The advent of Social Networks has made both companies and public bodies tremendously exposed to the so-called Social Engineering 2.0, and thus prone to targeted cyber-attacks.
Unfortunately, there is currently no solution available on the market that allows neither the comprehensive assessment of Social Vulnerabilities nor the management and reduction of the associated risk.
DOGANA aims to fill this gap by developing a framework that delivers "aDvanced sOcial enGineering And vulNerability Assessment" . The underlying concept of DOGANA is that Social Driven Vulnerabilities Assessments (SDVAs), when regularly performed with the help of an efficient framework, help deploy effective mitigation strategies and lead to reducing the risk created by modern Social Engineering 2.0 attack techniques. Two relevant features of the proposed framework are:

- The presence of the "awareness" component within the framework as the cornerstone of the mitigation activities;
- The legal compliance by design of the whole framework, that will be ensured by a partner and a work package explicitly devoted to this task.

Moreover, the outcomes of the project are also expected to provide a solid basis to revise the insurance models for cyber-attacks related risks, thanks to the involvement of 2 strong DOGANA partners in this area of activity.


Latest from our Social Engineering Blog


Attacks based on the personality

Written by Enrico Frumento - CEFRIEL

The abuse of the human layer of security is today probably the most used attack strategy (i.e. social engineering) and the one that most of the times decrees the successfulness of a cyber-attack. According to ProofPoint (a leading cybersecurity company), Human Factor Report 2018 “human vulnerabilities are more dangerous to modern organisations than software flaws”.

Recently a new wave of attack strategies started to emerge, thanks to the evolutions of the social engineering 2.0. As published in a recent blog post, among the unique characteristics of the social engineering 2.0 one is special: the high automation of advanced social engineering attacks against a large number of victims. This trend makes the social engineering 2.0 a modern mass targeting attack strategy, able at the same time to focus on and mould the attacks on single victims.

This enormous trend led to the evolution of a novel wave of attacks that makes of the modelling of the victims’ personalities their distinguishing element: the attack based on the personality. However, the attacks based on the personality are not difficult to model, once we move to the domain of humans. The typical sequence of steps, at a very high level, seen from the attacked entity (i.e., the human) is the following.

  • Advanced OSINT and SNA (Social Network Analysis) to start scraping the digital shadow of an enterprise.
  • Perform the segmentation of the Enterprise’s asset dataspace and identification of the most valuable assets or clusters.
  • Analysis of the decisional and behavioural processes internal to the targeted community in order, for example, to acquire the proper linguistic register, to identify the sentiment around specific arguments and its polarisation, etc.
  • Identify the key holders of the most valuable assets.
  • Identify the Super Targets in the Enterprise (Super targets is a term derived from criminology and indicates those elements that are, by their nature, more easily than others, falling into phishing or scams).
  • Personality profiling of the victims to acquire the information of his/her context (e.g., interest).
  • Identification of the cognitive and business processes of the victim(s) to create the correct hook (e.g. language register, hot topics, sentiment analysis, etc.).
  • Creation of the attacks around the personality or emotional status (e.g., find the correct moment in time to launch the attack, also using studies such as the following
  • Setup the hook and the Individual Attack Vector (e.g., an email plus the corresponding landing website in case of phishing). See
  • Setup the malware forgery for ad-hoc infection process, using known vulnerabilities or zero-day and browser fingerprinting.
  • Setup the operational security (i.e., escape plan of the attacker)

Looking at the above list of actions it seems like a typical activity of a Red Team, but this assertion is arguable. Most, if not all of the steps described, can be automated to execute mass attacks and deliver ad-hoc glocalized threats (e.g. geomalware or, generally speaking, context-aware malware). This list of steps makes such attacks a relevant and important subject for the novel defence strategies. From the list of steps listed emerges, in the attack strategies based on personality, the existence of a pattern that is behavioural and tactical rather than syntactical. In other words, exists one important difference with the classic attack patterns, based on zero days and more or less advanced malware: the repetitive patterns at the technical level are almost inexistent (today ad-hoc malware attacks involves few victims and copies of the malware, the trend is one victim, one malware). The patterns at the attack plan level are instead often similar.

As a matter of facts, zero days are increasingly less important in everyday attack strategies and often not required at all (e.g.,

Therefore, the question is how to create a defence solution able to monitor the patterns in the attack plans automatically. This is still an argument for research.


by Enrico Frumento (CEFRIEL)


This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme, under grant agreement No. 653618




The DOGANA phishing videogame

Want to try it?
Read more here and contact us


Phishing: awareness through play

Want to try it?
Read more here and contact us


Contraband pixels and texts
Read all about our liteary-graphic competition on phishing and social engineering

All the pictures and novels