Social engineering (SE) attacks remain a significant threat to both individuals and organizations. The advancement of Artificial Intelligence (AI), including diffusion models and large language models (LLMs), has potentially intensified these threats by enabling more personalized and convincing attacks. This survey paper categorizes SE attack mechanisms, analyzes their evolution, and explores methods for measuring these threats. It highlights the challenges in raising awareness about the risks of AI-enhanced SE attacks and offers insights into developing proactive and adaptable defense strategies. Additionally, we introduce a categorization of the evolving nature of AI-powered social engineering attacks into "3E phases": Enlarging, wherein the magnitude of attacks expands through the leverage of digital media; Enriching, introducing novel attack vectors and techniques; and Emerging, signifying the advent of novel threats and methods. Moreover, we emphasize the necessity for a robust framework to assess the risk of AI-powered SE attacks. By identifying and addressing gaps in existing research, we aim to guide future studies and encourage the development of more effective defenses against the growing threat of AI-powered social engineering.

翻译：社会工程学攻击对个人和组织仍构成重大威胁。人工智能技术的进步，包括扩散模型和大语言模型，通过实现更具个性化和说服力的攻击，可能加剧了这些威胁。本综述论文对社会工程学攻击机制进行分类，分析其演变过程，并探讨衡量这些威胁的方法。论文重点阐述了提高对AI增强型社会工程学攻击风险认识的挑战，并对制定主动且适应性强的防御策略提出了见解。此外，我们引入了一种对AI驱动的社会工程学攻击演变性质的分类，即“3E阶段”：“扩大”阶段，即攻击规模通过利用数字媒体而扩大；“丰富”阶段，引入了新的攻击向量和技术；“新兴”阶段，标志着新威胁和新方法的出现。此外，我们强调需要建立一个稳健的框架来评估AI驱动的社会工程学攻击的风险。通过识别并解决现有研究中的空白，我们旨在指导未来的研究，并鼓励开发更有效的防御措施，以应对日益增长的AI驱动的社会工程学威胁。