Mitigating Phishing Attacks: An Overview

Social engineering is the process of getting a person to provide a service or complete a task that may give away private or confidential information. Phishing is the most common type of social engineering. In phishing, an attacker poses as a trustworthy source in an attempt to have the victim release personal or private information. Spear phishing is a popular type of phishing attack where the attacker provides information retaining to a select few targets rather than generic information for a mass amount of targets. This paper provides an overview of social engineering attacks, the detection methods of social engineering and phishing attacks, the education and training techniques for preventing social engineering and phishing attacks, as well as the susceptibility of users to social engineering and phishing attacks.