User:Ayjayym/Evaluate an Article

Which article are you evaluating?
Social engineering (security)

Why you have chosen this article to evaluate?
Its directly related to my dissertation. It will the method of attack being studied.

Evaluate the article
Lead Section

Lead section presents a good definition of social engineering and sets the stage for the article. However, the article references a study in 2020 of how social engineering will be a prominent challenge for the upcoming decade. This is an outdated comment and there is newer information available (e.g. the annual Verizon Data Breach Investigations Report) that highlight the current threat from social engineering and its direct impact on cybercrime. Also, the lead section cites an article published in 2019 about the threats from social engineering. A decent article but the lead section could be made stronger citing newer and more relevant sources of information.

Content

Overall, the article is decent but could use a more detailed explanation of social engineering tactics. The sub sections that lists “the pretexting of telephone records” law has little relevance to the article of social engineering. A pre-text is a ruse created specifically for a target. That law has little to no relevance to social engineering. If there is one, a better explanation is needed, but likely that paragraph can be deleted altogether. Most of the information about phone records is also irrelevant to social engineering as a method of gathering information. If phone records are freely available on the internet there is no need to social engineer access.

The ”other concepts” section should address social engineering tactics and techniques. The examples provided, although interesting, are only a small subset of how social engineers approach targets. One particular mention was the “water holing” attack that capitalizes on a user’s trust of a website. That attack leverages social engineering principles (human tendency to trust) but it is not a social engineering attack. That distinction should be made, and the explanation should instead of why human trust is exploited through social engineering.

Tone and Balance

The article tone is neutral and attempts to present factual information. However, for any expert in this field it is evident the writer does not have a social engineering background. Too much balance for instance is placed on telephone records which as previously addressed have nothing to do with social engineering tactics. Phone records are useful, but if the information is already public there is no need to social engineer access. The article briefly speaks about social engineering tactics, does not cover them in depth, then most of the article covers irrelevant topics.

Sources and References

The sources used for the article are outdated. Based on what is presented in the article the references are appropriate but once again, the information presented in the article is not necessarily relevant to social engineering. An update to the article can leverage multiple references that are more applicable and newer. Several of the sources in this article also show “retrieved” dates in 2012 indicating large sections of this article are based on information that is no longer relevant.

Organization and Writing Quality

Because there are multiple sections that are irrelevant to the subject in question, the organization is not relevant. The quality as a result also suffers since the topics addressed are not really relevant or contribute little to the article. The last section for instance discusses “Law” yet it does not specify whether social engineering is a lawful act or not. Several of the cases presented in the law section could potentially be relevant to the article but there is no explanation of how those instances are related to social engineering.

Overall Impressions

The article Is outdated and uses information that is no longer relevant to social engineering. Several sections are unrelated to the topic and could be deleted or drastically improved upon. The references are outdated and the section for future reading suggests old articles. One of authors both referenced as a notable social engineer and his book recommended in the further reading section, has a newer and better book on social engineering. This same author has made public comments that his previous work was not great. All signs that highlight that this article is a good start to explain social engineering but is severely lacking information to explain the topic. This article should be re-written to include up to date information, actual social engineering tactics, and relevant sources.