A Comprehensive Survey of Social Engineering Attacks: Taxonomy of Attacks, Prevention, and Mitigation Strategies

Social engineering attacks pose a significant threat to individuals, organizations, and governments globally. These attacks leverage human psychology, manipulating individuals into divulging sensitive information or undertaking actions that jeopardize security. The various forms of social engineering attacks can lead to dire consequences for the targeted victims. However, with preventive and mitigation strategies such as security awareness training, policy formulation, and technical controls, the risks associated with social engineering attacks can be diminished. This paper offers a comprehensive overview of social engineering attacks, delving into their diverse types and methodologies. It further discusses various strategies to counteract and alleviate the threats posed by these attacks. The study introduces a taxonomy of social engineering attacks, categorizing them based on the operator, prevention measures, and mitigation techniques. This thorough analysis underscores the current challenges in the domain and suggests potential future trajectories in the field.