Social Engineering Attacks and the Human Factor in Cybersecurity

Authors

  • Jasmeet Kaur Student, PCTE Institute of Engineering & Technology, Ludhiana, Punjab, India

Keywords:

Cybersecurity, Social Engineering, Phishing, Human Factor, Psychological Manipulation, Cyber Threats, Data Breaches, AI in Security, Cyber Awareness, Behavioral Analysis

Abstract

Cybersecurity is generally considered to be more of a technical problem, and businesses spend a lot of money on firewalls, encryption, and intrusion detection systems. But human vulnerabilities remain one of the biggest security risks, as attackers employ psychological manipulation to bypass the most advanced security controls. Social engineering attacks employ deception, persuasion, and impersonation to trick individuals into divulging sensitive information or granting unauthorised access. These attacks most often succeed because they appeal to human emotions such as fear, curiosity, urgency, and trust. This essay covers the impact of social engineering attacks, their methods, and why cognitive behaviour makes it simpler for cyber threats. Common attack methods such as phishing, pretexting, baiting, tailgating, and quid pro quo schemes are covered, including real case studies illustrating massive breaches because of human error. The essay continues with the use of cognitive bias, authority influence, and social trust by cybercriminals to make their attacks more effective. To address the attacks of social engineering, organisations must adopt a multi-layered defence approach that integrates cybersecurity training, behavioural analysis, and AI-driven security. Preventive steps like security awareness training on a periodic basis, multi-factor authentication (MFA), role-based access controls, and phishing detection through AI are also covered. Along with this, newer threats such as deepfake-based impersonation and phishing attacks created through AI are also addressed, and the need for perpetual change in cybersecurity measures is brought to the limelight. The findings emphasise the necessity of balancing user education and awareness with technical solutions to reduce the success rate of social engineering attacks. With a security-aware culture and the adoption of sophisticated technologies, organisations are able to effectively protect themselves from human-centric cyber threats in a more digital environment.

DOI: https://doi.org/10.24321/3051.4320.202507

References

Nonum EO, Avwokuruaye O, Umar AM. SOCIAL ENGINEERING: UNDERSTANDING HUMAN FACTORS IN CYBER SECURITY. International Journal of Convergent and Informatics Science Research. 2025 May 2.

O’G’Li MK. Social Engineering, Human Factor in Cybersecurity. Al-Farg’oniy avlodlari.2024(3):149-52.

Alsharif M, Mishra S, AlShehri M. Impact of Human Vulnerabilities on Cybersecurity.Computer Systems Science & Engineering. 2022 Mar 1;40(3).

Published

2025-03-08

Issue

Vol. 8 No. 1 (2025): Journal of Advanced Research in Cloud Computing, Virtualization and Web Applications

Section

Review Article