Social Engineering Attacks in the Digital Age
Kaur, Bhupinder (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025070123576
https://urn.fi/URN:NBN:fi:amk-2025070123576
Tiivistelmä
Social engineering attacks have emerged as the most pervasive and damaging threat in the modern digital landscape, exploiting human psychology more than technical vulnerabilities. This thesis addressed the critical problem of understanding and predicting social engineering attack patterns and their impact by conducting a secondary analysis of a large-scale cybersecurity dataset containing 40,000 incidents.
The importance of this research lies in the growing sophistication of social engineering tactics — such as phishing and business email compromise — which continue to bypass technical defenses and cause significant financial and operational harm worldwide.
To solve this problem, the study applied quantitative analysis and machine learning techniques to examine attack distributions, severity levels, temporal trends, and the relationships between human and technical factors. The scope of the research was limited to statistical and predictive analysis of attack patterns using synthetic data; it did not include primary data collection, live incident response, or the evaluation of specific organizational defenses. The study focused on identifying the prevalence of different attack types, assessing how attack frequency and severity have evolved over time, and evaluating the predictive power of advanced machine learning models for early detection.
The results of the thesis show that, while the synthetic dataset presented an even distribution of attack types and severities, real-world evidence confirms the dominance of social engineering — particularly phishing — driven by manipulation of trust, urgency, and authority. Temporal analysis revealed a 157% increase in attack frequency from 2017 to 2024, with notable peaks during business hours and before weekends, reflecting attackers’ adaptation to human routines. Correlation analysis found no strong linear relationships among technical variables, highlighting the complex, non-linear nature of social engineering risks. Machine learning models, especially ensemble methods, achieved over 99% accuracy in predicting social engineering attacks, with engineered behavioral features proving most effective for early detection.
The thesis recommends that organizations integrate AI-driven behavioral analytics, dynamic risk scoring, and targeted awareness training to move from reactive to proactive defense. Limitations include the use of synthetic data, which may not fully capture the complexity of real-world attacks, and the need for further validation in operational environments. The findings emphasize that effective mitigation of social engineering threats requires multi-layered, adaptive strategies that blend technology, behavioral science, and organizational policy to address both current and emerging cybersecurity challenges.
The importance of this research lies in the growing sophistication of social engineering tactics — such as phishing and business email compromise — which continue to bypass technical defenses and cause significant financial and operational harm worldwide.
To solve this problem, the study applied quantitative analysis and machine learning techniques to examine attack distributions, severity levels, temporal trends, and the relationships between human and technical factors. The scope of the research was limited to statistical and predictive analysis of attack patterns using synthetic data; it did not include primary data collection, live incident response, or the evaluation of specific organizational defenses. The study focused on identifying the prevalence of different attack types, assessing how attack frequency and severity have evolved over time, and evaluating the predictive power of advanced machine learning models for early detection.
The results of the thesis show that, while the synthetic dataset presented an even distribution of attack types and severities, real-world evidence confirms the dominance of social engineering — particularly phishing — driven by manipulation of trust, urgency, and authority. Temporal analysis revealed a 157% increase in attack frequency from 2017 to 2024, with notable peaks during business hours and before weekends, reflecting attackers’ adaptation to human routines. Correlation analysis found no strong linear relationships among technical variables, highlighting the complex, non-linear nature of social engineering risks. Machine learning models, especially ensemble methods, achieved over 99% accuracy in predicting social engineering attacks, with engineered behavioral features proving most effective for early detection.
The thesis recommends that organizations integrate AI-driven behavioral analytics, dynamic risk scoring, and targeted awareness training to move from reactive to proactive defense. Limitations include the use of synthetic data, which may not fully capture the complexity of real-world attacks, and the need for further validation in operational environments. The findings emphasize that effective mitigation of social engineering threats requires multi-layered, adaptive strategies that blend technology, behavioral science, and organizational policy to address both current and emerging cybersecurity challenges.