Interaction of Personality and Persuasion Tactics in Email Phishing Attacks

Phishing is a social engineering tactic where a malicious actor impersonates a trustworthy third party with the intention of tricking the user into divulging sensitive information. Previous social engineering research has shown an interaction between personality and the persuasion principle used. This study was conducted to investigate whether this interaction is present in the realm of email phishing. To investigate this, we used a personality inventory and an email identification task (phishing or legitimate). The emails used in the identification task utilize four of Cialdini’s persuasion principles. Our data confirms previous findings that high extroversion is predictive of increased susceptibility to phishing attacks. In addition, we identify multiple interactions between personality and specific persuasion principles. We also report the overarching efficacy of various persuasion principles on phishing email identification accuracy.

Download Full-text

PHISHING: AN EVOLVING THREAT

International Journal of Students Research in Technology & Management ◽

10.18510/ijsrtm.2015.312 ◽

2015 ◽

Vol 3 (1) ◽

pp. 216-222

Author(s):

Keyur Shah

Keyword(s):

Success Rate ◽

Large Scale ◽

Large Population ◽

Social Engineering ◽

Text Messages ◽

Sensitive Information ◽

Phishing Attacks ◽

Internet Users ◽

Confidential Data ◽

E Mail

Phishing is one of the most common attacks used to extract sensitive information for malicious use. It is one of the easiest ways to extract confidential data on a large-scale. A fraudulent website/e-mail which looks very similar to the original is setup to trap the victim to give away confidential information. A large population of internet users still lacks knowledge to avoid phishing. When the phishing attacks are complimented with social engineering skills, the success rate is increased. Along with the progress of technology, phishing techniques have evolved encroaching upon newer communication mediums like voice and text messages giving rise to newer specialized forms of Phishing called - Vishing and SMSishing. In this paper, we also cover how to avoid being a victim of these attacks. One of the best promising methods to avoid Phishing is Zero Knowledge Authentication -ZeKo which immunes the user from phishing attacks.

Download Full-text

Phishfort – Anti-Phishing Framework

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i3.4.14673 ◽

2018 ◽

Vol 7 (3.4) ◽

pp. 42

Author(s):

Eric Abraham Kalloor ◽

Dr Manoj Kumar Mishra ◽

Prof. Joy Paulose

Keyword(s):

Human Nature ◽

Social Engineering ◽

Sensitive Information ◽

Web Page ◽

Close Attention ◽

Unauthorized Access ◽

Browser Extension ◽

Phishing Attacks ◽

Confidential Data

Phishing attack is one of the most common form of attack used to get unauthorized access to users’ credentials or any other sensitive information. It is classified under social engineering attack, which means it is not a technical vulnerability. The attacker exploits the human nature to make mistake by fooling the user to think that a given web page is genuine and submitting confidential data into an embedded form, which is harvested by the attacker. A phishing page is often an exact replica of the legitimate page, the only noticeable difference is the URL. Normal users do not pay close attention to the URL every time, hence they are exploited by the attacker. This paper suggests a login framework which can be used independently or along with a browser extension which will act as a line of defense against such phishing attacks. The semi-automated login mechanism suggested in this paper eliminates the need for the user to be alert at all time, and it also provides a personalized login screen so that the user can to distinguish between a genuine and fake login page quite easily.

Download Full-text

Perceptual Evaluation of Speech Naturalness in Speakers of Varying Gender Identities

Journal of Speech Language and Hearing Research ◽

10.1044/2020_jslhr-19-00337 ◽

2020 ◽

Vol 63 (7) ◽

pp. 2054-2069

Author(s):

Brandon Merritt ◽

Tessa Bent

Keyword(s):

Spontaneous Speech ◽

Identification Accuracy ◽

Rating Task ◽

Gender Identification ◽

Identification Task ◽

Male And Female ◽

Perceptual Evaluation ◽

Speech Training ◽

And Gender ◽

Speech Naturalness

Purpose The purpose of this study was to investigate how speech naturalness relates to masculinity–femininity and gender identification (accuracy and reaction time) for cisgender male and female speakers as well as transmasculine and transfeminine speakers. Method Stimuli included spontaneous speech samples from 20 speakers who are transgender (10 transmasculine and 10 transfeminine) and 20 speakers who are cisgender (10 male and 10 female). Fifty-two listeners completed three tasks: a two-alternative forced-choice gender identification task, a speech naturalness rating task, and a masculinity/femininity rating task. Results Transfeminine and transmasculine speakers were rated as significantly less natural sounding than cisgender speakers. Speakers rated as less natural took longer to identify and were identified less accurately in the gender identification task; furthermore, they were rated as less prototypically masculine/feminine. Conclusions Perceptual speech naturalness for both transfeminine and transmasculine speakers is strongly associated with gender cues in spontaneous speech. Training to align a speaker's voice with their gender identity may concurrently improve perceptual speech naturalness. Supplemental Material https://doi.org/10.23641/asha.12543158

Download Full-text

Resistance to Influence

10.1093/oxfordhb/9780199859870.013.23 ◽

2016 ◽

Author(s):

Brad J. Sagarin ◽

Mary Lynn Miller Henningsen

Keyword(s):

Negative Affect ◽

Social Influence ◽

Social Engineering ◽

Third Party ◽

Mechanisms Of Resistance ◽

Potential Source ◽

Stealing Thunder ◽

Manipulative Intent ◽

The Impact ◽

Parasite Defense

This chapter reviews research on resistance to influence, active or passive processes that reduce the impact of a potential source of social influence. This chapter begins with a discussion of the antecedents of resistance: characteristics of the influence target (strong attitudes, demographics, and personality), perceived aspects of the influence attempt (manipulative intent, threats to freedoms), or counterinfluence messages from a third party (forewarning, inoculation, stealing thunder, the poison parasite defense, resistance to social engineering) that motivate resistance. The chapter proceeds to a discussion of internal mechanisms of resistance (counterarguing, bolstering initial attitudes, derogating the source, attributing negative affect to the message or source, attempting to correct for bias) and external mechanisms of resistance (interpersonal strategies of communicating resistance and issuing refusals) and concludes with a discussion of the consequences of resistance for attitudes and relationships.

Download Full-text

Social Engineering Techniques and Password Security

International Journal of Cyber Warfare and Terrorism ◽

10.4018/ijcwt.2013040104 ◽

2013 ◽

Vol 3 (2) ◽

pp. 58-70 ◽

Cited By ~ 1

Author(s):

B. Dawn Medlin

Keyword(s):

Health Care ◽

Health Care Workers ◽

Personal Information ◽

Social Engineering ◽

Third Party ◽

The Internet ◽

Time Data ◽

Password Security ◽

Care Workers ◽

Actual Health

Due to the Internet and applications that can access the Internet, healthcare employees can benefit from the ability to view patient data almost anywhere and at any time. Data and information is also being shared among third party vendors, partners and supplies. With this type of accessibility of information which generally does include very personal information such as diagnosis and social security numbers, data can easily be obtained either through social engineering techniques or weak password usage. In this paper, a presentation of social engineering techniques is explored as well as the password practices of actual health care workers.

Download Full-text

Social Engineering Attacks: A Survey

Future Internet ◽

10.3390/fi11040089 ◽

2019 ◽

Vol 11 (4) ◽

pp. 89 ◽

Cited By ~ 25

Author(s):

Fatima Salahdine ◽

Naima Kaabouch

Keyword(s):

Communication Systems ◽

Social Engineering ◽

Sensitive Information ◽

Security Measures ◽

Information Communication ◽

Sensitive Data ◽

Health Records ◽

The Social ◽

Human Tendency ◽

Detection Strategies

The advancements in digital communication technology have made communication between humans more accessible and instant. However, personal and sensitive information may be available online through social networks and online services that lack the security measures to protect this information. Communication systems are vulnerable and can easily be penetrated by malicious users through social engineering attacks. These attacks aim at tricking individuals or enterprises into accomplishing actions that benefit attackers or providing them with sensitive data such as social security number, health records, and passwords. Social engineering is one of the biggest challenges facing network security because it exploits the natural human tendency to trust. This paper provides an in-depth survey about the social engineering attacks, their classifications, detection strategies, and prevention procedures.

Download Full-text

Examining the effectiveness of phishing filters against DNS based phishing attacks

Information and Computer Security ◽

10.1108/ics-02-2013-0009 ◽

2015 ◽

Vol 23 (3) ◽

pp. 333-346 ◽

Cited By ~ 8

Author(s):

Swapan Purkait

Keyword(s):

Design Methodology ◽

Third Party ◽

Web Browsers ◽

Web Browser ◽

Content Type ◽

Phishing Attacks ◽

White List ◽

Hypertext Transfer Protocol ◽

Security Indicators ◽

Almost All

Purpose – This paper aims to report on research that tests the effectiveness of anti-phishing tools in detecting phishing attacks by conducting some real-time experiments using freshly hosted phishing sites. Almost all modern-day Web browsers and antivirus programs provide security indicators to mitigate the widespread problem of phishing on the Internet. Design/methodology/approach – The current work examines and evaluates the effectiveness of five popular Web browsers, two third-party phishing toolbar add-ons and seven popular antivirus programs in terms of their capability to detect locally hosted spoofed websites. The same tools have also been tested against fresh phishing sites hosted on Internet. Findings – The experiments yielded alarming results. Although the success rate against live phishing sites was encouraging, only 3 of the 14 tools tested could successfully detect a single spoofed website hosted locally. Originality/value – This work proposes the inclusion of domain name system server authentication and verification of name servers for a visiting website for all future anti-phishing toolbars. It also proposes that a Web browser should maintain a white list of websites that engage in online monetary transactions so that when a user requires to access any of these, the default protocol should always be HTTPS (Hypertext Transfer Protocol Secure), without which a Web browser should prevent the page from loading.

Download Full-text

On tackling social engineering web phishing attacks utilizing software defined networks (SDN) approach

2016 2nd International Conference on Open Source Software Computing (OSSCOM) ◽

10.1109/osscom.2016.7863679 ◽

2016 ◽

Cited By ~ 2

Author(s):

Mohammad Masoud ◽

Yousef Jaradat ◽

Amal Q. Ahmad

Keyword(s):

Social Engineering ◽

Software Defined Networks ◽

Phishing Attacks

Download Full-text

Design and Coding of some Secret Sharing Schemes

10.20850/9781534299276 ◽

2019 ◽

Author(s):

Anindya Kumar Biswas ◽

Mou Dasgupta

Keyword(s):

Secret Sharing ◽

Experimental Results ◽

Third Party ◽

Secret Sharing Schemes ◽

Sensitive Information ◽

Simple Method ◽

Cheating Detection ◽

Secret Keys ◽

Key Exchange Protocols ◽

Group Members

The study, coding and experimental results of secret sharing schemes (SSS) along with a proposed method are presented in this book. It is very important and essential in any security application, because none of the security techniques can be developed without pre-negotiation of security keys or values. For instance, different key exchange protocols are used in IPSec/SSL for pre-establishment of secret keys. Also, for symmetric encryption, which is much faster than public-key encryption, a mutually known pre-secret value is used for encryption and decryption of sensitive information to be exchanged between entities. In 1979, a perfect 𝑡/𝑛 threshold SSS was introduced by Shamir, where 1 < 𝑡 ≤ 𝑛 and any group with 𝑡more participants can reconstruct the secret selected by a trusted third party (TTP) known as Dealer 𝐷 , however, any group with less than 𝑡 participants cannot get the secret. This scheme is perfectly secure; however, it has a flaw as one or at most 𝑡 − 1 dishonest participants can exchange with their fake shares (instead of their own genuine shares as received from 𝐷 secretly), with other group members and obtain the correct secret only for themselves. It was first noticed and shown by Tompa in 1998 and proposed a simple method for reducing the cheating probability. In his method, a prime parameter 𝑝 ≥ 𝑚𝑎𝑥 {(𝑠−1)(𝑡−1)/ɛ + 𝑡, 𝑛} is taken such that if cheating is occurred, then the secret reconstructed would be out of the secret set 𝑠 = {0, 1, 2, … , 𝑠 − 1} considered. Here ɛ > 0 is a very small number. In this thrilling work, we develop algorithms and coding in Python for Shamir’s SSS, Tompa’s cheating and Harn-Lin’s SSS for detection of cheating. Some experimental results for each of them are also presented for better understanding of Shamir’s method and cheating prevention. We also present an improvement over the method proposed by Harn-Lin in areas of cheating detection.

Download Full-text

Incorporating Security Considerations Into Optimal Product Architecture and Component Sharing Decision in Product Family Design

Volume 5: 22nd International Conference on Design Theory and Methodology; Special Conference on Mechanical Vibration and Noise ◽

10.1115/detc2010-28515 ◽

2010 ◽

Author(s):

Alvaro J. Rojas Arciniegas ◽

Harrison M. Kim

Keyword(s):

A Priori ◽

Product Family ◽

Third Party ◽

Product Architecture ◽

Decision Making Process ◽

Sensitive Information ◽

Product Family Design ◽

Multiple Factors ◽

Common Structure ◽

The Family

Multiple factors affect the decisions of selecting the appropriate components to share in product family design. Some of the challenges that the designers face are maintaining uniqueness and the desired performance in each variant while taking advantage of a common structure. In this paper, the sharing decision making process is analyzed for the case when a firm knows a priori that some of the components contain sensitive information that could be exposed to the user, third-party manufacturers, or undesired agents; thence, it is important to enclose it and protect it. Two important aspects to consider are defining the architecture of the product while protecting the sensitive information. This paper proposes tools to help the designers to identify components that are candidates for sharing among the family and finds the most desirable component arrangement that facilitates sharing while protecting the sensitive information that has been previously identified. The proposed framework is applied to three printers in which the architecture used for the ink cartridges and printheads are significantly different. Third-party manufacturers and remanufacturers offer their own alternatives for these subsystems (ink cartridges and printheads) since the customer for printer supplies is always looking for a cheaper alternative; meanwhile, the OEMs attempt to secure their products and retain their customers with original supplies. Having identified the sensitive components for each printer, the optimal clustering strategy is found, as well as the set of components that are candidates for sharing, according to their connectivity and the security considerations.

Download Full-text