Multi-Layered Social Engineering Defense Frameworks for High-Trust Financial Service Environments

Hilal H. Nuha

Authors

Hilal H. Nuha School of Computing, Telkom University Bandung, Indonesia Author

Keywords:

Social engineering, financial cybersecurity, defense framework, multi-layered security, human factors, phishing prevention

Abstract

Social engineering poses a serious threat to high-trust financial institutions, exploiting human vulnerabilities through sophisticated psychological manipulation. A multi-layered defense framework offers proactive measures by integrating technical, behavioral, and procedural barriers. This paper proposes a structured defense architecture suitable for the evolving threat landscape in financial services. We explore key components, assess current methodologies, and suggest robust models to minimize organizational risk. The framework is supported by empirical data and literature predating the current surge in hybrid cyber-attacks..

References

Mitnick, K. D., & Simon, W. L. (2002). The Art of Deception. Wiley, 1(1), 12–22.

Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Social Phishing. Commun. ACM, 50(10), 94–100.

Hadnagy, C. (2010). Social Engineering: The Art of Human Hacking. Wiley, 1(1), 29–33.

Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2013). Phishing for the Truth. Comput. Hum. Behav., 29(3), 1342–1353.

Albladi, S. M., & Weir, G. R. S. (2016). User Characteristics that Influence Judgment of Social Engineering Attacks. Hum.-Centric Comput. Inf. Sci., 6(1), 1–17.

Wright, R. T., & Marett, K. (2010). The Influence of Experiential and Dispositional Factors in Phishing. J. Manag. Inf. Syst., 27(1), 273–303.

Gajula, S. (2025). Cloud transformation in financial services: A strategic framework for hybrid adoption and business continuity. International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 11(2), 1244–1254. https://doi.org/10.32628/CSEIT25112464

Workman, M. (2008). Wisecrackers: A Theory-Grounded Investigation of Phishing and Pretext Social Engineering Threats to Information Security. J. Am. Soc. Inf. Sci. Technol., 59(4), 662–674.

Herzberg, A., & Margulies, H. (2014). Preventing Phishing Attacks Using Site Signatures. Internet Res., 24(5), 536–551.

Gajula, S. (2025). Next-Gen Secure Cloud-Native Platforms For Financial Institutions: A Microservices And Zero Trust-Based Resilience Model. Journal of International Crisis and Risk Communication Research , 280–287. https://doi.org/10.63278/jicrcr.vi.3355

Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L. F., & Downs, J. (2010). Who Falls for Phish? Commun. ACM, 53(3), 74–80.

Gupta, B. B., Tewari, A., Jain, A. K., & Agrawal, D. P. (2017). Fighting Against Phishing Attacks: State of the Art and Future Challenges. Neural Comput. Appl., 28(12), 3629–3654.

Gajula, S.(2025).Cybersecurity in Supply Chain Management: Role of Identity and Access Management, Zero Trust, and Blockchain. Asian Journal of Computer Science Engineering (AJCSE),10(2), pp.1–11

Peltier, T. R. (2006). Social Engineering: Concepts and Solutions. Inf. Secur. Tech. Rep., 11(3), 192–198.

Furnell, S., & Warren, M. (1999). Computer Hacking and Cyber Terrorism: The Real Threats in the New Millennium? Comput. Secur., 18(1), 28–34.

Sreenivasulu Gajula. (2025). AI-Driven Compliance Automation in Banking: A Hybrid Model Integrating Natural Language Processing and Knowledge Graphs. International Journal of Computational and Experimental Science and Engineering, 11(4). https://doi.org/10.22399/ijcesen.4174

Gragg, D. (2003). A Multi-Level Defense Against Social Engineering. SANS Reading Room, 2(1), 1–12.

Bullee, J.-W., Montoya, L., Pieters, W., Junger, M., & Hartel, P. (2015). On the Performance of Deterrence Arrangements Against Social Engineering Attacks. Comput. Secur., 52(1), 43–57.

Gajula, S. (2025). Federated intelligence in financial ecosystems: A privacy-preserving AI framework for cross-border risk analysis. Journal of Information Systems Engineering and Management, 10(60s), 1040–1048. https://doi.org/10.52783/jisem.v10i60s.13261

Karakasiliotis, A., & Furnell, S. (2012). A Study of Users’ Perceptions of Security Indicators on Websites. Inf. Manag. Comput. Secur., 20(1), 29–46.