Relevant bibliographies by topics / Social engineering attacks / Journal articles
To see the other types of publications on this topic, follow the link: Social engineering attacks.

Journal articles on the topic 'Social engineering attacks'

Author: Grafiati
Published: 4 June 2021
Last updated: 1 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'Social engineering attacks.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Shi, Zheyuan Ryan, Aaron Schlenker, Brian Hay, Daniel Bittleston, Siyu Gao, Emily Peterson, John Trezza, and Fei Fang. "Draining the Water Hole: Mitigating Social Engineering Attacks with CyberTWEAK." Proceedings of the AAAI Conference on Artificial Intelligence 34, no. 08 (April 3, 2020): 13363–68. http://dx.doi.org/10.1609/aaai.v34i08.7050.

Full text
Abstract:
Cyber adversaries have increasingly leveraged social engineering attacks to breach large organizations and threaten the well-being of today's online users. One clever technique, the “watering hole” attack, compromises a legitimate website to execute drive-by download attacks by redirecting users to another malicious domain. We introduce a game-theoretic model that captures the salient aspects for an organization protecting itself from a watering hole attack by altering the environment information in web traffic so as to deceive the attackers. Our main contributions are (1) a novel Social Engineering Deception (SED) game model that features a continuous action set for the attacker, (2) an in-depth analysis of the SED model to identify computationally feasible real-world cases, and (3) the CyberTWEAK algorithm which solves for the optimal protection policy. To illustrate the potential use of our framework, we built a browser extension based on our algorithms which is now publicly available online. The CyberTWEAK extension will be vital to the continued development and deployment of countermeasures for social engineering.
APA, Harvard, Vancouver, ISO, and other styles
2

Luo, Xin, Richard Brody, Alessandro Seazzu, and Stephen Burd. "Social Engineering." Information Resources Management Journal 24, no. 3 (July 2011): 1–8. http://dx.doi.org/10.4018/irmj.2011070101.

Full text
Abstract:
Effective information systems security management combines technological measures and managerial efforts. Although various technical means have been employed to cope with security threats, human factors have been comparatively neglected. This article examines human factors that can lead to social engineering intrusions. Social engineering is a technique used by malicious attackers to gain access to desired information by exploiting the flaws in human logic known as cognitive biases. Social engineering is a potential threat to information security and should be considered equally important to its technological counterparts. This article unveils various social engineering attacks and their leading human factors, and discusses several ways to defend against social engineering: education, training, procedure, and policy. The authors further introduce possible countermeasures for social engineering attacks. Future analysis is also presented.
APA, Harvard, Vancouver, ISO, and other styles
3

Salahdine, Fatima, and Naima Kaabouch. "Social Engineering Attacks: A Survey." Future Internet 11, no. 4 (April 2, 2019): 89. http://dx.doi.org/10.3390/fi11040089.

Full text
Abstract:
The advancements in digital communication technology have made communication between humans more accessible and instant. However, personal and sensitive information may be available online through social networks and online services that lack the security measures to protect this information. Communication systems are vulnerable and can easily be penetrated by malicious users through social engineering attacks. These attacks aim at tricking individuals or enterprises into accomplishing actions that benefit attackers or providing them with sensitive data such as social security number, health records, and passwords. Social engineering is one of the biggest challenges facing network security because it exploits the natural human tendency to trust. This paper provides an in-depth survey about the social engineering attacks, their classifications, detection strategies, and prevention procedures.
APA, Harvard, Vancouver, ISO, and other styles
4

Krombholz, Katharina, Heidelinde Hobel, Markus Huber, and Edgar Weippl. "Advanced social engineering attacks." Journal of Information Security and Applications 22 (June 2015): 113–22. http://dx.doi.org/10.1016/j.jisa.2014.09.005.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Ye, Ziwei, Yuanbo Guo, Ankang Ju, Fushan Wei, Ruijie Zhang, and Jun Ma. "A Risk Analysis Framework for Social Engineering Attack Based on User Profiling." Journal of Organizational and End User Computing 32, no. 3 (July 2020): 37–49. http://dx.doi.org/10.4018/joeuc.2020070104.

Full text
Abstract:
Social engineering attacks are becoming serious threats to cloud service. Social engineering attackers could get Cloud service custom privacy information or attack virtual machine images directly. Existing security analysis instruments are difficult to quantify the social engineering attack risk, resulting in invalid defense guidance for social engineering attacks. In this article, a risk analysis framework for social engineering attack is proposed based on user profiling. The framework provides a pathway to quantitatively calculate the possibility of being compromised by social engineering attack and potential loss, so as to effectively complement current security assessment instruments. The frequency of related operations is used to profile and group users for respective risk calculation, and other features such as security awareness and capability of protection mechanism are also considered. Finally, examples are given to illustrate how to use the framework in actual scenario and apply it to security assessment.
APA, Harvard, Vancouver, ISO, and other styles
6

Beckers, Kristian, Leanid Krautsevich, and Artsiom Yautsiukhin. "Using Attack Graphs to Analyze Social Engineering Threats." International Journal of Secure Software Engineering 6, no. 2 (April 2015): 47–69. http://dx.doi.org/10.4018/ijsse.2015040103.

Full text
Abstract:
The acquisition of information about computer systems by mostly non-technical means is called social engineering. Most critical systems are vulnerable to social threats, even when technical security is high. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii) can be used by anyone, (iii) is cheap, (iv) almost impossible to eliminate completely. The integration of social engineering attackers with other attackers, such as software or network ones, is missing so far. Existing research focuses on classifying and analyzing social engineering attacks. The authors' contribution is to consider social engineering exploits together with technical vulnerabilities. The authors introduce a method for the integration of social engineering exploits into attack graphs and propose a simple quantitative analysis of the graphs that helps to develop a comprehensive defensive strategy.
APA, Harvard, Vancouver, ISO, and other styles
7

Alhamad, Amal, Dalal Aldablan, and Raghad Albahlal. "Examination of Assorted Social Engineering Attack by Different Types of Machine Learning Algorithms." International Journal of Computer Science and Mobile Computing 10, no. 7 (July 30, 2021): 56–60. http://dx.doi.org/10.47760/ijcsmc.2021.v10i07.008.

Full text
Abstract:
The most powerful attack on the systems is Social Engineering Attack because of this attack deals with Psychology so that there is no hardware or software can prevent it or even can defend it and hence people need to be trained to defend against it.[1] Social engineering is mostly done by phone or email. In this research, which is based on previous research we have conducted, the aim of it was of it was to highlight the different social engineering attacks and how they can prevent in social network because social engineering is one of the biggest problems in social network, a concern the privacy and security. This project is using a set of data then analysis it uses the Weka tool, to defend against these attacks we have evaluated three decision tree algorithms, RandomForest, REPTree and RandomTree. It was also related to an J48 algorithm, On the contrary, here contains a complete overview of social engineering attacks, also more than one algorithm was searched.
APA, Harvard, Vancouver, ISO, and other styles
8

VLAD, Ionela-Mariana. "Security of Personal Data in Social Networks." International Journal of Information Security and Cybercrime 7, no. 2 (December 29, 2018): 14–24. http://dx.doi.org/10.19107/ijisc.2018.02.02.

Full text
Abstract:
Nowadays, social networks are some of the fastest growing online services. Take for instance the case of Facebook which is considered to be the second most visited site on the Internet and reports growth rates of 3% per week. Social engineering attacks target human weaknesses instead of the technical vulnerabilities of the system. Usually, the attackers are attracted by the large amount of personal data published on the user’s profile. In social networks, the next attacks are specific to reverse social engineering: recommendation-based, visitor tracking-based and demographics-based attacks. In this paper, I will study the risks of using Facebook, the implication of Reverse Social Engineering in social networks and methods of securing a Facebook account.
APA, Harvard, Vancouver, ISO, and other styles
9

Aldawood, Hussain, and Geoffrey Skinner. "An Advanced Taxonomy for Social Engineering Attacks." International Journal of Computer Applications 177, no. 30 (January 16, 2020): 1–11. http://dx.doi.org/10.5120/ijca2020919744.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Sarriegi, Jose M., and Jose J. Gonzalez. "Conceptualising social engineering attacks through system archetypes." International Journal of System of Systems Engineering 1, no. 1/2 (2008): 111. http://dx.doi.org/10.1504/ijsse.2008.018134.

Full text
APA, Harvard, Vancouver, ISO, and other styles
11

Sokolov, Volodymyr Yu, and Davyd M. Kurbanmuradov. "METHOD OF COUNTERACTION IN SOCIAL ENGINEERING ON INFORMATION ACTIVITY OBJECTIVES." Cybersecurity: Education, Science, Technique, no. 1 (2018): 6–16. http://dx.doi.org/10.28925/2663-4023.2018.1.616.

Full text
Abstract:
The article presents a study using attacks such as a fake access point and a phishing page. The previous publications on social engineering have been reviewed, statistics of break-ups are analyzed and directions and mechanism of realization of attacks having elements of social engineering are analyzed. The data from the research in three different places were collected and analyzed and the content statistics were provided. For comparison, three categories of higher education institutions were chosen: technical, humanitarian and mixed profiles. Since the research was conducted in educational institutions during the week, most students in the experiment and graduate students took part in the experiment. For each educational institution, a registration form template was created that mimicked the design of the main pages. Examples of hardware and software implementation of a typical stand for attack, data collection and analysis are given. In order to construct a test stand, widely available components were chosen to show how easy it is to carry out attacks of this kind without significant initial costs and special skills. The article provides statistics on the number of connections, permission to use the address of the e-mail and password, as well as permission to automatically transfer service data to the browser (cookies). The statistics are processed using specially written algorithms. The proposed approaches to solving the problem of socio-technical attacks can be used and implemented for operation on any objects of information activity. As a result of the experiments, it is clear that the awareness of users of even technical specialties is not enough, so one needs to pay particular attention to the development of methods for raising awareness of users and reducing the number of potential attacks on objects of information activity.
APA, Harvard, Vancouver, ISO, and other styles
12

Azarov, Artur Alexandrovich, Elena Victorovna Brodovskaya, Anastasia Victorovna Vakhromeeva, Andrey Alexandrovich Glazkov, Oksana Vladimirovna Dmitrieva, Valeriya Fuatovna Musina, Vladimir Dmitrievich Nechaev, et al. "Memes and social engineering attacks in virtual space." SPIIRAS Proceedings 7, no. 30 (March 17, 2014): 88. http://dx.doi.org/10.15622/sp.30.7.

Full text
APA, Harvard, Vancouver, ISO, and other styles
13

Cletus, Azaabi, and Ussiph Najim. "Towards Securing Organizational Data against Social Engineering Attacks." International Journal of Computer Applications 180, no. 28 (March 20, 2018): 28–34. http://dx.doi.org/10.5120/ijca2018916649.

Full text
APA, Harvard, Vancouver, ISO, and other styles
14

Choi, Dongmin, Cheolheon Baek, and Ilyong Chung. "Virtual Keyboard against Social Engineering Attacks in Smartphones." Journal of Korea Multimedia Society 18, no. 3 (March 30, 2015): 368–75. http://dx.doi.org/10.9717/kmms.2015.18.3.368.

Full text
APA, Harvard, Vancouver, ISO, and other styles
15

Marczak, William R., and Vern Paxson. "Social Engineering Attacks on Government Opponents: Target Perspectives." Proceedings on Privacy Enhancing Technologies 2017, no. 2 (April 1, 2017): 172–85. http://dx.doi.org/10.1515/popets-2017-0022.

Full text
Abstract:
AbstractNew methods of dissident surveillance employed by repressive nation-states increasingly involve socially engineering targets into unwitting cooperation (e.g., by convincing them to open a malicious attachment or link). While a fair amount is understood about the nature of these threat actors and the types of tools they use, there is comparatively little understood about targets’ perceptions of the risks associated with their online activity, and their security posture. We conducted in-depth interviews of 30 potential targets of Middle Eastern and Horn of Africa-based governments, also examining settings and software on their computers and phones. Our engagement illuminates the ways that likely targets are vulnerable to the types of social engineering employed by nation-states.
APA, Harvard, Vancouver, ISO, and other styles
16

Patel, Naiya. "SOCIAL ENGINEERING AS AN EVOLUTIONARY THREAT TO INFORMATION SECURITY IN HEALTHCARE ORGANIZATIONS." Jurnal Administrasi Kesehatan Indonesia 8, no. 1 (March 28, 2020): 56. http://dx.doi.org/10.20473/jaki.v8i1.2020.56-64.

Full text
Abstract:
Information security in healthcare settings is overlooked even though it is the most vulnerable for social engineering attacks. The theft of hospital information data is critical to be monitored as they contain patients’ confidential health information. If leaked, the data can impact patients’ social as well as professional life. The hospital data system includes administrative data, as well as employees’ personal information hacked, which can cause identity theft. The current paper discusses types and sources of social engineering attacks in healthcare organizations. Social engineering attacks occur more frequently than other malware attacks, and hence it is crucial to understand what social engineering is and its vulnerabilities to understand the prevention measures. The paper describes types of threats, potential vulnerabilities, and possible solutions to prevent social engineering attacks in healthcare organizations. Keywords: social engineering, hospitals, healthcare organizations, information security.
APA, Harvard, Vancouver, ISO, and other styles
17

Campbell, Curtis C. "Solutions for counteracting human deception in social engineering attacks." Information Technology & People 32, no. 5 (October 7, 2019): 1130–52. http://dx.doi.org/10.1108/itp-12-2017-0422.

Full text
Abstract:
Purpose The purpose of this paper is to investigate the top three cybersecurity issues in organizations related to social engineering and aggregate solutions for counteracting human deception in social engineering attacks. Design/methodology/approach A total of 20 experts within Information System Security Association participated in a three-round Delphi study for aggregating and condensing expert opinions. Three rounds moved participants toward consensus for solutions to counteract social engineering attacks in organizations. Findings Three significant issues: compromised data; ineffective practices; and lack of ongoing education produced three target areas for implementing best practices in countering social engineering attacks. The findings offer counteractions by including education, policies, processes and continuous training in security practices. Research limitations/implications Study limitations include lack of prior data on effective social engineering defense. Research implications stem from the psychology of human deception and trust with the ability to detect deception. Practical implications Practical implications relate to human judgment in complying with effective security policies and programs and consistent education and training. Future research may include exploring financial, operational and educational costs of implementing social engineering solutions. Social implications Social implications apply across all knowledge workers who benefit from technology and are trusted to protect organizational assets and intellectual property. Originality/value This study contributes to the field of cybersecurity with a focus on trust and human deception to investigate solutions to counter social engineering attacks. This paper adds to under-represented cybersecurity research regarding effective implementation for social engineering defense.
APA, Harvard, Vancouver, ISO, and other styles
18

Alharthi, Dalal, and Amelia Regan. "A Literature Survey and Analysis on Social Engineering Defense Mechanisms and Infosec Policies." International Journal of Network Security & Its Applications 13, no. 2 (March 31, 2021): 41–61. http://dx.doi.org/10.5121/ijnsa.2021.13204.

Full text
Abstract:
Social engineering attacks can be severe and hard to detect. Therefore, to prevent such attacks, organizations should be aware of social engineering defense mechanisms and security policies. To that end, the authors developed a taxonomy of social engineering defense mechanisms, designed a survey to measure employee awareness of these mechanisms, proposed a model of Social Engineering InfoSec Policies (SE-IPs), and designed a survey to measure the incorporation level of these SE-IPs. After analyzing the data from the first survey, the authors found that more than half of employees are not aware of social engineering attacks. The paper also analyzed a second set of survey data, which found that on average, organizations incorporated just over fifty percent of the identified formal SE-IPs. Such worrisome results show that organizations are vulnerable to social engineering attacks, and serious steps need to be taken to elevate awareness against these emerging security threats.
APA, Harvard, Vancouver, ISO, and other styles
19

Conteh, Nabie Y., and Paul J. Schmick. "Cybersecurity:risks, vulnerabilities and countermeasures to prevent social engineering attacks." International Journal of Advanced Computer Research 6, no. 23 (February 12, 2016): 31–38. http://dx.doi.org/10.19101/ijacr.2016.623006.

Full text
APA, Harvard, Vancouver, ISO, and other styles
20

Aldawood, Hussain, and Geoffrey Skinner. "A Taxonomy for Social Engineering Attacks via Personal Devices." International Journal of Computer Applications 178, no. 50 (September 17, 2019): 19–26. http://dx.doi.org/10.5120/ijca2019919411.

Full text
APA, Harvard, Vancouver, ISO, and other styles
21

Power, Richard, and Dario Forte. "Social engineering: attacks have evolved, but countermeasures have not." Computer Fraud & Security 2006, no. 10 (October 2006): 17–20. http://dx.doi.org/10.1016/s1361-3723(06)70433-x.

Full text
APA, Harvard, Vancouver, ISO, and other styles
22

Shin, Dong Cheon, and Young Hoo Park. "Development of Risk Assessment Indices for Social Engineering Attacks." Journal of Security Engineering 14, no. 2 (April 30, 2017): 143–56. http://dx.doi.org/10.14257/jse.2017.04.01.

Full text
APA, Harvard, Vancouver, ISO, and other styles
23

Bullée, Jan-Willem Hendrik, Lorena Montoya, Wolter Pieters, Marianne Junger, and Pieter Hartel. "On the anatomy of social engineering attacks-A literature-based dissection of successful attacks." Journal of Investigative Psychology and Offender Profiling 15, no. 1 (July 14, 2017): 20–45. http://dx.doi.org/10.1002/jip.1482.

Full text
APA, Harvard, Vancouver, ISO, and other styles
24

Franchi, Enrico, Agostino Poggi, and Michele Tomaiuolo. "Information Attacks on Online Social Networks." Journal of Information Technology Research 7, no. 3 (July 2014): 54–71. http://dx.doi.org/10.4018/jitr.2014070104.

Full text
Abstract:
Online social networks have changed the way people interact, allowing them to stay in touch with their acquaintances, reconnect with old friends, and establish new relationships with other people based on hobbies, interests, and friendship circles. Unfortunately, the regrettable concurrence of the users' carefree attitude in sharing information, the often sub-par security measures from the part of the system operators and, eventually, the high value of the published information make online social networks an interesting target for crackers and scammers alike. The information contained can be used to trigger attacks to even more sensible targets and the ultimate goal of sociability shared by the users allows sophisticated forms of social engineering inside the system. This work reviews some typical social attacks that are conducted on social networking systems, carrying real-world examples of such violations and analysing in particular the weakness of password mechanisms. It then presents some solutions that could improve the overall security of the systems.
APA, Harvard, Vancouver, ISO, and other styles
25

Heartfield, Ryan, and George Loukas. "A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks." ACM Computing Surveys 48, no. 3 (February 8, 2016): 1–39. http://dx.doi.org/10.1145/2835375.

Full text
APA, Harvard, Vancouver, ISO, and other styles
26

Medlin, B. Dawn, Joseph A. Cazier, and Daniel P. Foulk. "Analyzing the Vulnerability of U.S. Hospitals to Social Engineering Attacks." International Journal of Information Security and Privacy 2, no. 3 (July 2008): 71–83. http://dx.doi.org/10.4018/jisp.2008070106.

Full text
APA, Harvard, Vancouver, ISO, and other styles
27

Franchi, Enrico, Agostino Poggi, and Michele Tomaiuolo. "Information and Password Attacks on Social Networks." Journal of Information Technology Research 8, no. 1 (January 2015): 25–42. http://dx.doi.org/10.4018/jitr.2015010103.

Full text
Abstract:
Online social networks have changed the way people interact, allowing them to stay in touch with their acquaintances, reconnect with old friends, and establish new relationships with other people based on hobbies, interests, and friendship circles. Unfortunately, the regrettable concurrence of the users' carefree attitude in sharing information, the often sub-par security measures from the part of the system operators and, eventually, the high value of the published information make online social networks an interesting target for crackers and scammers alike. The information contained can be used to trigger attacks to even more sensible targets and the ultimate goal of sociability shared by the users allows sophisticated forms of social engineering inside the system. This work reviews some typical social attacks that are conducted on social networking systems, carrying real-world examples of such violations and analysing in particular the weakness of password mechanisms. It then presents some solutions that could improve the overall security of the systems.
APA, Harvard, Vancouver, ISO, and other styles
28

Volkov, A. K., A. K. Volkov, and L. I. Frolova. "Research of the aviation personnel vulnerability profile to social engineering attacks." Civil Aviation High Technologies 23, no. 2 (April 22, 2020): 20–32. http://dx.doi.org/10.26467/2079-0619-2020-23-2-20-32.

Full text
APA, Harvard, Vancouver, ISO, and other styles
29

Kim, Do-Woo, and Gyu-Peom Lee. "A Study on the Classifying the Type of Social Engineering Attacks." Korean Journal of Industry Security 9, no. 2 (December 30, 2019): 9–21. http://dx.doi.org/10.33388/kais.2019.9.2.009.

Full text
APA, Harvard, Vancouver, ISO, and other styles
30

Park, Younghoo, and Dongcheon Shin. "A Risk Assessment Scheme of Social Engineering Attacks for Enterprise Organizations." Jouranl of Information and Security 19, no. 1 (March 31, 2019): 103–10. http://dx.doi.org/10.33778/kcsa.2019.19.1.103.

Full text
APA, Harvard, Vancouver, ISO, and other styles
31

Khidzir, Nik Zulkarnaen, and Shekh Abdullah-Al-Musa Ahmed. "Viewpoint of Probabilistic Risk Assessment in Artificial Enabled Social Engineering Attacks." Journal of Contemporary Issues and Thought 9 (August 15, 2019): 12–17. http://dx.doi.org/10.37134/jcit.vol9.2.2019.

Full text
APA, Harvard, Vancouver, ISO, and other styles
32

Tak, Dongkil, and Dongmin Choi. "Layered Pattern Authentication Scheme on Smartphone Resistant to Social Engineering Attacks." Journal of Korea Multimedia Society 19, no. 2 (February 28, 2016): 280–90. http://dx.doi.org/10.9717/kmms.2016.19.2.280.

Full text
APA, Harvard, Vancouver, ISO, and other styles
33

Junger, M., L. Montoya, and F. J. Overink. "Priming and warnings are not effective to prevent social engineering attacks." Computers in Human Behavior 66 (January 2017): 75–87. http://dx.doi.org/10.1016/j.chb.2016.09.012.

Full text
APA, Harvard, Vancouver, ISO, and other styles
34

Karpati, Peter, Guttorm Sindre, and Raimundas Matulevicius. "Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks." International Journal of Secure Software Engineering 3, no. 2 (April 2012): 54–73. http://dx.doi.org/10.4018/jsse.2012040103.

Full text
Abstract:
Understanding the social engineering threat is important in requirements engineering for security-critical information systems. Mal-activity diagrams have been proposed as being better than misuse cases for this purpose, but without any empirical testing. The research question in this study is whether mal-activity diagrams would be more efficient than misuse cases for understanding social engineering attacks and finding prevention measures. After a conceptual comparison of the modelling techniques, a controlled experiment is presented, comparing the efficiency of using the two techniques together with textual descriptions of social engineering attacks. The results were fairly equal, the only significant difference being a slight advantage for mal-activity diagrams concerning perceived ease of use. The study gives new insights into the relative merits of the two techniques, and suggests that the advantage of mal-activity diagrams is smaller than previously assumed. However, more empirical investigations are needed to make detailed conclusions.
APA, Harvard, Vancouver, ISO, and other styles
35

Endsley, Mica R. "Combating Information Attacks in the Age of the Internet: New Challenges for Cognitive Engineering." Human Factors: The Journal of the Human Factors and Ergonomics Society 60, no. 8 (October 30, 2018): 1081–94. http://dx.doi.org/10.1177/0018720818807357.

Full text
Abstract:
Objective: This article provides an overview of the characteristics of misinformation and information attack and their effects on the perceptions of the public, with the objective of outlining potential solutions and needed research for countering this growing problem. Background: Society is facing a significant challenge from the spread of misinformation through websites and social media that has driven a divergence in people’s perceptions and understanding of basic facts associated with many issues relevant to public policy decisions, including the economy, taxation, and the deficit; climate change and the environment; and vaccinations and public health and safety. A number of factors are driving this fracture, including information presentation challenges that lead to poor information understanding, deliberate information attacks, social network propagation, poor assessments of information reliability, and cognitive biases that lead to a rejection of information that conflicts with preexisting beliefs. Results: A framework for understanding information attack is provided, including common sources, features, avenues, cognitive mechanisms, and major challenges in overcoming information attacks. Conclusion and Application: Potential solutions and research needs are presented for improving people’s understanding of online information associated with a wide range of issues affecting public policy.
APA, Harvard, Vancouver, ISO, and other styles
36

Bakhshi, Taimur, Maria Papadaki, and Steven Furnell. "Social engineering: assessing vulnerabilities in practice." Information Management & Computer Security 17, no. 1 (March 20, 2009): 53–63. http://dx.doi.org/10.1108/09685220910944768.

Full text
Abstract:
PurposeThe purpose of this paper is to investigate the level of susceptibility to social engineering amongst staff within a cooperating organisation.Design/methodology/approachAn e‐mail‐based experiment was conducted, in which 152 staff members were sent a message asking them to follow a link to an external web site and install a claimed software update. The message utilised a number of social engineering techniques, but was also designed to convey signs of a deception in order to alert security‐aware users. The external web site, to which the link was pointing, was intentionally badly designed in the hope of raising the users' suspicions and preventing them from proceeding with the software installation.FindingsIn spite of a short window of operation for the experiment, the results revealed that 23 per‐cent of recipients were fooled by the attack, suggesting that many users lack a baseline level of security awareness that is useful to protect them online.Research limitations/implicationsAfter running for approximately 3.5 h, the experiment was ceased, after a request from the organisation's IT department. Thus, the correct percentage of unique visits is likely to have been higher. Also, the mailings were sent towards the end of a working day, thus limiting the number of people who got to read and respond to the message before the experiment was ended.Practical implicationsDespite its limitations, the experiment clearly revealed a significant level of vulnerability to social engineering attacks. As a consequence, the need to raise user awareness of social engineering and the related techniques is crucial.Originality/valueThis paper provides further evidence of users' susceptibility to the problems, by presenting the results of an e‐mail‐based social engineering study that was conducted amongst staff within a cooperating organisation.
APA, Harvard, Vancouver, ISO, and other styles
37

Khlobystova, A. O., M. V. Abramov, A. L. Tulupyev, and A. A. Zolotin. "Search for the shortest trajectory of a social engeneering attack between a pair of users in a graph with transition probabilities." Information and Control Systems, no. 6 (December 18, 2018): 74–81. http://dx.doi.org/10.31799/1684-8853-2018-6-74-81.

Full text
Abstract:
Introduction: Social engineering attacks can be divided into two types: direct (one-way) and multi-pass ones, passing through a chain of users. Normally, there are several propagation paths for a multi-pass social engineering attack between two users. Estimates of the probabilities of an attack to spread along different trajectories will differ. Purpose: Identification of the most critical (most probable) trajectory for a multi-pass social engineering attack between two users. Methods: Methods of searching, matching and algorithm analysis are used to identify the most critical trajectory of attack propagation. They apply the information about the intensity of the interaction between employees in companies based on data extracted from social networks. These algorithms are reduced, using a number of transformations of the original data, to the algorithms of finding the shortest path in a graph. The estimates of a multi-path social engineering attack success probability are calculated with the methods of constructing an estimate of a complex event probability. Results: We have proposed an approach to identifying the most critical trajectories, whose estimate of the attack success probability is the highest. In the simplest case, the problem can be reduced to finding a path in the graph with the maximum product of the weights of all the edges involved. The resource intensity of the algorithm when searching for the most critical trajectory on a complete graph with a large number of vertices can be reduced with a specially developed technique. A brief overview of the methods and algorithms providing automated search for the most critical propagation path of a social engineering attack showed that in a general case it can be reduced, with some transformations, to the problem of finding the most critical trajectory using the configuration of Dijkstra and Bellman — Ford algorithms. The chosen algorithm was adapted for the specified context, and an approach was proposed to thin out the graph when searching for the most critical trajectory. The presented methods and algorithms are implemented in software code. Numerical experiments were performed to verify the calculation results. Practical relevance: The developed software based on the method and algorithm proposed in this article complements the functionality of the previous versions of software prototypes for analyzing the protection of information system users against social engineering attacks. It allows you to take into account a wider range of factors affecting the assessment of social engineering attack success probability.
APA, Harvard, Vancouver, ISO, and other styles
38

Schaab, Peter, Kristian Beckers, and Sebastian Pape. "Social engineering defence mechanisms and counteracting training strategies." Information & Computer Security 25, no. 2 (June 12, 2017): 206–22. http://dx.doi.org/10.1108/ics-04-2017-0022.

Full text
Abstract:
Purpose This paper aims to outline strategies for defence against social engineering that are missing in the current best practices of information technology (IT) security. Reason for the incomplete training techniques in IT security is the interdisciplinary of the field. Social engineering is focusing on exploiting human behaviour, and this is not sufficiently addressed in IT security. Instead, most defence strategies are devised by IT security experts with a background in information systems rather than human behaviour. The authors aim to outline this gap and point out strategies to fill the gaps. Design/methodology/approach The authors conducted a literature review from viewpoint IT security and viewpoint of social psychology. In addition, they mapped the results to outline gaps and analysed how these gaps could be filled using established methods from social psychology and discussed the findings. Findings The authors analysed gaps in social engineering defences and mapped them to underlying psychological principles of social engineering attacks, for example, social proof. Furthermore, the authors discuss which type of countermeasure proposed in social psychology should be applied to counteract which principle. The authors derived two training strategies from these results that go beyond the state-of-the-art trainings in IT security and allow security professionals to raise companies’ bars against social engineering attacks. Originality/value The training strategies outline how interdisciplinary research between computer science and social psychology can lead to a more complete defence against social engineering by providing reference points for researchers and IT security professionals with advice on how to improve training.
APA, Harvard, Vancouver, ISO, and other styles
39

Nifakos, Sokratis, Krishna Chandramouli, Charoula Konstantina Nikolaou, Panagiotis Papachristou, Sabine Koch, Emmanouil Panaousis, and Stefano Bonacina. "Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review." Sensors 21, no. 15 (July 28, 2021): 5119. http://dx.doi.org/10.3390/s21155119.

Full text
Abstract:
Background: Cybersecurity is increasingly becoming a prominent concern among healthcare providers in adopting digital technologies for improving the quality of care delivered to patients. The recent reports on cyber attacks, such as ransomware and WannaCry, have brought to life the destructive nature of such attacks upon healthcare. In complement to cyberattacks, which have been targeted against the vulnerabilities of information technology (IT) infrastructures, a new form of cyber attack aims to exploit human vulnerabilities; such attacks are categorised as social engineering attacks. Following an increase in the frequency and ingenuity of attacks launched against hospitals and clinical environments with the intention of causing service disruption, there is a strong need to study the level of awareness programmes and training activities offered to the staff by healthcare organisations. Objective: The objective of this systematic review is to identify commonly encountered factors that cybersecurity postures of a healthcare organisation, resulting from the ignorance of cyber threat to healthcare. The systematic review aims to consolidate the current literature being reported upon human behaviour resulting in security gaps that mitigate the cyber defence strategy adopted by healthcare organisations. Additionally, the paper also reviews the organisational risk assessment methodology implemented and the policies being adopted to strengthen cybersecurity. Methods: The topic of cybersecurity within healthcare and the clinical environment has attracted the interest of several researchers, resulting in a broad range of literature. The inclusion criteria for the articles in the review stem from the scope of the five research questions identified. To this end, we conducted seven search queries across three repositories, namely (i) PubMed®/MED-LINE; (ii) Cumulative Index to Nursing and Allied Health Literature (CINAHL); and (iii) Web of Science (WoS), using key words related to cybersecurity awareness, training, organisation risk assessment methodologies, policies and recommendations adopted as counter measures within health care. These were restricted to around the last 12 years. Results: A total of 70 articles were selected to be included in the review, which addresses the complexity of cybersecurity measures adopted within the healthcare and clinical environments. The articles included in the review highlight the evolving nature of cybersecurity threats stemming from exploiting IT infrastructures to more advanced attacks launched with the intent of exploiting human vulnerability. A steady increase in the literature on the threat of phishing attacks evidences the growing threat of social engineering attacks. As a countermeasure, through the review, we identified articles that provide methodologies resulting from case studies to promote cybersecurity awareness among stakeholders. The articles included highlight the need to adopt cyber hygiene practices among healthcare professionals while accessing social media platforms, which forms an ideal test bed for the attackers to gain insight into the life of healthcare professionals. Additionally, the review also includes articles that present strategies adopted by healthcare organisations in countering the impact of social engineering attacks. The evaluation of the cybersecurity risk assessment of an organisation is another key area of study reported in the literature that recommends the organisation of European and international standards in countering social engineering attacks. Lastly, the review includes articles reporting on national case studies with an overview of the economic and societal impact of service disruptions encountered due to cyberattacks. Discussion: One of the limitations of the review is the subjective ranking of the authors associated to the relevance of literature to each of the research questions identified. We also acknowledge the limited amount of literature that focuses on human factors of cybersecurity in health care in general; therefore, the search queries were formulated using well-established cybersecurity related topics categorised according to the threats, risk assessment and organisational strategies reported in the literature.
APA, Harvard, Vancouver, ISO, and other styles
40

Dorr, Bonnie, Archna Bhatia, Adam Dalton, Brodie Mather, Bryanna Hebenstreit, Sashank Santhanam, Zhuo Cheng, Samira Shaikh, Alan Zemel, and Tomek Strzalkowski. "Detecting Asks in Social Engineering Attacks: Impact of Linguistic and Structural Knowledge." Proceedings of the AAAI Conference on Artificial Intelligence 34, no. 05 (April 3, 2020): 7675–82. http://dx.doi.org/10.1609/aaai.v34i05.6269.

Full text
Abstract:
Social engineers attempt to manipulate users into undertaking actions such as downloading malware by clicking links or providing access to money or sensitive information. Natural language processing, computational sociolinguistics, and media-specific structural clues provide a means for detecting both the ask (e.g., buy gift card) and the risk/reward implied by the ask, which we call framing (e.g., lose your job, get a raise). We apply linguistic resources such as Lexical Conceptual Structure to tackle ask detection and also leverage structural clues such as links and their proximity to identified asks to improve confidence in our results. Our experiments indicate that the performance of ask detection, framing detection, and identification of the top ask is improved by linguistically motivated classes coupled with structural clues such as links. Our approach is implemented in a system that informs users about social engineering risk situations.
APA, Harvard, Vancouver, ISO, and other styles
41

Hidayah, Imas Rahmadhtul. "Representasi Social Engineering Dalam Tindak Kejahatan Dunia Maya (Analisis Semiotika Pada Film Firewall)." Tibanndaru : Jurnal Ilmu Perpustakaan dan Informasi 4, no. 1 (April 1, 2020): 30. http://dx.doi.org/10.30742/tb.v4i1.905.

Full text
Abstract:
In the current technological era, information is represented as a valuable asset for every individual or organization. There are three important components in information security such as ; (1) human; (2) process; and (3) technology. For perpetrators of cybercrime will look for gaps in the three components, not infrequently the human component becomes the target. From the above problems, researchers are interested in conducting studies by placing the film Firewall as research objects. The film is interesting because it's one of the action-thriller films with a cybercrime theme in banking. Through the film, researchers will examine the related representation of social engineering in cybercrime using the semiotic analysis method developed by Roland Barthes. The results show that social engineering representation is reflected in reverse social engineering based on social interaction. The implicit meaning in the Firewall film that is protecting company information must pay attention to the three components above because attacks from the inside are just as dangerous from outside attacks. Keywords: Social Engineering, Cyber World, Film
APA, Harvard, Vancouver, ISO, and other styles
42

Kaur, Sukhdilpreet, and Amandeep Verma. "Ontological Engineering Approach Towards Botnet Detection in Network Forensics." INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY 10, no. 9 (September 15, 2013): 1990–2001. http://dx.doi.org/10.24297/ijct.v10i9.1390.

Full text
Abstract:
The abundance in the usage of Internet, in every arena of life from social to personal, commercial to domestic and other aspects of life as well, leads the rise in cybercrime at an upsetting speed. More illegal activities as a result of cyber crime, reason to tempts many network attacks and threats. Network forensics is the branch of fornesics that deals in the detection of network attacks. Botnet is one of the most common attacks, but hazardos. It  is a network of hacked computers It  involves the capturing, storing and then analysis of the network packets, in order to identify the source of the attack.  Various methods based on this approach for botnet detection are suggested in literature but there is no generalized method to represent the basic methodology used by any of the botnet detection method. With such guidelines, the comparison among the various implementations, a roadmap for the new implementation, development of reusable implementations can be addressed. Accordingly, there is a requirement of a generic framework that can characterize the general methodology followed by any of the botnet detection methods. This paper, review various prevalent methods of botnet detection to extract commonalities among them. A global model for the detection of botnets is represented as ontology. Ontology is used as a means of knowledge representation. The botnet ontology is represented using Web Ontology Language (OWL). OWL is used because it is a language with layered architecture and high expressive power.Â
APA, Harvard, Vancouver, ISO, and other styles
43

Rohit, M., and Ceronmani Sharmila. "A Secure User Image Privacy Preserving Technique to Avoid Clone Attack in Online Social Network." Journal of Computational and Theoretical Nanoscience 17, no. 5 (May 1, 2020): 2304–7. http://dx.doi.org/10.1166/jctn.2020.8888.

Full text
Abstract:
The hundreds of thousands of active users everywhere in the globe use online social community, inclusive of Facebook, Twitter, Tumbler and LinkedIn. This makes it handy for fake profile cloning and compromise user information. This system, uses information to be hidden in a profile photos with a hidden information to detect profiles which are fake and any attacks that’s taken place by botnet. This project presents the detection mechanisms of social network based attacks that takes place online, analysis of the profile with interval in time and sequenced Protocol. This project we have proposed data hiding with the use of discrete wavelet transform algorithm. Thus it will save you from clone attack and provide entire user statistic with private record. Thus we will capable of keeping away from clone attacks in social media networks.
APA, Harvard, Vancouver, ISO, and other styles
44

Bullee, Jan-Willem, and Marianne Junger. "How effective are social engineering interventions? A meta-analysis." Information & Computer Security 28, no. 5 (August 5, 2020): 801–30. http://dx.doi.org/10.1108/ics-07-2019-0078.

Full text
Abstract:
Purpose Social engineering is a prominent aspect of online crime. Various interventions have been developed to reduce the success of this type of attacks. This paper aims to investigate if interventions can help to decrease the vulnerability to social engineering attacks. If they help, the authors investigate which forms of interventions and specific elements constitute success. Design/methodology/approach The authors selected studies which had an experimental design and rigorously tested at least one intervention that aimed to reduce the vulnerability to social engineering. The studies were primarily identified from querying the Scopus database. The authors identified 19 studies which lead to the identification of 37 effect sizes, based on a total sample of N = 23,146 subjects. The available training, intervention materials and effect sizes were analysed. The authors collected information on the context of the intervention, the characteristics of the intervention and the characteristics of the research methodology. All analyses were performed using random-effects models, and heterogeneity was quantified. Findings The authors find substantial differences in effect size for the different interventions. Some interventions are highly effective; others have no effect at all. Highly intensive interventions are more effective than those that are low on intensity. Furthermore, interventions with a narrow focus are more effective than those with a broad focus. Practical implications The results of this study show differences in effect for different elements of interventions. This allows practitioners to review their awareness campaigns and tailor them to increase their success. Originality/value The authors believe that this is the first study that compares the impact of social engineering interventions systematically.
APA, Harvard, Vancouver, ISO, and other styles
45

Bullée, Jan-Willem H., Lorena Montoya, Wolter Pieters, Marianne Junger, and Pieter H. Hartel. "The persuasion and security awareness experiment: reducing the success of social engineering attacks." Journal of Experimental Criminology 11, no. 1 (January 20, 2015): 97–115. http://dx.doi.org/10.1007/s11292-014-9222-7.

Full text
APA, Harvard, Vancouver, ISO, and other styles
46

Abraham Kalloor, Eric, Dr Manoj Kumar Mishra, and Prof Joy Paulose. "Phishfort – Anti-Phishing Framework." International Journal of Engineering & Technology 7, no. 3.4 (June 25, 2018): 42. http://dx.doi.org/10.14419/ijet.v7i3.4.14673.

Full text
Abstract:
Phishing attack is one of the most common form of attack used to get unauthorized access to users’ credentials or any other sensitive information. It is classified under social engineering attack, which means it is not a technical vulnerability. The attacker exploits the human nature to make mistake by fooling the user to think that a given web page is genuine and submitting confidential data into an embedded form, which is harvested by the attacker. A phishing page is often an exact replica of the legitimate page, the only noticeable difference is the URL. Normal users do not pay close attention to the URL every time, hence they are exploited by the attacker. This paper suggests a login framework which can be used independently or along with a browser extension which will act as a line of defense against such phishing attacks. The semi-automated login mechanism suggested in this paper eliminates the need for the user to be alert at all time, and it also provides a personalized login screen so that the user can to distinguish between a genuine and fake login page quite easily.
APA, Harvard, Vancouver, ISO, and other styles
47

Bux, Khuda, Muhammad Yousaf, Akhtar Hussain Jalbani, and Komal Batool. "Detection of Malicious Servers for Preventing Client-Side Attacks." January 2021 40, no. 1 (January 1, 2021): 230–40. http://dx.doi.org/10.22581/muet1982.2101.20.

Full text
Abstract:
The number of client-side attacks is increasing day-by-day. These attacks are launched by using various methods like phishing, drive-by downloads, click-frauds, social engineering, scareware, and ransomware. To get more advantage with less exertion and time, the attackers are focus on the clients, rather than servers which are more secured as compared to the clients. This makes clients as an easy target for the attackers on the Internet. A number of systems/tools have been created by the security community with various functions for detection of client-side attacks. The discovery of malicious servers that launch the client side attacks can be characterized in two types. First to detect malicious servers with passive detection which is often signature based. Second to detect the malicious servers with active detection often with dynamic malware analysis. Current systems or tools have more focus on identifying malicious servers rather than preventing the clients from those malicious servers. In this paper, we have proposed a solution for the detection and prevention of malicious servers that use the Bro Intrusion Detection System (IDS) and VirusTotal API 2.0. The detected malicious link is then blocked at the gateway.
APA, Harvard, Vancouver, ISO, and other styles
48

Yin, Dan, Yiran Shen, and Chenyang Liu. "Attribute Couplet Attacks and Privacy Preservation in Social Networks." IEEE Access 5 (2017): 25295–305. http://dx.doi.org/10.1109/access.2017.2769090.

Full text
APA, Harvard, Vancouver, ISO, and other styles
49

Lawson, Patrick, Olga Zielinska, Carl Pearson, and Christopher B. Mayhorn. "Interaction of Personality and Persuasion Tactics in Email Phishing Attacks." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 61, no. 1 (September 2017): 1331–33. http://dx.doi.org/10.1177/1541931213601815.

Full text
Abstract:
Phishing is a social engineering tactic where a malicious actor impersonates a trustworthy third party with the intention of tricking the user into divulging sensitive information. Previous social engineering research has shown an interaction between personality and the persuasion principle used. This study was conducted to investigate whether this interaction is present in the realm of email phishing. To investigate this, we used a personality inventory and an email identification task (phishing or legitimate). The emails used in the identification task utilize four of Cialdini’s persuasion principles. Our data confirms previous findings that high extroversion is predictive of increased susceptibility to phishing attacks. In addition, we identify multiple interactions between personality and specific persuasion principles. We also report the overarching efficacy of various persuasion principles on phishing email identification accuracy.
APA, Harvard, Vancouver, ISO, and other styles
50

Ciampa, Mark, and Ray Blankenship. "Do Students and Instructors See Cybersecurity the Same? A Comparison of Perceptions About Selected Cybersecurity Topics." International Journal for Innovation Education and Research 7, no. 1 (January 31, 2019): 121–35. http://dx.doi.org/10.31686/ijier.vol7.iss1.1291.

Full text
Abstract:
Cybersecurity attacks continue to increase. This is particularly true for attacks based on social engineering or relying on the weaknesses of individuals as a means of gathering information or crafting an attack. Along with an increase in attacks there is likewise an increase in the number of calls for educating users about attacks and equipping them with the knowledge and skills for warding off attacks. Many entities advocate that institutions of higher education should be responsible for providing practical, applied security awareness instruction. This study compared student and instructor attitudes towards security to determine if there is an apathy on the part of students regarding security or if they are concerned about selected security topics, and if instructors perceive that practical, applied security instruction is a necessary component to their courses, or if security instruction belongs elsewhere. The relationship of student attitudes towards security was compared with those of instructors over six current security topics. When comparing students to instructors to students there was no significant difference between them on the topics of using anti-virus software, using a firewall, securing wireless networks, and using spam filters. The results seem to indicate that there is a significant difference between the perceptions of students and instructors regarding the security topics of protection from phishing and how to create a strong password.
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'Social engineering attacks' for other source types:
Dissertations / Theses
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography