mar. 2022, pp. 185–193. doi: 10.34190/iccws.17.1.40.
Open DOI Search in Google Scholar Back to article
H. Aldawood and G. Skinner, “Challenges of implementing training and awareness programs targeting cyber security social engineering,” in Proceedings - 2019 Cybersecurity and Cyberforensics Conference, CCC 2019, 2019, pp. 111–117. doi: 10.1109/CCC.2019.00004.
Open DOI Search in Google Scholar Back to article
H. Aldawood and G. Skinner, “An Advanced Taxonomy for Social Engineering Attacks,” Int. J. Comput. Appl., vol. 177, no. 30, pp. 1–11, 2020, doi: 10.5120/ijca2020919744.
Open DOI Search in Google Scholar Back to article
N. Y. Conteh and P. J. Schmick, “Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks,” Int. J. Adv. Comput. Res., vol. 6, no. 23, pp. 31–38, Feb. 2016, doi: 10.19101/IJACR.2016.623006.
Open DOI Search in Google Scholar Back to article
V. Ambika, N. Shashank, T. Kayargo, and P. Pruthvi, “A Review Article on Impact of Social Engineering Attacks against Security of IoT,” Turkish Online J. Qual. Inq., vol. 12, no. 7, pp. 13552–13560, 2021, [Online]. Available: https://www.tojqi.net/index.php/journal/article/view/6882
Search in Google Scholar Back to article
A. Naz, M. Sarwar, M. Kaleem, M. A. Mushtaq, and S. Rashid, “A comprehensive survey on social engineering-based attacks on social networks,” Int. J. Adv. Appl. Sci., vol. 11, no. 4, pp. 139–154, 2024, doi: 10.21833/ijaas.2024.04.016.
Open DOI Search in Google Scholar Back to article
A. A. Nugraha et al., “Social Engineering Awareness : A Social Science Approach to Cybersecurity Education,” in The 3rd International Conference on Education Innovation and Social Science, 2024, pp. 376–386.
Search in Google Scholar Back to article
K. L. Chiew, K. S. C. Yong, and C. L. Tan, “A survey of phishing attacks: Their types, vectors and technical approaches,” Expert Syst. Appl., vol. 106, pp. 1–20, 2018, doi: 10.1016/j.eswa.2018.03.050.
Open DOI Search in Google Scholar Back to article
H. Aldawood and G. Skinner, “A Taxonomy for Social Engineering Attacks via Personal Devices,” Int. J. Comput. Appl., vol. 178, no. 50, pp. 19–26, 2019, doi: 10.5120/ijca2019919411.
Open DOI Search in Google Scholar Back to article
R. Alabdan, “Phishing attacks survey: Types, vectors, and technical approaches,” Futur. Internet, vol. 12, no. 10, pp. 1–39, 2020, doi: 10.3390/fi12100168.
Open DOI Search in Google Scholar Back to article
S. K. Birthriya, P. Ahlawat, and A. K. Jain, “A Comprehensive Survey of Social Engineering Attacks: Taxonomy of Attacks, Prevention, and Mitigation Strategies,” J. Appl. Secur. Res., vol. 0, no. 0, pp. 1–49, Jul. 2024, doi: 10.1080/19361610.2024.2372986.
Open DOI Search in Google Scholar Back to article
A. K. Jain and B. B. Gupta, “A survey of phishing attack techniques, defence mechanisms and open research challenges,” Enterp. Inf. Syst., vol. 16, no. 4, pp. 527–565, 2022, doi: 10.1080/17517575.2021.1896786.
Open DOI Search in Google Scholar Back to article
B. Atkins and W. Huang, “A Study of Social Engineering in Online Frauds,” Open J. Soc. Sci., vol. 01, no. 03, pp. 23–32, 2013, doi: 10.4236/jss.2013.13004.
Open DOI Search in Google Scholar Back to article
D. Alharthi and A. Regan, “A Literature Survey and Analysis on Social Engineering Defense Mechanisms and Infosec Policies,” Int. J. Netw. Secur. Its Appl., vol. 13, no. 2, pp. 41–61, Mar. 2021, doi: 10.5121/ijnsa.2021.13204.
Open DOI Search in Google Scholar Back to article
K. Krombholz, H. Hobel, M. Huber, and E. Weippl, “Advanced social engineering attacks,” J. Inf. Secur. Appl., vol. 22, pp. 113–122, Jun. 2015, doi: 10.1016/j.jisa.2014.09.005.
Open DOI Search in Google Scholar Back to article
C. Sekhar Bhusal, “Systematic Review on Social Engineering: Hacking by Manipulating Humans,” J. Inf. Secur., vol. 12, no. 01, pp. 104–114, 2021, doi: 10.4236/jis.2021.121005.
Open DOI Search in Google Scholar Back to article
Z. Wang, H. Zhu, P. Liu, and L. Sun, “Social engineering in cybersecurity: a domain ontology and knowledge graph application examples,” Cybersecurity, vol. 4, no. 1, 2021, doi: 10.1186/s42400-021-00094-6.
Open DOI Search in Google Scholar Back to article
J.-W. Bullée and M. Junger, “Social Engineering,” in The Palgrave Handbook of International Cybercrime and Cyberdeviance, no. October, Cham: Springer International Publishing, 2019, pp. 1–28. doi: 10.1007/978-3-319-90307-1_38-1.
Open DOI Search in Google Scholar Back to article
B. Azizbek Zoxid ugli, “The Impact of Social Engineering on Cybercrime: Psychological Manipulation and Prevention Methods,” Int. J. Cyber Law, p. 5, 2023, [Online]. Available: https://irshadjournals.com/index. php/ijcl/article/view/52/38
Search in Google Scholar Back to article
K. Chetioui, B. Bah, A. O. Alami, and A. Bahnasse, “Overview of Social Engineering Attacks on Social Networks,” Procedia Comput. Sci., vol. 198, no. 2021, pp. 656–661, 2021, doi: 10.1016/j.procs.2021.12.302.
Open DOI Search in Google Scholar Back to article
M. Zaoui, B. Yousra, S. Yassine, M. Yassine, and O. Karim, “A Comprehensive Taxonomy of Social Engineering Attacks and Defense Mechanisms: Toward Effective Mitigation Strategies,” IEEE Access, vol. 12, no. May, pp. 72224–72241, 2024, doi: 10.1109/ACCESS.2024.3403197.
Open DOI Search in Google Scholar Back to article
T. Rathod, N. K. Jadav, S. Tanwar, A. Alabdulatif, D. Garg, and A. Singh, “A comprehensive survey on social engineering attacks, countermeasures, case study, and research challenges,” Inf. Process. Manag., vol. 62, no. 1, p. 103928, 2025, doi: 10.1016/j.ipm.2024.103928.
Open DOI Search in Google Scholar Back to article
T. Grassegger and D. Nedbal, “The role of employees’ information security awareness on the intention to resist social engineering,” Procedia Comput. Sci., vol. 181, no. 2019, pp. 59–66, 2021, doi: 10.1016/j.procs.2021.01.103.
Open DOI Search in Google Scholar Back to article
N. Duarte, N. Coelho, and T. Guarda, “Social Engineering: The Art of Attacks,” Commun. Comput. Inf. Sci., vol. 1485 CCIS, pp. 474–483, 2021, doi: 10.1007/978-3-030-90241-4_36.
Open DOI Search in Google Scholar Back to article
R. Montañez, A. Atyabi, and S. Xu, “Social engineering attacks and defenses in the physical world vs. cyberspace: A contrast study,” in Cybersecurity and Cognitive Science, Elsevier, 2022, pp. 3–41. doi: 10.1016/B978-0-323-90570-1.00012-7.
Open DOI Search in Google Scholar Back to article
A. Lopes, H. S. Mamede, L. Reis, and A. Santos, “Common Techniques, Success Attack Factors and Obstacles to Social Engineering: A Systematic Literature Review,” Emerg. Sci. J., vol. 8, no. 2, pp. 761–794, 2024, doi: 10.28991/ESJ-2024-08-02-025.
Open DOI Search in Google Scholar Back to article
M. Hasan, “Common Cybersecurity Vulnerabilities: Software Bugs, Weak Passwords, Misconfigurations, Social Engineering,” Glob. Mainstream J. Innov. Eng. Emerg. Technol., vol. 03, no. 04, pp. 42–57, 2024, doi: 10.62304/jieet.v3i4.193.
Open DOI Search in Google Scholar Back to article
Y. Kano and T. Nakajima, “Trust factors of social engineering attacks on social networking services,” LifeTech 2021 - 2021 IEEE 3rd Glob. Conf. Life Sci. Technol., no. LifeTech, pp. 25–28, 2021, doi: 10.1109/LifeTech52111.2021.9391929.
Open DOI Search in Google Scholar Back to article
B. Stilwell, “The worst cyber attack in DoD history came from a USB drive found in a parking lot,” wearethemighty. Accessed: Feb. 20, 2025. [Online]. Available: https://www.wearethemighty.com/mighty-history/worst-cyber-attack-usb/
Search in Google Scholar Back to article
N. Shachtman, “Under Worm Assault, Military Bans Disks, USB Drives,” Wired.com. Accessed: Feb. 20, 2025. [Online]. Available: https://www.wired.com/2008/11/army-bans-usb-d/
Search in Google Scholar Back to article
A. Moscaritolo, “Military’s ban of USB thumb drives highlights security risks,” scworld.com. Accessed: Feb. 18, 2025. [Online]. Available: https://www.scworld.com/news/militarys-ban-of-usb-thumb-drives-highlights-security-risks
Search in Google Scholar Back to article
M. Tischer et al., “Users Really Do Plug in USB Drives They Find,” in 2016 IEEE Symposium on Security and Privacy (SP), IEEE, May 2016, pp. 306–319. doi: 10.1109/SP.2016.26.
Open DOI Search in Google Scholar Back to article
Robert Abel, “Luxury hackers crack Bimmers and Benzes, a tale of BMW’s bugs and Mercedes-Benz thugs,” scworld.com. Accessed: Feb. 15, 2025. [Online]. Available: https://www.scworld.com/news/luxury-hackers-crack-bimmers-and-benzes-a-tale-of-bmws-bugs-and-mercedes-benz-thugs
Search in Google Scholar Back to article
I. A. M. Abass, “Social Engineering Threat and Defense: A Literature Survey,” J. Inf. Secur., vol. 09, no. 04, pp. 257–264, 2018, doi: 10.4236/jis.2018.94018.
Open DOI Search in Google Scholar Back to article
T. Mashiane and E. Kritzinger, “Cybersecurity Behaviour: A Conceptual Taxonomy,” in 12th IFIP International Conference on Information Security Theory and Practice (WISTP), Brussels, Belgium, 2019, pp. 147–156. doi: 10.1007/978-3-030-20074-9_11.
Open DOI Search in Google Scholar Back to article
M. R. Arabia-Obedoza, G. Rodriguez, A. Johnston, F. Salahdine, and N. Kaabouch, “Social Engineering Attacks A Reconnaissance Synthesis Analysis,” in 2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), IEEE, Oct. 2020, pp. 0843–0848. doi: 10.1109/UEMCON51285.2020.9298100.
Open DOI Search in Google Scholar Back to article
M. Hijji and G. Alam, “A Multivocal Literature Review on Growing Social Engineering Based Cyber-Attacks/Threats During the COVID-19 Pandemic: Challenges and Prospective Solutions,” IEEE Access, vol. 9, pp. 7152–7169, 2021, doi: 10.1109/ACCESS.2020.3048839.
Open DOI Search in Google Scholar Back to article
N. A. Odeh, D. Eleyan, and A. Eleyan, “A Survey of Social Engineering Attacks :,” J. Theor. Appl. Inf. Technol., vol. 99, no. 18, 2021.
Search in Google Scholar Back to article
N. Mashtalyar, U. N. Ntaganzwa, T. Santos, S. Hakak, and S. Ray, “Social Engineering Attacks: Recent Advances and Challenges,” in HCI for Cybersecurity, Privacy and Trust (HCII 2021), 2021, pp. 417–431. doi: 10.1007/978-3-030-77392-2_27.
Open DOI Search in Google Scholar Back to article

Illusion of Presence: Physical Deception and Direct Manipulation in Social Engineering

Abstract

Paradigm

My account