To see the other types of publications on this topic, follow the link: Social engineering attacks.
Dissertations / Theses on the topic 'Social engineering attacks'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 29 dissertations / theses for your research on the topic 'Social engineering attacks.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Cerovic, Lazar. "Identifying Resilience Against Social Engineering Attacks." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-280131.
Full textAbstract:
Social engineering (SE) attacks are one of the most common cyber attacks and frauds, which causes a large economical destruction to individuals, companies and governments alike. The attacks are hard to protect from, since SE-attacks is based on exploiting human weaknesses. The goal of this study is to identify indicators of resilience against SE-attacks from individual computer space data, such as network settings, social media profiles, web browsing behaviour and more. This study is based on qualitative methods to collect information, analyse and evaluate data. Resilience is evaluated with models such as theory of planned behaviour and the big five personality traits, as well as personal and demographic information. Indicators of resilience were found in network settings such as service set identifiers (SSID) and routers, web history, social media use and more. The framework developed in this study could be expanded with more aspect of individual data and different evaluation criteria. Further studies can be done about this subject with tools such as artificial intelligence and machine learning.Sociala manipulationer är bland de vanligaste cyber attackerna och bedrägerierna som orsakar enorma ekonomiska skador varje år för individer, företag och myndigheter. Dessa attacker är svåra att skydda ifrån då sociala manipulationer utnyttjar mänskliga svagheter som ett medel till att stjäla pengar eller information. Målet med studien är att identifiera indikatorer av motstånd mot sociala manipulationsattacker, vilket ska göras med hjälp av individuell data, som kan bestå av nätverksinställningar, sociala medieprofiler, webbaktivitet bland annat. Denna studie är baserat på kvalitativa metoder för att samla, analysera och utvärdera data. Motstånd mot social manipulation utvärderas med hjälp av relevanta teorier och modeller som har med beteende och personligheter att göra, sedan används även personlig och demografisk information i utvärderingen. De indikatorer som identifierades var bland annat inställningar i routrar, webbhistorik och social medianvändning. Det teoretiska ramverket som utvecklades för att utvärdera motstånd mot sociala manipulationsattacker kan utökas med fler aspekter av individuell data. Viktiga samhällshändelser och sammanhang kan vara en intressant faktor som är relaterat till ämnet. Framtida studier skulle kunna kombinera detta ramverk med tekniker som maskinlärning och artificiell intelligens.
2
Jansson, Kenny. "A model for cultivating resistance to social engineering attacks." Thesis, Nelson Mandela Metropolitan University, 2011. http://hdl.handle.net/10948/1588.
Full textAbstract:
The human being is commonly considered as being the weakest link in information security. Subsequently, as information is one of the most critical assets in an organization today, it is essential that the human element is considered in deployments of information security countermeasures. However, the human element is often neglected in this regard. Consequently, many criminals are now targeting the user directly to obtain sensitive information instead of spending days or even months trying to hack through systems. Some criminals are targeting users by utilizing various social engineering techniques to deceive the user into disclosing information. For this reason, the users of the Internet and ICT-related technologies are nowadays very vulnerable to various social engineering attacks. As a contribution to increase users’ social engineering awareness, a model – called SERUM – was devised. SERUM aims to cultivate social engineering resistance within a community through exposing the users of the community to ‘fake’ social engineering attacks. The users that react incorrectly to these attacks are instantly notified and requested to participate in an online social engineering awareness program. Thus, users are educated on-demand. The model was implemented as a software system and was utilized to conduct a phishing exercise on all the students of the Nelson Mandela Metropolitan University. The aim of the phishing exercise was to determine whether SERUM is effective in cultivating social engineering resistant behaviour within a community. This phishing exercise proved to be successful and positive results emanated. This indicated that a model like SERUM can indeed be used to educate users regarding phishing attacks.
3
Rocha, Flores Waldo. "Shaping information security behaviors related to social engineering attacks." Doctoral thesis, KTH, Elkraftteknik, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-186113.
Full textAbstract:
Today, few companies would manage to continuously stay competitive without the proper utilization of information technology (IT). This has increased companies’ dependency of IT and created new threats that need to be addressed to mitigate risks to daily business operations. A large extent of these IT-related threats includes hackers attempting to gain unauthorized access to internal computer networks by exploiting vulnerabilities in the behaviors of employees. A common way to exploit human vulnerabilities is to deceive and manipulate employees through the use of social engineering. Although researchers have attempted to understand social engineering, there is a lack of empirical research capturing multilevel factors explaining what drives employees’ existing behaviors and how these behaviors can be improved. This is addressed in this thesis. The contribution of this thesis includes (i) an instrument to measure security behaviors and its multilevel determinants, (ii) identification of multilevel variables that significantly influence employees’ intent for behavior change, (iii) identification of what behavioral governance factors that lay the foundation for behavior change, (iv) identification that national culture has a significant effect on how organizations cope with behavioral information security threats, and (v) a strategy to ensure adequate information security behaviors throughout an organization. This thesis is a composite thesis of eight papers. Paper 1 describes the instrument measuring multilevel determinants. Paper 2 and 3 describes how security knowledge is established in organizations, and the effect on employee information security awareness. In Paper 4 the root cause of employees’ intention to change their behaviors and resist social engineering is described. Paper 5 and 8 describes how the instrument to measure social engineering security behaviors was developed and validated through scenario-based surveys and phishing experiments. Paper 6 and 7 describes experiments performed to understand reason to why employees fall for social engineering. Finally, paper 2, 5 and 6 examines the moderating effect of national culture.QC 20160503
4
Nohlberg, Marcus. "Securing Information Assets : Understanding, Measuring and Protecting against Social Engineering Attacks." Doctoral thesis, Kista : Department of Computer and Systems Sciences (together with KTH), Stockholm University, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:su:diva-8379.
Full text
5
Carlander-Reuterfelt, Gallo Matias. "Estimating human resilience to social engineering attacks through computer configuration data : A literature study on the state of social engineering vulnerabilities." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-277921.
Full textAbstract:
Social engineering as a method of attack is increasingly becoming a problem for both corporations and individuals. From identity theft to enormous financial losses, this form of attack is notorious for affecting complex structures, yet often being very simple in its form. Whereas for other forms of cyber- attack, tools like antivirus and antimalware are now industry standard, have proven to be reliable ways to keep safe private and confidential data, there is no such equivalent for social engineering attacks. There is not, as of this day, a trustworthy and precise way of estimating resilience to these attacks, while still keeping the private data private. The purpose of this report is to compile the different aspects of a users computer data that have been proven to significantly indicative of their susceptibility to these kinds of attacks, and with them, devise a system that can, with some degree of precision, estimate the resilience to social engineering of the user. This report is a literature study on the topic of social engineering and how it relates to computer program data, configuration and personality. The different phases of research each led to a more comprehensive way of linking the different pieces of data together and devising a rudimentary way of estimating human resilience to social engineering through the observation of a few configuration aspects. For the purposes of this report, the data had to be reasonably accessible, respecting privacy, and being something that can be easily extrapolated from one user to another. Based on findings, ranging from psychological data and behavioral patterns, to network configurations, we conclude that, even though there is data that supports the possibility of estimating resilience, there is, as of this day, no empirically proven way of doing so in a precise manner. An estimation model is provided by the end of the report, but the limitations of this project did not allow for an experiment to prove its validity beyond the theories it is based upon.Social Manipulering som attackmetod har blivit ett ökande problem både för företag och individer. Från identitetsstöld till enorma ekonomiska förluster, är denna form av attack känd för att kunna påverka komplexa system, men är ofta i sig mycket enkel i sin form. Medans andra typer av cyberattacker kan skyddas med verktyg som antivirus och antimalware och tillförlitligt hålla privat och konfidentiell information säker så finns det inga motsvarande verktyg för att skydda sig mot Social Manipulering attacker. Det finns alltså inte idag ett pålitligt och säkert sätt att motstå Social Manipulering attacker och skydda personliga uppgifter och privat data. Syftet med denna rapport är att visa olika aspekterna hur datoranvändares data är sårbarhet för dessa typer av attacker, och med dessa utforma ett system som med viss mån av precision kan mäta resiliens mot Social Manipulering. Rapporten är ett resultat av studier av litteratur inom ämnet Social Manipulering och hur den relaterar sig till datorns data, konfiguration och personuppgifter. De olika delarna av utredningen leder var och en till ett mer omfattande sätt att koppla samman de olika uppgifterna och utforma ett rudimentärt sätt att uppskatta en persons resiliens mot Social Manipulering, detta genom att observera olika aspekter av datorns konfiguration. För syftet av rapporten så har uppgifterna varit rimligt tillgängliga, har respekterat integriteten och varit något som lätt kan anpassas från en användare till en annan. Baserat på observationerna av psykologiska data, beteendemönster och nätverkskonfigurationer, så kan vi dra slutsatsen att även om det finns data som stöder möjligheten att uppskatta resiliens, finns det idag inget empiriskt bevisat sätt att göra det på ett exakt sätt. En exempel av modell för att uppskatta resiliens finns i slutet av rapporten. Ramen för detta projekt gjorde det inte möjligt att göra ett praktiskt experiment för att validera teorierna.
6
Persson, Anders. "Exploring Phishing Attacks and Countermeasures." Thesis, Blekinge Tekniska Högskola, Avdelningen för för interaktion och systemdesign, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3620.
Full textAbstract:
Online banking and e-commerce applications have good protection against attacks directed direct towards their computer systems. This, the attacker has considered and instead use “social engineering” attacks, such as phishing to gain access to the information inside [1] [15] [21]. Phishing is a growing problem that many different companies are trying to develop a working protection against. The number of new phishing-sites per month increased by 1363 % between January 2005 and October 2006, from 2560 to 37 444 attacks [3] [2]. Today there are several different antiphishing applications as well as implemented methods to prevent attacks, but it’s not certain they giving enough protection. In this paper we plan to investigate the concept of phishing to better understand the threat it provides. We will analyse 252 different phishing attacks and examine a number of existing antiphishing applications to see if there are possibilities to improve the different protection methods to improve the accuracy of such tools.
7
Nordgren, Daniella. "Phishing attacks targeting hospitals : A study over phishing knowledge at Blekingesjukhuset." Thesis, Blekinge Tekniska Högskola, Institutionen för datalogi och datorsystemteknik, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-16681.
Full textAbstract:
Context. Phishing emails is a type of computer attack targeting users and tries to trick them into giving out personal information, follow shady links or download malicious attachments. Phishing is often closely linked to ransomware, which is a type of attack that locks a users computer and asks for a ransom in order to give access back. Ransomware viruses often contaminate a computer through a phishing email. Hospitals are a growing target for these types of attacks because of their need of being able to access their system at all times. Objectives. This study intends to research the phishing knowledge among employees at Blekingesjukhuset and whether Blekingesjukhuset is at a risk of falling victim to a ransomware attack through a phishing email opened by an employee. Methods. This is researched by reading relevant literature and a survey sent out to employees at Blekingesjukhuset regarding their phishing knowledge. Results. The results show that the participants of the survey where overall unsure on how to detect phishing emails and thought that knowledge about the subject is necessary. Conclusions. The conclusion was made that the employees did not know what to look for in order to determine whether an email is a phishing email or not. Based on this information the conclusion can be made that it does exist a risk of Blekingesjukhuset falling victim to a ransomware attack through a phishing email unintentionally opened by an employee.
8
Yelne, Samir. "Measures of User Interactions, Conversations, and Attacks in a Crowdsourced Platform Offering Emotional Support." Wright State University / OhioLINK, 2016. http://rave.ohiolink.edu/etdc/view?acc_num=wright1482330888961028.
Full text
9
Salem, Omran S. A. "An Integrated Intelligent Approach to Enhance the Security Control of IT Systems. A Proactive Approach to Security Control Using Artificial Fuzzy Logic to Strengthen the Authentication Process and Reduce the Risk of Phishing." Thesis, University of Bradford, 2012. http://hdl.handle.net/10454/14863.
Full textAbstract:
Hacking information systems is continuously on the increase. Social engineering attacks is performed by manipulating the weakest link in the security chain; people. Consequently, this type of attack has gained a higher rate of success than a technical attack. Based in Expert Systems, this study proposes a proactive and integrated Intelligent Social Engineering Security Model to mitigate the human risk and reduce the impact of social engineering attacks. Many computer users do not have enough security knowledge to be able to select a strong password for their authentication. The author has attempted to implement a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is being developed to evaluate password strength and measures the password strength based on dictionary attack, time crack and shoulder surfing attack (social engineering). A comparative study of existing tools used by major companies such as Microsoft, Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and tool. A comprehensive literature survey and analytical study performed on phishing emails representing social engineering attacks that are directly related to financial fraud are presented and compared with other security threats. This research proposes a novel approach that successfully addresses social engineering attacks. Another intelligent tool is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source code and providing an in-line awareness security feedback.
10
Forde, Edward Steven. "Security Strategies for Hosting Sensitive Information in the Commercial Cloud." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/3604.
Full textAbstract:
IT experts often struggle to find strategies to secure data on the cloud. Although current security standards might provide cloud compliance, they fail to offer guarantees of security assurance. The purpose of this qualitative case study was to explore the strategies used by IT security managers to host sensitive information in the commercial cloud. The study's population consisted of information security managers from a government agency in the eastern region of the United States. The routine active theory, developed by Cohen and Felson, was used as the conceptual framework for the study. The data collection process included IT security manager interviews (n = 7), organizational documents and procedures (n = 14), and direct observation of a training meeting (n = 35). Data collection from organizational data and observational data were summarized. Coding from the interviews and member checking were triangulated with organizational documents and observational data/field notes to produce major and minor themes. Through methodological triangulation, 5 major themes emerged from the data analysis: avoiding social engineering vulnerabilities, avoiding weak encryption, maintaining customer trust, training to create a cloud security culture, and developing sufficient policies. The findings of this study may benefit information security managers by enhancing their information security practices to better protect their organization's information that is stored in the commercial cloud. Improved information security practices may contribute to social change by providing by proving customers a lesser amount of risk of having their identity or data stolen from internal and external thieves
11
Lindgren, Felix, Oscar Thorslund, and Malin Torstensson. "Vem har högst säkerhetsmedvetenhet? En kvantitativ studie om Social Engineering-attacker och människor på Internet." Thesis, Örebro universitet, Handelshögskolan vid Örebro Universitet, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:oru:diva-56966.
Full text
12
Ödman, Alina. "Moderna sociala manipuleringsangrepp : En kvalitativ intervjustudie med penetrationstestare." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-17303.
Full textAbstract:
Dagens samhälle präglas av den växande digitaliseringen. Information flödar på alla håll och kanter, den bearbetas, lagras och kommuniceras konstant. Nuförtiden kan systemen byggas ganska säkra, men så fort man sätter en människa bakom tangentbordet introducerar man en rejäl sårbarhet och äventyrar att vår information hamnar i fel händer. SE (social engineering, social manipulering) är konsten att nyttja social interaktion som ett medel oavsett om det kräver ett tekniskt system eller övertygelse för att få tillgång till känslig information. Detta är en kvalitativ intervjustudie som försöker skildra hur penetrationstestare ser och arbetar med/mot SE (social engineering, social manipulering) sker. Studien tolkar penetrationstestares perspektiv på dagens sociala manipulerings angrepp, hur de arbetar med det och vad vi som individer kan göra för att skydda oss. Slutsatserna från studiens delfrågor hjälper att besvara studiens forskningsfråga “Hur ser penetrationstestare på dagens SE?” Studien visar på att majoriteten av respondenterna är överens om hur SE ser ut idag. Konklusionen visar på att angreppet “phishing” är en av de vanligaste angreppsformerna idag både trendmässigt och arbetsrelaterat just nu. Vidare skildrades även “varför sociala manipulatörer ofta lyckas med sina angrepp” vilket resulterade i att den psykologiska aspekten är ett av de viktigaste förbättringsområdena inom SE. Slutligen, redogjorde respondenterna viktiga skyddsåtgärder som kan tillämpas av både organisationer och privatpersoner.Our modern World is filled with information everywhere. Information isconstantly processed, stored and communicated. However,we all know that information usuallyhas some value;therefore,we build secure and complex systems, whichare packed with data. Valuable data. Then we put humans behind those systems and introduce ahuge vulnerability and by that,we are risking our data falling into the wrong hands. Social engineering –it is used to deceive people and letting themgive up sensitive information. This qualitative interview study will attempt to disclose the perception of social engineering from people who perform penetration-testingservices. The results of the study are showing that participators are partially decided of their view of social engineering. They almost all agree that “phishing” is a common attack in bothinternet occurrences and in work-related matters. Furthermore, the conclusion shows that the psychological aspect of social engineering is an important improvement area. Lastly, the participants explain several preventative actions, whichcan be used by organizations and by individuals to minimize the risk of exposure to social engineering.
13
Johansson, Stina. "Utvecklingen utav social manipulering : En kartläggande granskning av säkerhetsåtgärder 2008 kontra 2018." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-17218.
Full textAbstract:
Sociala manipulatörer besitter förmågan att använda social interaktion som medel för att övertyga en individ eller organisation till samtycke för en specifik förfrågan. Syftet är att uppnå ett mål i form av exempelvis ekonomisk vinning, obehörig åtkomst eller serviceavbrott. En social manipuleringsattack föranleds utav bakomliggande processer och innefattar en datorrelaterad enhet för antingen den sociala interaktionen, för övertalningen till samtycke eller för manipulatörens förfrågan. Syftet med arbetet var att kartlägga säkerhetsåtgärder mot sociala manipuleringsattacker och på så vis ge uttryck för en utveckling av området över tid. Resultatet förväntades med andra ord att ge uttryck för en mognad inom området och bidra med ökade insikter i hur attacker på ett tidstroget vis kan tacklas inom administrativ- och teknisk säkerhet. En kartläggande granskning genomfördes utifrån ett urval utifrån de tre databaserna; IEEE Xplore Digital Library, Springer Link och DBLP Computer Science Bibliography. Studier primär- och sekundärkategoriserades utifrån en kodningsprocess i syfte att understödja en narrativ analys. Fyra primärkategorier utav säkerhetsåtgärder uppstod; modellering, sårbarhetsbedömning, datasystem och (in)direkt utbildning. Sökstrategi och bedömningsprocess gav en inkluderad datamängd av totalt 28 studier. Säkerhetsåtgärder mot social manipulering från 2008 representerades av fem studier; en föreslog modellering, tre föreslog datasystem och en föreslog (in)direkt utbildning. Säkerhetsåtgärder från 2018 representerades av 23 studier; fyra föreslog modellering, två föreslog sårbarhetsbedömning; nio föreslog datasystem och åtta föreslog (in)direkt utbildning. Kodningsprocessen gav även upphov till sekundära kategorier – samtliga kategorier återgavs en dynamisk återspegling utav säkerhetsåtgärder mot social manipulering 2008 kontra 2018. Fyra av fem studier från 2008 definierade social manipulering med avsaknad av teoretiska förklaringar till bakomliggande processer för en attack – respektive 13 av 23 studier från 2018. Analysen mynnade ut i insikter om att framtida forskning behöver eftersträva ett holistiskt synsätt för de bakomliggande processer som föranleder en social manipuleringsattack – på så vis kan en ökad säkerhetsmedvetenhet och motståndskraft mot social manipulering uppnås.Social engineers possess the ability to use social interaction as a means of convincing an individual or organization to consent to a specific request. The purpose is to achieve a goal in the form of, for example, financial gain, unauthorized access or service interruption. A social engineering attack is caused by underlying processes and includes a computer-related device for either the social interaction, for the persuasion to consent or for the social engineer's request. The purpose of the thesis was to map security measures against social engineering attacks and thus express the development of the area over time. In other words, the result was expected to express a maturity in the area and contribute with increased insights into how attacks in a timely manner can be tackled in administrative and technical security. A survey was conducted based on a selection based on the three databases; IEEE Xplore Digital Library, Springer Link and DBLP Computer Science Bibliography. Studies were primary and secondary categorized based on a coding process in order to support a narrative analysis. Four primary categories of security measures occurred; modelling, vulnerability assessment, computer systems and (in)direct education. Search strategy and assessment process provided an included data set of a total of 28 studies. Security measures against social manipulation from 2008 were represented by five studies; one proposed modeling, three suggested computer systems and one suggested (in)direct education. Security measures from 2018 were represented by 23 studies; four proposed modeling, two suggested vulnerability assessment; nine proposed computer systems and eight suggested (in)direct education. The coding process also gave rise to secondary categories - all categories were given a dynamic reflection of security measures against social manipulation 2008 versus 2018. Four out of five studies from 2008 defined social manipulation with the absence of theoretical explanations for underlying processes for an attack - and 13 of 23 studies from 2018. The analysis resulted in insights that future research needs to strive for a holistic approach to the underlying processes that cause a social manipulation attack - in this way increased security awareness and resistance to social engineering can be achieved.
14
Tan, Enhua. "Spam Analysis and Detection for User Generated Content in Online Social Networks." The Ohio State University, 2013. http://rave.ohiolink.edu/etdc/view?acc_num=osu1365520334.
Full text
15
Ahmed, Olfet, and Nawar Saman. "Utvärdering av nätverkssäkerheten på J Bil AB." Thesis, KTH, Data- och elektroteknik, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-123403.
Full textAbstract:
Detta examensarbete är en utvärdering av nätverkssäkerheten hos J BiL AB, både på social och teknisk nivå. Företaget är beroende av säkra Internet-anslutningar för att nå externa tjänster och interna servrar lokaliserade på olika geografiska platser. Företaget har ingen IT-ansvarig som aktivt underhåller och övervakar nätverket, utan konsulterar ett externt dataföretag. Syftet med examensarbetet är att utvärdera säkerheten, upptäcka brister, ge förbättringsförslag och till viss del implementera lösningar. För att undersöka säkerheten har observationer och intervjuer med personalen gjorts och ett flertal attacker mot nätverket har utförts. Utifrån den data som samlats in kunde slutsatsen dras att företaget har brister vad gäller IT-säkerheten. Framförallt den sociala säkerheten visade sig ha stora luckor vilket till stor del beror på att de anställda varken har blivit utbildade eller fått någon information om hur de ska hantera lösenord, datorer och IT-frågor i allmänt. Förbättringsförslag har getts och viss implementation har genomförts för att eliminera bristerna. De anställda har även med hjälp av en IT-policy och föreläsning blivit utbildade i hur de ska agera och tänka kring IT-relaterade säkerhetsfrågor.The aim of this project is to evaluate the network security at J Bil AB. The focus will be on both social and technical issues. For the employees to be able to con-nect to remote servers and external services and perform their daily work tasks, secure connections is needed. J Bil Ab has no IT manager who actively maintains and monitors the network; rather they consult a computer company when changes and implementations are required. The projects’ goal is to identify gaps, come up with suggestions for improvement and to some extent implement so-lutions. To do this, an observation of the employees hav been made, an inter-view have been held, and several attacks on the network have been performed. Based on the data collected, it was concluded that the company has shortcom-ings in IT security. Above all, the social security appeared to have major gaps in it and that is mainly because the lack of knowledge among the employees and they have never been informed of how to manage their passwords, computers and IT issues in general. Suggestions for improvement have been given and some implementations have been performed to eliminate the deficiencies.
16
(10994988), Minglu Li. "ENVIRONMENTAL FACTORS AFFECT SOCIAL ENGINEERING ATTACKS." Thesis, 2021.
Find full textAbstract:
Social engineering attacks can have serious consequences when it comes to information security. A social engineering attack aims at sensitive personal information by using personality weaknesses and using manipulation techniques. Because the user is often seen as the weakest link, techniques like phishing, baiting, and vishing, and deception are used to glean important personal information successfully. This article will analyze the relationship between the environment and social engineering attacks. This data consists of 516 people taking a survey. When it comes to discovering the relationship, there are two parts of the analysis. One is a high-dimensional analysis using multiple algorithms to find a connection between the environment and people’s behavior. The other uses a text analysis algorithm to study the pattern of survey questions, which can help discover why certain people have the same tendency in the same scenario. After combining these two, we might show how people have different reactions when dealing with social engineering attacks due to environmental factors.
17
Chen, Ming-Yen, and 陳銘言. "Analysis of User Behavioral Patterns of Social Engineering Email Attacks." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/65478280711994716783.
Full textAbstract:
碩士輔仁大學
資訊管理學系
97
Due to the serious social engineering email attacks, a domestic unit, through education and training, with simulated e-mail attacks and social engineering email attack drills, tries to make the organization's e-mail users to raise awareness in order to reduce the success rate of social engineering email attacks. With the evolution of society and the changes of hacker attacks, how to exercise and make the situation much closer to the actual practices of the attacks, this study simulated the real situation of attacks so that practices not only formality exercises. In this research, we analyzed the psychology vulnerability of social engineering e-mail attack drills by the help of experts. This research used the outcome information of social engineering exercises to do association rule analysis for e-mail types and the types of vulnerability in order to analyze the association of potential acts of users. By this study, we can understand the factors which affect e-mail users by the threat of social engineering attacks. The goal of this research is to enable users to be able to avoid against the social engineering attacks. On the other hand, it can also enable users to more understand all the attack methods so that e-mail social engineering attacks will be able to enhance the alertness of users. In the results of this research, we discover 14 user behavior characteristics, and penetrate the characteristic rules to develop eight kinds of attack patterns on different situations so that the drills can continually improve e-mail content and techniques.
18
Nien, Ching-hsuan, and 粘敬宣. "The Impact of Social Engineering Attacks on Competent Students in Information Management." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/74955131683232313447.
Full textAbstract:
碩士國立高雄第一科技大學
資訊管理研究所
100
In the age of information explosion, information security has been an issue to every information systems’ users. Generally, organizations would employ anti-attack software in defending hostile attacks by unknown hackers. However, hackers are not only capable of in coding techniques for hostile software, but have social skills such as oral communication, lure, counterfeit identity, greed, and punishment avoidance to defraud or to phish users'' personal and confidential information. This study focus on one of social engineering techniques termed phishing, in which well-developed email-based or Web-based scenarios are used to defraud users of confidential information. In this study, an e-mail with social engineering warning signs attached is distributed unexpectedly to students with information majors, who are supposed to be capable of dealing with the issue of information security, to see whether they would be defrauded. Thus, the experiment units are students rolled in the department of information management in a university. In this study, the experimental students were asked to fill out the personal information in the questionnaires attached with the cautions headline in the email. After the collection of replying emails, we have found the followings: 1. Initially, emails with warning signs do not significantly prevent social engineering attack to target students who are information majors. 2. It is assumed that senior student (junior and senior students) should have more information literacy than junior experimenters (freshmen and sophomore) do. In this experiment, the assumption is confirmed. Senior students could effectively identify social engineering attacks, and provide no personal information. 3. The students, who have been defrauded by social engineering before, would have fewer chance (less than 50%)to be defrauded again by similar social engineering attacks. Finally, how to avoid and prevent social engineering attacks in emails has been explored and analyzed. Alternatives of avoiding being attacks by social engineering are also suggested.
19
Chen, Wen Chu, and 朱震文. "The Association between Social Engineering attacks and Employee Background: An Example of C Petroleum Company." Thesis, 2016. http://ndltd.ncl.edu.tw/handle/qd5he6.
Full textAbstract:
碩士國立臺北科技大學
管理學院資訊與財金管理EMBA專班
104
Social engineering attacks (Social Engineering), is a use of human weakness, if employees lack of information security knowledge, make it easy for hackers bypass the computer security system protected to get business security by way of talk by phone, email, or counterfeit identity of person, results serious business disruption or loss. This research used data mining to find out the association rules from social engineer attacks and employee background. This study took a petroleum Company, C, as an example and collected drill result as the basis of analysis. After data collection is complete, use WEKA tools for analysis. We found a significant effect of employee background and email social engineering attacks. Results indicates seniority between 15-30 years of age 55 or older employees are opportunities for successful social engineering attack is relatively high, the message subject to new technology or published books more easily induced click, through this thesis provides suggestions to make the organizations people to raise awareness in order to reduce the risk of social engineering attacks.
20
Jansen, van Rensburg Shandre Kim. "The human in information security : an analysis of social engineering attacks in the greater Tshwane area of Gauteng, South Africa." Thesis, 2017. http://hdl.handle.net/10500/22646.
Full text
21
Lin, Wei-kuo, and 林維國. "A Study of Government Agencies in Social Engineering Exercise Based on Attacks from Malicious Email Samples:The Case of A Agency." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/07637738153212041969.
Full textAbstract:
碩士國立中央大學
資訊管理學系碩士在職專班
100
In recent years, information and communication technology (ICT) has developed rapidly in Taiwan. However, information security incidents emerge endlessly. Observing the past incidents in general indicate that not only private enterprises are easy to be invaded by hackers, but government organizations are also victims of “targeted attack.” The main purpose of this kind of attacks is stealing sensitive data not by traditional ways of hacking but by attacking weaknesses in human nature combined with “social engineering.” It perfectly utilizes zero-day attack, in connection with weak aspects of human nature, by skillfully attaching malicious files in e-mail and sending to targeted e-mail boxes. When government users are lured to check out the malicious files, they will lose command ability and hackers can successfully achieve the purpose of gradually infiltrating government organizations. This study took a particular government agency, A, as an example and collected 173 malicious e-mail samples (new/unknown malicious e-mail when attacking) that the agency suffered in 2011 as the basis of analysis. The study, through research design and two analytical processes, extracted deep information and analyzed the information with association rules, and found the attack patterns and characteristics. Furthermore, the study compared the findings with malicious e-mail social engineering exercise in order to improve social engineering exercises and management of malicious e-mail attacks. This study found that A agency was attacked by targeted attacks that conformed with the characteristics of advanced persistent penetration attacks (APT), and most attacks were malicious e-mail social engineering attacks. Facing such attacks, this study suggested A agency should improve its drill program for preventing malicious electronic social engineering attacks; In addition, the study suggests the agency to carefully inspect its “officers” and “the computers used by the officers” and proposes the active defense concept, MFAR (Monitor, Forensics, Analysis, Record), in order to reduce the opportunities of successful invasion.
22
Van, Rensburg Kim Shandre Jansen. "The human element in information security : an analysis of social engineering attacks in the greater Tshwane area of Gauteng, South Africa." Thesis, 2017. http://hdl.handle.net/10500/22681.
Full text
23
Lee, Chun-Cheng, and 李俊成. "Research on the Relationship between Personality Traits and Email Social Engineering Attacks-A Case Study of A Department of Ministry of National Defense." Thesis, 2015. http://ndltd.ncl.edu.tw/handle/e4uv6q.
Full textAbstract:
碩士萬能科技大學
資訊管理研究所在職專班
103
Well-developed network technology today. Let us explore the world faster and easier flow of information. However, security information and communications has fiasco. Especially in recent years to focus on e-mail social engineering hacker attacks. The emergence of such attacks is often difficult to deal with, and cause significant losses. So the information security industry in the relevant protection solutions, for the risk of "person" under attack assessment is an important work, but studies are rare. Our research questions the relationship between personality traits and email that social engineering attack. First, we fully explore the literatures, discuss information security and social engineering on the existing research methods. And the FFM (The Five Factor Model) of psychology in principle, we sent 400 questionnaires to a department of Ministry of National Defense, and the study of social engineering exercise system using social engineering typical classification of e-mail attacks , And for the study of social engineering exercise system using social engineering typical classification of e-mail attacks. After data collection is complete, use SPSS and SmartPLS tools for analysis. We found a significant effect of personality traits and email social engineering attacks. In addition the results could provide academics understand the relationship between personality traits and email social engineering attack. We can recommend and evaluate information security education and training as a safety-related hardware and software information and support measures to build on the practice, in order to prevent that is hacked and risk mitigation. We can recommend and evaluate information security education and training programs and support information security-related hardware and software build on practical measures for the prevention and mitigation of risk by the hack.
24
Silva, Francisco José Albino Faria Castro e. "Classificação taxonómica dos ataques de Engenharia Social : caracterização da problemática da segurança de informação em Portugal relativamente à Engenharia Social." Master's thesis, 2013. http://hdl.handle.net/10400.14/15690.
Full textAbstract:
Nos nossos dias, a informação é um recurso de vital importância. Com a necessidade de protegerem esse activo, as empresas implementam mecanismos com o objectivo de garantirem a integridade, confidencialidade e a disponibilidade da informação. Na dificuldade em ultrapassarem as barreiras tecnológicas de segurança, os ataques têm sido incrementalmente direccionados ao elemento humano – o utilizador, principalmente, pese embora técnicos possam também ser o alvo destes. Os atacantes, através da aplicação de técnicas e da exploração das vulnerabilidades do ser humano, entre as quais a ingenuidade, a curiosidade e a confiança, concretizam os seus objectivos.
Deste modo, e tendo em conta a relevância do problema, surge este trabalho que tem como objectivo:
identificar o nível de conhecimento dos utilizadores e dos responsáveis de TI
em relação à problemática da engenharia social em Portugal,
identificar as medidas de segurança adoptadas,
identificar as técnicas mais usadas,
identificar o principal objectivo dos ataques,
identificar a preocupação com a formação,
Apresentar uma nova classificação dos ataques de engenharia social.
A investigação envolveu 393 utilizadores que frequentam as redes sociais e 41 responsáveis por sistemas de informação. Tendo em vista a prossecução dos objectivos analisaram-se as respostas aos questionários. A análise dos dados revelou:
que o nível de conhecimento sobre a problemática da engenharia social é reduzido;
em relação às medidas de segurança, verifica-se que a instalação do antivírus e a utilização de uma firewall são as mais aplicadas.
em relação às técnicas de ataque constatou-se que o Phishing e o Spam-mail são as mais usadas;
que a principal motivação dos ataques é o roubo de informação.
a preocupação com a formação dos colaboradores não é uma prioridade, entre as empresas inquiridas, apenas 23% promovem acções de formação.
Com o objectivo de auxiliarmos os responsáveis de segurança no desenvolvimento de políticas e controlos, foi proposta uma nova forma de abordar os ataques de engenharia social, através da classificação dos ataques com base no tipo de abordagem, entre a vítima e o atacante, directa ou indirecta. Na abordagem directa não existe a necessidade de utilização de qualquer meio de comunicação, o contacto é presencial. A abordagem indirecta é realizada através da utilização dos meios de comunicação. Na proposta realizada, as técnicas de ataque foram analisadas com base na relação de dependência entre as diversas técnicas e na identificação da relação entre as técnicas e as ameaças.Nowadays, information is a resource of vital importance. With the need to protect that asset, companies implement mechanisms aimed at ensuring the integrity, confidentiality and information availability. Due to the difficulty of overcoming the technological barriers of security, the attacks have been directed to the human element. The attackers, by applying attack techniques and exploiting human vulnerabilities, among which ingenuity, curiosity and confidence, achieve their objectives. Thus, taking into account the relevance of the problem, this work aims to: identify the level of knowledge of users and IT managers concerning the problem of social engineering in Portugal, as well as the security measures, the mostly used techniques, the main aim of the attacks, concern about training, and finally present a new classification of social engineering attacks. The research involved 393 users who use social networks and 41 information system managers. In order to achieve the objective, the answers to the questionnaires were analysed. Data analysis revealed that: the level of knowledge about the problem of social engineering is low, regarding security measures, it appears that antivirus installation and use of a firewall are the most applied, regarding the attack techniques we found that Phishing and spam-email are the most used, and that the main motive of the attacks is the theft of information, the concern with employee training is not a priority among the companies surveyed, with only 23% promoting training workshops. In order to support the security managers in the development of security policies, we propose a new way of approaching social engineering attacks through the classification of attacks based on the type of approach, between the victim and attacker, direct or indirect. In the direct approach there is no need to use any means of communication, the contact is in person. The indirect approach is accomplished through the use of communication media. In this study, the attack techniques were analysed based on the interdependence between the various techniques, and on the identification of the relationship between techniques and threats.
25
Cullen, Andrea J., and Lorna Armitage. "The Social Engineering Attack Spiral (SEAS)." 2016. http://hdl.handle.net/10454/10702.
Full textAbstract:
YesCybercrime is on the increase and attacks are becoming ever more sophisticated. Organisations are investing huge sums of money and vast resources in trying to establish effective and timely countermeasures. This is still a game of catch up, where hackers have the upper hand and potential victims are trying to produce secure systems hardened against what feels like are inevitable future attacks. The focus so far has been on technology and not people and the amount of resource allocated to countermeasures and research into cyber security attacks follows the same trend. This paper adds to the growing body of work looking at social engineering attacks and therefore seeks to redress this imbalance to some extent. The objective is to produce a model for social engineering that provides a better understanding of the attack process such that improved and timely countermeasures can be applied and early interventions implemented.
26
Fung, Jian-Jun, and 方建鈞. "A Study for Preventing Social Engineering Attack Types." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/39776911866478968649.
Full textAbstract:
碩士清雲科技大學
資訊管理所
100
In recent years, as Web 2.0 gains its popularity, the audio and multimedia effects on the web pages are more diverse, interactive, and abundant. Now, the social networks are hot, such as Facebook, Plurk, Twitter, Free Blog, Xuite, and Yam Blog, and MSN, Yahoo! Messenger, Skype, mobile phones, and emails have their tremendous influences which cannot be neglected. According to the statistic of ComScore company to the end of 2011, there were 794 million people visited Facebook monthly; each person spend 377 minutes, that is more than 6 hours, on social networks. Recently, 165 anti-fraud hotline of National Police Agency has found there were consecutive social network attacking cases. In view of the prosperous of the Internet, the social engineering attacking is derived from the former emails to social networks today. If we do not pay attention to and strengthen the information security management, the information security cases will repeat itself. The influences will be broadened, and the lost and damage is beyond calculation. This research discusses the social engineering attacking related to social networks and compare these information security cases according to case analysis method. Also, we discuss the social engineering attack control measures in international ISO/IEC 27001 information security management standard and combine the standard operation procedure of ISO/IEC TR 18044 information security matters management. By the risk management regulations and guideline of AS/NZS ISO/IEC 31000, we measure the impact and chances of rick, establish complete evaluation and handling procedures, and etc. We hope that the related information security matters can be reduced and stop related social engineering attacking from happening.
27
Kao, Chi Sheng, and 高啟聖. "An Intrusion Event Initialized From The Email Social Engineering Attack." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/15946594424458300721.
Full textAbstract:
碩士國立臺灣科技大學
管理研究所
102
This study applies the writing method of Harvard case study. The study states the organization implement the security information system and execute the email social engineering test and training but users are still lack awareness of information security. Hackers use an email to invade the internal easily, the case how to solve this problem? How the case balance security and convenience when they manage security information system. This paper contains case content and manual for teachers. This study describe how the user execute the email in detail so the hacker intrude the organization. While the organization implement the security information system, high level managers and staff have different tune, which led to the problem? Why the education and training can’t reach the original goal? The case combine the theory and practice, so the readers can take better action when they encounter similar problems.
28
Hung, Chia Lung, and 洪嘉隆. "A new attack model and defense suggestion using Social Engineering in instant messaging environment." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/18084735904193783288.
Full textAbstract:
碩士長庚大學
資訊管理學研究所
97
Social engineering is currently one of the most common network attacks. Attackers inveigle users to obtain unauthorized access to the resources due to the negligence of the users. Therefore, this phenomenon has become a vulnerability to the network security. As the growing dependence of users on instant messaging applications, potential threats would increase due to the attacks with social engineering. To prevent this attack, users have been educated not to open the files or check the hyperlinks before their sources have been identified. Consequently, the threats have been considered to weaken gradually. Although the attack model sending a hyperlink directly without any beforehand dialogue has been losing its success, however, attackers may still exploit the characteristics of active interaction inherent in instant messaging, which may still create another effective vulnerability of users. In light of this consideration, this research presents a new attack model: the attacker waits for a period of time before interacting with the victim. Our assumed scenario is that an instant messaging worm sends the inductive message when two normal users are talking to each other. It was expected that this proposed attack model will easily let users click the hyperlink unsuspectingly, as they believe the link contains no malicious intention. This research conducts experiments to observe whether the research expectations are met. The results show that users tended to more click the hyperlink after the initial five messages than those in the scenario where the hyperlink was issued as the first message. On the other hand, the successful rate of the attack had no obvious increase when the number of messages was manipulated with a larger number (fifteen). A possible explanation may be that user trust remains stable after the specified number of interactions.
29
(9187496), Priyanka Tiwari. "EXPLORING PHISHING SUSCEPTIBILITY ATTRIBUTABLE TO AUTHORITY, URGENCY, RISK PERCEPTION AND HUMAN FACTORS." Thesis, 2020.
Find full textAbstract:
Security breaches nowadays are not limited to technological orientation. Research in the information security domain is gradually shifting towards human behavioral orientation toward breaches that target weaknesses arising from human behaviors (Workman et al., 2007). Currently, social engineering breaches are more effective than many technical attacks. In fact, the majority of cyber assaults have a social engineering component. Social Engineering is the art of manipulating human flaws towards a malicious objective (Breda et al., 2017). In the likely future, social engineering will be the most predominant attack vector within cyber security (Breda et al., 2017). Human failures, persuasion and social influences are key elements to understand when considering security behaviors. With the increasing concerns for social engineering and advancements in human factors-based technology, phishing emails are becoming more prevalent in exploiting human factors and external factors. Such factors have been researched upon in pairs, not overall. Till date, there is not much research done to identify the collaborative links between authority, urgency, risk perception and human factors such as personality traits, and knowledge. This study investigates about phishing email characters, external influences, human factors influences, and their collaborative effects.