You Are Probably Not the Weakest Link: Towards Practical Prediction of Susceptibility to Semantic Social Engineering Attacks

Social engineering refers to the practice of manipulating people to divulge confidential information that can then be used to compromise an information system. In many cases, people, not technology, form the weakest link in the security of an information system. This chapter discusses the problem of social engineering and then examines new social engineering threats that arise as voice, data, and video networks converge. In particular, converged networks give the social engineer multiple channels of attack to influence a user and compromise a system. On the other hand, these networks also support new tools that can help combat social engineering. However, no tool can substitute for educational efforts that make users aware of the problem of social engineering and policies that must be followed to prevent social engineering from occurring.

Download Full-text

Detecting semantic social engineering attacks with the weakest link: Implementation and empirical evaluation of a human-as-a-security-sensor framework

Computers & Security ◽

10.1016/j.cose.2018.02.020 ◽

2018 ◽

Vol 76 ◽

pp. 101-127 ◽

Cited By ~ 18

Author(s):

Ryan Heartfield ◽

George Loukas

Keyword(s):

Empirical Evaluation ◽

Social Engineering ◽

Weakest Link

Download Full-text

Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart Contracts

Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security ◽

10.1145/3433210.3453085 ◽

2021 ◽

Author(s):

Nikolay Ivanov ◽

Jianzhi Lou ◽

Ting Chen ◽

Jin Li ◽

Qiben Yan

Keyword(s):

Social Engineering ◽

Smart Contracts ◽

Weakest Link

Download Full-text

The Unprecedented Rise in Cybercrime and the Role of the Human Vulnerability Factor

Ethical Hacking Techniques and Countermeasures for Cybercrime Prevention - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-6504-9.ch003 ◽

2021 ◽

pp. 32-43

Author(s):

Nabie Y. Conteh ◽

Malcolm D. Royer

Keyword(s):

Social Engineering ◽

Cyber Attacks ◽

Human Vulnerability ◽

Vulnerability Factor ◽

Preventative Measures ◽

Weakest Link ◽

Network Intrusion ◽

The Social ◽

Shed Light

This chapter is primarily intended to firstly define and review the literature in cybersecurity and vividly shed light on the mechanisms involved in the social engineering phenomenon. It will discuss the various attempts at network intrusion and the steps typically taken in the implementation of cyber-thefts. The chapter will provide the rationale behind the justification of why humans are considered to be the weakest link in these attacks. The study will also explain the reasons for the rise in cybercrimes and their impact on organizations. In closing, the chapter will put forward some recommendations to serve as preventative measures and solutions to the threats and vulnerabilities posed by cyber-attacks. Finally, measures, such as conducting regular, thorough, and relevant awareness training, frequent drills, and realistic tests, will be addressed with a view to maintaining a steady focus on the overall discipline of the organization, thereby hardening the component of the network that is the softest by nature—the human vulnerability factor.

Download Full-text

Social Engineering in Information Security Breaches and the Factors That Explain Its Success

Handbook of Research on Information and Cyber Security in the Fourth Industrial Revolution - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-4763-1.ch001 ◽

2018 ◽

pp. 1-26

Author(s):

Jhaharha Lackram ◽

Indira Padayachee

Keyword(s):

Information Security ◽

Human Behavior ◽

Social Engineering ◽

Information Security Awareness ◽

Security Breaches ◽

Weakest Link ◽

Information Assets ◽

Security Awareness Training ◽

Gain Access

Social engineering refers to the art of using deception and manipulating individuals to gain access to systems or information assets and subsequently compromising these systems and information assets. Information security must provide protection to the confidentiality, integrity, and availability of information. In order to mitigate information security's weakest link, it becomes necessary to understand the ways in which human behavior can be exploited via social engineering. This chapter will seek to analyze the role of social engineering in information security breaches and the factors that contribute to its success. A variety of social engineering attacks, impacts, and mitigations will be discussed. Human factors such as trust, obedience, and fear are easily exploited, thereby allowing social engineers to execute successful attacks. However, with effective countermeasures such as information security awareness training, education, and audit procedures, the impacts of social engineering can be decreased or eliminated altogether.

Download Full-text

Effects of Digital Convergence on Social Engineering Attack Channels

Social and Human Elements of Information Security ◽

10.4018/978-1-60566-036-3.ch009 ◽

2010 ◽

pp. 133-147

Author(s):

Bogdan Hoanca

Keyword(s):

Information System ◽

Social Engineering ◽

The Other ◽

Multiple Channels ◽

Confidential Information ◽

Weakest Link ◽

Digital Convergence ◽

The Social ◽

Voice Data ◽

Social Engineer

Social engineering refers to the practice of manipulating people to divulge confidential information that can then be used to compromise an information system. In many cases, people, not technology, form the weakest link in the security of an information system. This chapter discusses the problem of social engineering and then examines new social engineering threats that arise as voice, data, and video networks converge. In particular, converged networks give the social engineer multiple channels of attack to influence a user and compromise a system. On the other hand, these networks also support new tools that can help combat social engineering. However, no tool can substitute for educational efforts that make users aware of the problem of social engineering and policies that must be followed to prevent social engineering from occurring.

Download Full-text

Effects of Digital Convergence on Social Engineering Attack Channels

Networking and Telecommunications ◽

10.4018/978-1-60566-986-1.ch082 ◽

2010 ◽

pp. 1282-1296

Author(s):

Bogdan Hoanca

Keyword(s):

Information System ◽

Social Engineering ◽

The Other ◽

Multiple Channels ◽

Confidential Information ◽

Weakest Link ◽

Digital Convergence ◽

The Social ◽

Voice Data ◽

Social Engineer

Social engineering refers to the practice of manipulating people to divulge confidential information that can then be used to compromise an information system. In many cases, people, not technology, form the weakest link in the security of an information system. This chapter discusses the problem of social engineering and then examines new social engineering threats that arise as voice, data, and video networks converge. In particular, converged networks give the social engineer multiple channels of attack to influence a user and compromise a system. On the other hand, these networks also support new tools that can help combat social engineering. However, no tool can substitute for educational efforts that make users aware of the problem of social engineering and policies that must be followed to prevent social engineering from occurring.

Download Full-text