Time Complexity: Phishing and social engineering
O(n)
0
0
Phishing and social engineering in Cybersecurity - Time & Space Complexity
Understanding Time Complexity
We want to understand how the effort to carry out phishing and social engineering attacks grows as the number of targets increases.
How does the time and work needed change when attackers try to reach more people?
Scenario Under Consideration
Analyze the time complexity of the following attack process.
for each target in target_list:
gather personal info about target
craft a fake message tailored to target
send the fake message
wait for response
if response is positive:
attempt to extract sensitive data
else:
move to next target
This code simulates how an attacker tries phishing on multiple people, customizing messages and handling replies.
Identify Repeating Operations
Look at what repeats as the attacker tries to reach many targets.
- Primary operation: Looping through each target to send a phishing message.
- How many times: Once for every person in the target list.
How Execution Grows With Input
As the number of targets grows, the total work grows too.
| Input Size (n) | Approx. Operations |
|---|---|
| 10 | About 10 message attempts |
| 100 | About 100 message attempts |
| 1000 | About 1000 message attempts |
Pattern observation: The work grows directly with the number of targets; doubling targets doubles the effort.
Final Time Complexity
Time Complexity: O(n)
This means the time needed grows in a straight line with the number of people targeted.
Common Mistake
[X] Wrong: "Phishing attacks take the same time no matter how many people are targeted."
[OK] Correct: Each new target requires separate effort to gather info, craft messages, and wait for replies, so more targets mean more time.
Interview Connect
Understanding how attack effort grows helps you think like a defender or attacker, a useful skill in cybersecurity roles.
Self-Check
"What if the attacker automated message crafting and sending? How would that change the time complexity?"