Performing social engineering: A qualitative study of information security deceptions

2021 ◽  
pp. 106930
Author(s):  
Kevin F. Steinmetz ◽  
Alexandra Pimentel ◽  
W. Richard Goe
Keyword(s):  
Information Security ◽  
Qualitative Study ◽  
Social Engineering

scholarly journals Model of Social Influence in Analysis of Socio-engineering Attacks

2021 ◽  
pp. 97-107
Author(s):  
T. V. Tulupieva ◽  
M. V. Abramov ◽  
A. L. Tulupiev
Keyword(s):  
Information Security ◽  
Social Influence ◽  
Integrated Circuit ◽  
Social Engineering ◽  
Accurate Assessment ◽  
Factors Influencing ◽  
Aggregation Of Information ◽  
New Interpretation

The purpose of this study is to study the modernization of the model of an attacker’s social engineering attack on a user, taking into account a wider range of factors influencing the success of a social engineering attack associated with the principles of social influence. Methods. To achieve this goal, the approaches to social influence and the components of social influence were analyzed. An integrated circuit of social influence is built, grounding in the context of socio-engineering attacks. Results. A model of social influence is proposed, built in the context of an attacker’s social engineering attack on a user. A new interpretation of the term user vulnerability in the context of information security has been proposed. Conclusion. The result obtained forms the potential of filling the user and attacker models with specific vulnerabilities and competencies, which will lead to a more accurate assessment of the success of the attacker’s social engineering attack on the user, due to the aggregation of information from incidents that have occurred.

Social engineering as a threat to personal financial security

2021 ◽  
Vol 17 (1) ◽  
pp. 150-166
Author(s):  
Andrei L. LOMAKIN ◽  
Evgenii Yu. KHRUSTALEV ◽  
Gleb A. KOSTYURIN
Keyword(s):  
Information Security ◽  
Personal Information ◽  
Public Awareness ◽  
Social Engineering ◽  
Training System ◽  
Security Threats ◽  
Security Threat ◽  
Public And Private ◽  
Security Issues ◽  
The Government

Subject. As the socio-economic relationships are getting digitalized so quickly, the society faces more and more instances of cybercrime. To effectively prevent arising threats to personal information security, it is necessary to know key social engineering methods and security activities to mitigate consequences of emerging threats. Objectives. We herein analyze and detect arising information security threats associated with social engineering. We set forth basic guidelines for preventing threats and improving the personal security from social engineering approaches. Methods. The study relies upon methods of systems analysis, synthesis, analogy and generalization. Results. We determined the most frequent instances associated with social engineering, which cause personal information security threats and possible implications. The article outlines guidelines for improving the persona; security from social engineering approaches as an information security threat. Conclusions and Relevance. To make information security threats associated with social engineering less probable, there should be a comprehensive approach implying two strategies. First, the information security protection should be technologically improved, fitted with various data protection, antivirus, anti-fishing software. Second, people should be more aware of information security issues. Raising the public awareness, the government, heads of various departments, top executives of public and private organizations should set an integrated training system for people, civil servants, employees to proliferate the knowledge of information security basics.

Investigating personal determinants of phishing and the effect of national culture

2015 ◽  
Vol 23 (2) ◽  
pp. 178-199 ◽  
Author(s):  
Waldo Rocha Flores ◽  
Hannes Holm ◽  
Marcus Nohlberg ◽  
Mathias Ekstedt
Keyword(s):  
Information Security ◽  
National Culture ◽  
Social Engineering ◽  
Theoretical Models ◽  
General Information ◽  
Cultural Analysis ◽  
Firm Characteristics ◽  
Content Type ◽  
Swedish Sample ◽  
Culture Effects

Purpose – The purpose of the study was twofold: to investigate the correlation between a sample of personal psychological and demographic factors and resistance to phishing; and to investigate if national culture moderates the strength of these correlations. Design/methodology/approach – To measure potential determinants, a survey was distributed to 2,099 employees of nine organizations in Sweden, USA and India. Then, the authors conducted unannounced phishing exercises, in which a phishing attack targeted the same sample. Findings – Intention to resist social engineering, general information security awareness, formal IS training and computer experience were identified to have a positive significant correlation to phishing resilience. Furthermore, the results showed that the correlation between phishing determinants and employees’ observed that phishing behavior differs between Swedish, US and Indian employees in 6 out of 15 cases. Research limitations/implications – The identified determinants had, even though not strong, a significant positive correlation. This suggests that more work needs to be done to more fully understand determinants of phishing. The study assumes that culture effects apply to all individuals in a nation. However, differences based on cultures might exist based on firm characteristics within a country. The Swedish sample is dominating, while only 40 responses from Indian employees were collected. This unequal size of samples suggests that conclusions based on the results from the cultural analysis should be drawn cautiously. A natural continuation of the research is therefore to further explore the generalizability of the findings by collecting data from other nations with similar cultures as Sweden, USA and India. Originality/value – Using direct observations of employees’ security behaviors has rarely been used in previous research. Furthermore, analyzing potential differences in theoretical models based on national culture is an understudied topic in the behavioral information security field. This paper addresses both these issues.

scholarly journals INFLUENCE OF THE COUNTRY ECONOMIC DEVELOPMENT ON THE DEPENDENCE OF THE USE OF PERSONAL INFORMATION SECURITY AND THE CONSEQUENCES OF CYBERCRIME

2020 ◽  
pp. 188-198
Author(s):  
H. Yarovenko
Keyword(s):  
Cluster Analysis ◽  
Economic Development ◽  
Information Security ◽  
Personal Information ◽  
Practical Importance ◽  
Social Engineering ◽  
The State ◽  
Security Measures ◽  
Personal Security ◽  
The Impact

Over the past decade, there has been an increase in the volume of cybercrime in various spheres of life at the level of the state, economic agents, and individuals. Therefore, the issues of studying the processes of forming information security and identifying the impact on its effectiveness are becoming topical. The aim of this study is to prove the hypothesis that the behaviour of the population associated with the use of personal security measures and the formation of the corresponding consequences of incidents occurs under the influence of the level of economic development of the country. This was done using k-means cluster analysis via the Deductor Academic analytical platform and based on data from a survey conducted among respondents from EU countries. Analysis of the responses showed that there is a growing trend in the use of online banking and e-commerce services; there is an increase in the number of respondents who have become victims of cybercrimes, especially social engineering; the trend towards the use of reliable personal security equipment is declining. The results of the cluster analysis, for which data on the number of respondents who are victims of cybercrimes and the number of respondents using various personal security tools were used, made it possible to form 7 clusters of countries. Analysis of GDP per capita for the obtained clusters and visualization of the map of countries allowed us to confirm the hypothesis, but it was also determined that the dependence of the use of personal security measures and the consequences of cybercrimes is also influenced by the mental characteristics of countries formed due to the close territorial location of neighboring countries. The results obtained will be of practical importance for the development of the concept of information security and economic development of the state. They can be used to determine which sets of protection are appropriate for the income level of the population. Priority areas for further research are to determine the influence of other factors on the formation of the country's information security and the formation of a barycentric model of their measurements to ensure sustainable economic development of the state.

scholarly journals Layers of Marginality: An Exploration of Visibility, Impressions, and Cultural Context on Geospatial Apps for Men Who Have Sex With Men in Mumbai, India

2020 ◽  
Vol 6 (2) ◽  
pp. 205630512091399 ◽  
Author(s):  
Jeremy Birnholtz ◽  
Shruta Rawat ◽  
Richa Vashista ◽  
Dicky Baruah ◽  
Alpana Dange ◽  
...  
Keyword(s):  
Information Security ◽  
Qualitative Study ◽  
Cultural Context ◽  
Social Connection ◽  
Marginalized Populations ◽  
Valuable Resource ◽  
Social Technologies ◽  
Sex With Men

Some social technologies can reduce marginality by enabling access to individuals and resources through increased visibility and opportunities for social connection, but visibility carries risks that may be outsized for some marginalized populations. This article reports on a study of location-based social apps (LBSA) used by men who have sex with men (MSM) in Mumbai, India, a legally and socially marginalized population. LBSAs, which facilitate interaction and social connection between physically proximate individuals would seem at first to be a valuable resource in reducing marginality for MSM by connecting otherwise isolated individuals with each other. We explored this from a socio-technical perspective through a qualitative study of MSM in Mumbai, India, who use LBSAs. Results suggest that, as in other contexts, using LBSAs presented formidable risks and challenges such as information security and identification by others, but also could serve as a valuable resource for connecting MSM to each other.

scholarly journals Destructive Social Engineering as a Threat to Economic Security: Methods Used and the Scale of the Phenomenon

2021 ◽  
Vol 12 (2) ◽  
Author(s):  
Liudmila Sanina ◽  
Oksana Chepinoga ◽  
Elina Rzhepka ◽  
Oleg Palkin
Keyword(s):  
Information Security ◽  
Environmental Conditions ◽  
Modern Society ◽  
Social Engineering ◽  
Financial Sector ◽  
Economic Security ◽  
Data Type ◽  
Security Personnel ◽  
Different Levels

The growing interest in researching the topic of defining the essence of social engineering as a threat to economic security is due to the increasing complexity of the information and technical components of the life of modern society. At the same time, with the complication of all processes existing in society, information threats are becoming more complex and increasing. Information threats arising from the outside have the ability to penetrate the most protected systems of organizations of various levels, realizing the goals of the subjects of hacking. The situation is getting more complicated every year also because, as a rule, the goals of such incursions into the sphere of information security are extremely destructive. In the course of the study, we analyzed six methods of social engineering combining fraudulent schemes of different levels of complexity, which are currently used in a destructive manner and negatively affect economic security. The scale of information leaks in the financial sector in 2019–2020 is illustrated by data type, intent, culprit, and type of incident. We found that social engineering methods are adaptive, they change in accordance with fluid environmental conditions, and therefore, security personnel need to stay up-to-date on current methods and schemes to prevent hacking activities.

Sign in / Sign up

Export Citation Format

Share Document