International Journal of Open Information Technologies

This article examines the phenomenon of social engineering attacks, identifying key success factors and determining ways to enhance protection effectiveness. Our review of existing scientific literature demonstrates that social engineering attacks exhibit high adaptability and employ a broad spectrum of manipulation techniques, rendering traditional countermeasures insufficient. Particular attention is paid to the psychology of attackers, who exploit an understanding of human psychology to target cognitive and behavioral vulnerabilities. However, the primary focus remains on user vulnerability, emphasizing that the human factor is the key target, while technical measures play a secondary role. A significant research outcome is the identification of future scientific and practical directions. Developing integrated defense approaches is essential, combining technical measures with user awareness initiatives and cybersecurity training implementation. The application of specialized analytical systems, leveraging artificial intelligence technologies, is proposed as a promising tool for early threat detection and mitigation. Synthesizing the findings, the authors stress the importance of integrating disciplinary knowledge and combining expertise from diverse specialists to develop comprehensive defense strategies. Recommendations include strengthening information security personnel training, building sustainable employee competencies, and incorporating cybersecurity fundamentals into school curricula. This article lays the foundation for future research, innovation development, and implementation in information security practice, emphasizing the multifaceted and multidisciplinary nature of the challenges addressed.

M.V. Abramov, A.L. Tulupev and T.V. Tulupeva, “Psychological characteristics, mental states of the user and their vulnerability profile in the context of social engineering attacks,” In Psychology of Mental States: collection of articles by students, undergraduates, postgraduates and young scientists, Kazan, pp. 312–317, 2019.

May 2023 European Cybermarket News Report, European Cyber Security Organisation (ECSO) [Online]. Available: https://ecs-org.eu/may-2023-european-cybermarket-news-report/.

P.S. Shviryaev, “Cybercrime as a Social Problem: Counteraction Strategies,” dis. ... Cand. of Sociol. Sci, M., Lomonosov Moscow State University, 189 p., 2024.

S.S. Vitvitskaya, A.A. Vitvitsky and Yu.I. Isakova, “Cybercrime: concept, classification, international counteraction,” Legal Order and Legal Values, Vol. 1, No. 1, pp. 18-27, 2023.

Proofpoint: 70% of Chief Information Security Officers Consider Themselves Vulnerable to Serious Cyber Attacks in 2024, CisoClub [Online]. Available: https://cisoclub.ru/proofpoint-70-direktorov-po-kiberbezopasnosti-schitajut-sebja-ujazvimymi-pered-serjoznymi-kiberatakami-v-2024-godu/.

K.N. Evdokimov, “Countering Computer Crime: Theory, Legislation, Practice,” dis. ... Dr. of Jurid. Sci, M., University of the Prosecutor's Office of the Russian Federation, 557 p., 2022.

Yu.Yu. Komlev, “Deviance and crime in the era of high-tech, consumerism and glam-capitalism,” Bulletin of the Kyui MIA of Russia, No. 1(31), pp. 23-34, 2018, doi: 10.24420/KUI.2018.31.11105.

Yu.Yu. Komlev, “From the digitalization of society to cybercrime, cyberdeviance and the development of digital deviantology,” Russian Deviantological Journal, No. 2(1), pp. 17-26 2022, doi: 10.35750/27130622-2022-1-17-26.

Brief Overview of the State of Crime in the Russian Federation for January - June 2025, Ministry of Internal Affairs of the Russian Federation (MVD RF) [Online]. Available: https://мвд.рф/reports/item/67755056/.

A.A. Azarov, T.V. Tulupeva, A.V. Suvorova, A.L. Tulupev, M.V. Abramov and R.M. Yusupov, “Social Engineering Attacks,” In Analysis Problems, St. Petersburg, Nauka, 352 p., 2016.

T.V. Tulupeva, M.V. Abramov and A.L. Tulupev, “A model of social influence in the analysis of social engineering attacks,” Administrative Consulting, No. 8, pp. 97-107, 2021.

T.V. Tulupeva, M.V. Abramov and A.A. Azarov, “Approaches to the classification of social engineering attacks,” Information Society, No. 3, pp. 103-115, 2025, doi: 10.52605/16059921_2025_03_103.

M.V. Abramov and A.L. Tulupev, “Soft estimates of user protection from social engineering attacks: fuzzy combination of user vulnerabilities and malefactor competencies in the attacking impact success prediction,” Artificial Intelligence and Natural Language, P. 47–58, 2019.

M.E. Pozdnyakova and V.V. Bryuno, “Development of the information-network environment and deviant behavior: cybercrime as a new social threat.” Bulletin of the Institute of Sociology, Vol. 15, No. 4, pp. 235-254, 2024.

K.D. Mitnick and W.L. Simon, The Art of Deception: Controlling the Human Element of Security, Indianapolis, Wiley Publishing, Inc., 368 p., 2002.

J. Jansen and R. Leukfeldt, “How people help fraudsters steal their money: an analysis of 600 online banking fraud cases,” In Proceedings of the 5th Workshop on Socio-Technical Aspects in Security and Trust, pp. 25–31, 2015.

Z. Fan, W. Li, K.B. Laskey and K.-C. Chang, “Investigation of Phishing Susceptibility with Explainable Artificial Intelligence,” Future Internet, Vol. 16, Art. 31, 2024, doi: 10.3390/fi16010031.

S. Sheng, M. Holbrook, P. Kumaraguru, L.F. Cranor and J Downs, “Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions,” In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10), pp. 373–382, 2010.

C. Canfield, B. Fischhoff and A. Davis, “Quantifying phishing susceptibility for detection and behavior decisions,” Human Factors, Vol. 58, No. 8, pp. 1158–1172, 2016.

C. Iuga, J.R.C. Nurse and A. Erola, “Baiting the hook: Factors impacting susceptibility to phishing attacks,” Human-Centric Computing and Information Sciences, Vol. 6, Art. 8, 2016, doi: 10.1186/s13673-016-0065-2.

M. Gratian, S. Bandi, M. Cukier, J. Dykstra and A. Ginther, “Correlating human traits and cyber security behavior intentions,” Computers & Security, Vol. 73, pp. 345–358, 2018.

T.N. Jagatic, N.A. Johnson, M. Jakobsson and F. Menczer, “Social phishing,” Communications of the ACM, Vol. 50, No. 10, pp. 94–100, 2007.

Cyber Portrait of the Region – 2024, Bank of Russia [Online]. Available: https://cbr.ru/statistics/information_security/cyber_portrait/2024.

R.B. Cialdini, Influence: Science and Practice. 4th ed. Boston, Allyn and Bacon, 2000. 262 p.