An overview of social engineering malware: Trends, tactics, and implications

Social engineering continues to be an increasing attack vector for the propagation of malicious programs. For this article, we collected data on malware incidents and highlighted the prevalence and longevity of social engineering malware. We developed a framework that shows the steps social engineering malware executes to be successful. To explain its pervasiveness and persistence, we discuss some common avenues through which such attacks occur. The attack vector is a combination of psychological and technical ploys, which includes luring a computer user to execute the malware, and combating any existing technical countermeasures. We describe some of the prevalent psychological ploys and technical countermeasures used by social engineering malware. We show how the techniques used by purveyors of such malware have evolved to circumvent existing countermeasures. The implications of our analyses lead us to emphasize (1) the importance for organizations to plan a comprehensive information security program, and (2) the shared social responsibility required to combat social engineering malware.