scholarly journals THE PLACE OF SOCIAL ENGINEERING IN THE PROBLEM OF DATA LEAKS AND ORGANIZATIONAL ASPECTS OF CORPORATE ENVIRONMENT PROTECTION AGAINST FISHING E-MAIL ATTACKS

2021 ◽  
Vol 1 (13) ◽  
pp. 6-15
Author(s):  
Yuriy Yakymenko ◽  
Dmytro Rabchun ◽  
Mykhailo Zaporozhchenko
Keyword(s):  
Social Engineering ◽  
Corporate Environment ◽  
Phishing Attacks ◽  
Internet Users ◽  
Significant Damage ◽  
Hands On ◽  
Periodic Testing ◽  
Almost All ◽  
E Mail ◽  
Security Incidents

As the number and percentage of phishing attacks on company employees and regular users have tended to increase rapidly over the last two years, it is necessary to cover the issue of protection against this type of social engineering attacks. Throughout the pandemic, intruders are finding more and more new ways to cheat, so even experienced Internet users can become a victim to their scams. Due to the fact that e-mail is used in almost all companies, most fishing attacks use e-mail to send malicious messages. The article discusses the main methods used by attackers to conduct phishing attacks using e-mail, signs that the user has become a victim to social engineers, and provides recommendations how to increase the resilience of the corporate environment to such attacks using organizational methods. Because the user is the target of phishing attacks, and the tools built into the browser and email clients in most cases do not provide reliable protection against phishing, it is the user who poses the greatest danger to the company, because he, having become a victim of a fishing attack, can cause significant damage to the company due to his lack of competence and experience. That is why it is necessary to conduct training and periodic testing of personnel to provide resistance to targeted phishing attacks. Company employees should be familiar with the signs of phishing, examples of such attacks, the principles of working with corporate data and their responsibility. The company's management must create and communicate to the staff regulations and instructions that describe storage, processing, dissemination and transfer processes of information to third parties. Employees should also report suspicious emails, messages, calls, or people who have tried to find out valuable information to the company's security service. Raising general awareness through hands-on training will reduce the number of information security incidents caused by phishing attacks.

PHISHING: AN EVOLVING THREAT

2015 ◽  
Vol 3 (1) ◽  
pp. 216-222
Author(s):  
Keyur Shah
Keyword(s):  
Success Rate ◽  
Large Scale ◽  
Large Population ◽  
Social Engineering ◽  
Text Messages ◽  
Sensitive Information ◽  
Phishing Attacks ◽  
Internet Users ◽  
Confidential Data ◽  
E Mail

Phishing is one of the most common attacks used to extract sensitive information for malicious use. It is one of the easiest ways to extract confidential data on a large-scale. A fraudulent website/e-mail which looks very similar to the original is setup to trap the victim to give away confidential information. A large population of internet users still lacks knowledge to avoid phishing. When the phishing attacks are complimented with social engineering skills, the success rate is increased. Along with the progress of technology, phishing techniques have evolved encroaching upon newer communication mediums like voice and text messages giving rise to newer specialized forms of Phishing called - Vishing and SMSishing. In this paper, we also cover how to avoid being a victim of these attacks. One of the best promising methods to avoid Phishing is Zero Knowledge Authentication -ZeKo which immunes the user from phishing attacks.

scholarly journals The Phishing Funnel Model: A Design Artifact to Predict User Susceptibility to Phishing Websites

2021 ◽  
Author(s):  
Ahmed Abbasi ◽  
David Dobolyi ◽  
Anthony Vance ◽  
Fatemeh Mariam Zahedi
Keyword(s):  
Cost Benefit Analysis ◽  
Cost Benefit ◽  
Related Factors ◽  
The Public ◽  
Phishing Attacks ◽  
Internet Users ◽  
Competing Models ◽  
Security Incidents ◽  
Security Concern

Phishing is a significant security concern for organizations, threatening employees and members of the public. Phishing threats against employees can lead to severe security incidents, whereas those against the public can undermine trust, satisfaction, and brand equity. At the root of the problem is the inability of Internet users to identify phishing attacks even when using anti-phishing tools. We propose the phishing funnel model (PFM), a framework for predicting user susceptibility to phishing websites. PFM incorporates user, threat, and tool-related factors to predict actions during four key stages of the phishing process: visit, browse, consider legitimate, and intention to transact. We evaluated the efficacy of PFM in a 12-month longitudinal field experiment in two organizations involving 1,278 employees and 49,373 phishing interactions. PFM significantly outperformed competing models in terms of its ability to predict user susceptibility to phishing attacks. A follow-up three-month field study revealed that employees using PFM were significantly less likely to interact with phishing threats relative to comparison models and baseline warnings. Results of a cost-benefit analysis suggest that interventions guided by PFM could reduce annual phishing-related costs by nearly $1,900 per employee relative to comparison prediction methods.

scholarly journals An Emerging Solution for Detection of Phishing Attacks

2021 ◽  
Author(s):  
Prasanta Kumar Sahoo
Keyword(s):  
Cyber Security ◽  
Electronic Mail ◽  
Social Engineering ◽  
Machine Learning Algorithms ◽  
Security Attacks ◽  
Decision Tree Classifier ◽  
Phishing Attacks ◽  
Tree Classifier ◽  
Prevention Methods ◽  
E Mail

In this era of computer age, as more and more people use internet to carry out their day to day work so as hackers performs various security attacks on web browsers and servers to steal user’s vital data. Now Electronic mail (E-mail) is used by everyone including organizations, agency and becoming official communication for the society as a whole in day to day basis. Even though a lot of modern techniques, tools and prevention methods are being developed to secure the users vital information but still they are prone to security attacks by the fraudsters. Phishing is one such attack and its detection with high accuracy is one of the prominent research issues in the area of cyber security. Phisher fraudulently acquire confidential information like user-id, passwords, visa card and master card details through various social engineering methods. Mostly blacklist based methodology is used for detection of phishing attacks but this method has a limitation that it cannot be used for detection of white listed phishing. This chapter aims to use machine learning algorithms to classify between phishing E-mails and genuine E-mails and helps the user in detecting attacks. The architectural model proposed in this chapter is to identify phishing and use J48 decision tree classifier to classify the fake E-mail from real E-mail. The algorithm presented here goes through several stages to identify phishing attack and helps the user in a great way to protect their vital information.

Taxonomy for Computer Security Incidents

2011 ◽  
pp. 421-418 ◽  
Author(s):  
Stefan Kiltz ◽  
Andreas Lang ◽  
Jana Dittmann
Keyword(s):  
Computer Security ◽  
Social Engineering ◽  
Security Evaluation ◽  
Malicious Software ◽  
Penetration Testing ◽  
Dumpster Diving ◽  
E Mail ◽  
Security Incidents ◽  
New Entry

The adaptation and extension is necessary to apply the CERT-taxonomy to malware in order to categorise the threat (e.g., Trojan horses, Viruses etc.) as a basis for countermeasures. For the adaptation of the taxonomy to include malware a new entry in the tools section is needed (malicious software). This entry will cover the Trojan horses mentioned earlier. The proposed extension of the CERT-taxonomy will include the attacker-model, the vulnerability and the objectives. Within the attacker-model a new entry should be added, the security scan. This type of penetration testing by security-experts is similar to the works done by ‘white hat’- hackers. However, such penetration testing is done by contractors on request, within strict margins concerning ethics and the assessment of potential damages before such testing takes place. The objectives within the CERT-taxonomy need a supplement, the security evaluation. This of course is the addition necessary to complement the introduction of the security scan. A very important vulnerability, social engineering, should be added to the taxonomy as well. It describes a very effective way to attack an IT-System. Two types can be distinguished, social engineering with the use of computers (e.g. e-mail content, phishing) and social engineering using human-based methods (e.g. dumpster diving, impostors).

scholarly journals Validation of a vignettes-based, hands-on cybersecurity threats situational assessment tool

2018 ◽  
Vol 6 (1) ◽  
pp. 107-118
Author(s):  
Melissa Carlton ◽  
Yair Levy ◽  
Michelle Ramim
Keyword(s):  
Assessment Tool ◽  
Social Engineering ◽  
Future Research ◽  
Organizational Networks ◽  
Sensitive Data ◽  
Advanced Persistent Threats ◽  
Chemical Hazards ◽  
Hands On ◽  
Situational Assessment ◽  
Almost All

Advanced Persistent Threats (APTs) have been growing with social engineering and corporate e-mail compromise reported as the two most penetration vectors to organizational networks. Historically, users (i.e., office assistants, managers, executives) have access to sensitive data and represent up to 95% of cybersecurity threats to organizations. This study addressed the problem of threats to organizational information systems (IS) due to vulnerabilities and breaches caused by employees. While in the past, only selected employees at the organization had access to the computer networks, with the proliferation of mobile devices almost all employees and vendors/contractors have access to the organizational networks. Computer and mobile device users are one of the weakest links in the cybersecurity chain, due to their limited cybersecurity skills (CySs). Over the years, the measures of CySs of computer users were based on self reported surveys or measured knowledge only. Prior IS and medical research found participants view scenarios as nonintrusive and unintimidating, while providing a realistic way to assess various situations from sexual harassment to chemical hazards. Therefore, this paper discusses the validation stage of a cybersecurity threats situational assessment tool that utilizes vignettes with observable hands-on tasks to measure and quantify CySs. Discussions and future research are also presented.

scholarly journals An explanatory study of the use of e-mail investor communication by South African listed companies

2016 ◽  
Vol 18 (1) ◽  
Author(s):  
Roelof Baard ◽  
George Nel
Keyword(s):  
Listed Companies ◽  
Future Research ◽  
Contact Method ◽  
Interactive Communication ◽  
Handling Performance ◽  
Corporate Websites ◽  
Use Of Social Media ◽  
Almost All ◽  
The Cost ◽  
E Mail

Background: Although research shows that almost all listed companies have corporate websites with dedicated investor relations (IR) sections that enable companies to ‘push’ information to investors, it was argued that such an asymmetrical approach to communication is insufficient for companies wishing to exercise good IR. The purpose of this study was to test the effectiveness of the Internet to act as a mechanism to achieve more interactive communication between companies and investors.Objectives: The objectives of the study were to measure the responsiveness, timeliness and relevance of companies’ responses to e-mail requests, and to test for the determinants (size, market-to-book ratio, profitability, leverage and liquidity) thereof.Method: The mystery investor approach and a content analysis were used to study the e-mail handling performance of companies. The associations between company-specific characteristics were statistically tested.Results: It was found that the e-mail handling performance of companies in this study was poor compared with previous studies. Significant relationships between company size and responsiveness and relevance, and between market-to-book ratio and relevance were reported, as well as between the contact method used to request information and relevance and the use of social media and timeliness.Conclusion: Specific areas where companies could improve their investor communications were identified. The need for further research was discussed to explain some of the relationships found, as well as those not found, in contrast to what was expected. Future research is warranted to examine the relationship between the e-mail handling performance of companies and information asymmetry and the cost of equity of companies.

Proton: Its rise, Fall, and Future Prospects

2012 ◽  
Vol 16 (02) ◽  
pp. 347-377
Author(s):  
Jane Terpstra Tong ◽  
Robert H. Terpstra ◽  
Ngat Chin Lim
Keyword(s):  
Joint Venture ◽  
Trade Policies ◽  
Business Decisions ◽  
Passenger Vehicles ◽  
Social Agenda ◽  
Hands On ◽  
Asean Countries ◽  
The Government ◽  
Almost All ◽  
Economic Development Model

This case focuses on the challenges faced by a Malaysian state-owned automobile manufacturer, Proton. In so doing, it exemplifies the political context in which businesses, both domestic and foreign, operate in Malaysia. What makes Proton unique is its origin as the brainchild of Tun Dr. Mahathir bin Mohammad, Malaysia's fourth Prime Minister. Mahathir was one of the longest-serving leaders in Asia when he resigned in 2003. Over his 22-year reign, Mahathir and his government made several fundamental changes to Malaysia's institutions and his legacy is still reflected in the current social, political and economic institutions. One of the more controversial economic programs he championed was the National Car Project, under which Proton was established. When Mahathir decided to industrialise Malaysia's economy, he did not look to the west for direction, but instead turned to the east — Japan. He adopted the Japanese economic development model that emphasises hands-on government involvement in the economy. To form Proton, he selected Japanese Mitsubishi Motors as the joint venture partner and within two years Proton was rolling out its own vehicles, which in effect were the “rebadged” version of Mitsubishi's Lancer. To ensure there were customers for Proton vehicles, the government raised import tariffs, making it very expensive to buy foreign imports. It also made Proton the official supplier for almost all government passenger vehicles. Under the protection policies of Mahathir, Proton grew to dominate the domestic market. However, it was unable to succeed in obtaining the desired technology from its Japanese partner, or in developing the ability to survive independently and compete effectively, especially in the international market. Part of Proton's weakness stemmed from its social agenda, which favoured bumiputera suppliers, even at the expense of cost and quality efficiency. Proton therefore serves as a good example to illustrate what can happen to a business when it is over-protected, and when business decisions are not made on merit-based principles. Proton's weaknesses were further exposed when the government allowed the establishment of a second national automaker, Perodua, in 1993. The recent free-trade policies adopted by the ASEAN countries, and also by China and India, have put even more pressure on Proton to transform. But the question is how?

scholarly journals Persuading end users to act cautiously online: a fear appeals study on phishing

2018 ◽  
Vol 26 (3) ◽  
pp. 264-276 ◽  
Author(s):  
Jurjen Jansen ◽  
Paul van Schaik
Keyword(s):  
Information Sharing ◽  
Fear Appeals ◽  
Future Research ◽  
Protection Motivation ◽  
Online Information ◽  
Fear Appeal ◽  
Content Type ◽  
Phishing Attacks ◽  
Internet Users ◽  
Post Test

Purpose The purpose of this paper is to test the protection motivation theory (PMT) in the context of fear appeal interventions to reduce the threat of phishing attacks. In addition, it was tested to what extent the model relations are equivalent across fear appeal conditions and across time. Design/methodology/approach A pre-test post-test design was used. In the pre-test, 1,201 internet users filled out an online survey and were presented with one of three fear appeal conditions: strong fear appeal, weak fear appeal and control condition. Arguments regarding vulnerability of phishing attacks and response efficacy of vigilant online information-sharing behaviour were manipulated in the fear appeals. In the post-test, data were collected from 786 internet users and analysed with partial least squares path modelling. Findings The study found that PMT model relations hold in the domain of phishing. Self-efficacy and fear were the most important predictors of protection motivation. In general, the model results were equivalent across conditions and across time. Practical Implications It is important to consider online information-sharing behaviour because it facilitates the occurrence and success of phishing attacks. The results give practitioners more insight into important factors to address in the design of preventative measures to reduce the success of phishing attacks. Future research is needed to test how fear appeals work in real-world settings and over longer periods. Originality/value This paper is a substantial adaptation of a previous conference paper (Jansen and Van Schaik, 2017a, b).

scholarly journals Rapid e-mail response increases consultation continuation rates for suicide prevention: A case study of first-contact e-mails in Japan

2020 ◽  
Author(s):  
Asumi Takahashi ◽  
Hajime Sueki ◽  
Jiro Ito
Keyword(s):  
Suicide Prevention ◽  
Continuation Rate ◽  
Consultation Service ◽  
Psychological Consultation ◽  
Speed Of Response ◽  
Internet Users ◽  
First Contact ◽  
E Mail ◽  
Continuation Rates

Online gatekeeping is a psychological consultation service in which e-mails are sent to Internet users who are at risk of suicide. This research aimed to clarify the relation between the continuation rate of the service and the speed of response to the user’s first-contact e-mails. We analyzed 290 initial e-mails that arrived at [author’s institution], the study’s specified nonprofit corporation. The reply speed for e-mails arriving during the day was related to consultation continuation: responses sent within and more than 12 hours produced continuation rates of approximately 70% and 44%, respectively. Hence, systems that enable consultants to respond to first-contact e-mails within 12 hours are important for consultation to commence.

scholarly journals Analisis Pengaruh Penggunaan Facebook Bagi Mahasiswa dan Hubungannya dengan Gangguan Kecanduan Facebook

2019 ◽  
Vol 3 (3) ◽  
pp. 167
Author(s):  
Ronal Watrianthos ◽  
Ibnu Rasyid Munthe ◽  
Rahma Muti’ah
Keyword(s):  
Social Networking Sites ◽  
Leisure Time ◽  
Online Survey ◽  
Rapid Development ◽  
Empirical Studies ◽  
Internet Users ◽  
Spss Software ◽  
Facebook Addiction ◽  
High Level ◽  
Almost All

Along with the rapid development of Social Networking Sites (SNS), social media, recently, has become a lifestyle for many people around the world, including in Indonesia. The data in January 2018 showed that in Indonesia out of 132.7 million internet users, almost all (131 million), or up 23% from the data in 2017, were Facebook users with the dominance of 18-24 years old, 35% of whom were the highest active users. The rapid growth of Facebook users annually in Indonesia, especially in the age of students and college students, encourages researchers to conduct many empirical studies of Facebook use among students. There is a tendency for using Facebook continuously to create FAD effects (Facebook Addiction Disorder) among students and can affect the spirit of learning. This study also discusses what is the motivation for using Facebook and seeing the potential for FAD to occur. In this study, an online survey over 375 respondents from several students in Labuhanbatu District was conducted. To explore respondents' motives in using Facebook, respondents were given questions that were divided into the following five motives: social interaction, leisure time, entertainment, friends, and communication. While to look for potential addiction, respondents were given questions using the Bergen Facebook Addiction (BFAD) scale. In getting a connection between the motives for using Facebook and Facebook Addiction, the data was tested by analysis of variants (ANOVA) and partial tests using SPSS software. The results obtained were 65.8% of participants were at a moderate level, while 20.3% were at a low level, and only 13.9% of participants were at a high level. While the most significant motive affecting respondents in using Facebook is the motive to fill the time and motives for communicating.

Sign in / Sign up

Export Citation Format

Share Document