The Impact of Social Engineer Attack Phases on Improved Security Countermeasures

The objective of this paper is to examine a model to identify Social Engineer Attack Phases to improve the security countermeasures by Social-Engineer Involvement. A questionnaire was developed and distributed to a sample of 243 respondents who were actively engaged in 3 Jordanian telecommunication companies. All hypotheses were tested using (PLS-SEM). The results of the study indicate that Social Engineer Attack Phases (Identification the potential target, Target Recognition, Decision approach, and Execution) have a partially mediate and significant impact on improving the security countermeasures by Social-Engineer Involvement. On the other hand, the Social Engineer Attack Phases (Information Aggregations, Analysis and Interpretation, Armament, and Influencing) have a fully mediate and significant impact on improving the security countermeasures by Social-Engineer Involvement. The findings of this study help to provide deep insight to help security professionals prepare better and implement the right and appropriate countermeasures, whether technical or soft measures.

Social-Engineer 'Civil Servants' Historical Development & Common Law Perspective

Civil services in India are modeled upon the pattern of Britain. Still there are some important defenses between the law relating to civil servants in England and India. The expression civil post has been subject of judicial interpretation. The safeguard to Govt. servants in India has been provided in Indian constitution under Article and fundamental rights against doctrine of pleasure enumerated in Article 3l0. The doctrine pleasure is originated from English law through East India Company when British directly took over the command of India from East India Company. The doctrine of pleasure was prerogative of king in England. Which means govt. servants used to hold office during the pleasure of king or crown and his services could be terminated at any stage with giving him opportunity unless provided in statute. The crown was not bound by the terms and conditions of employment and terms of contract. It was considered that, king can do no wrong. There were direct relation between crown and its servants and the crown was empowered to terminate the services of its servant without affording them opportunity of hearing or without pay them any retrenchment compensation, pension benefits, damages for wrongful termination or any other relief which are applicable in present era.

Social-Engineer 'Civil Servants' Historical Development & Common Law Perspective

Civil services in India are modeled upon the pattern of Britain. Still there are some important defenses between the law relating to civil servants in England and India. The expression civil post has been subject of judicial interpretation. The safeguard to Govt. servants in India has been provided in Indian constitution under Article and fundamental rights against doctrine of pleasure enumerated in Article 3l0. The doctrine pleasure is originated from English law through East India Company when British directly took over the command of India from East India Company. The doctrine of pleasure was prerogative of king in England. Which means govt. servants used to hold office during the pleasure of king or crown and his services could be terminated at any stage with giving him opportunity unless provided in statute. The crown was not bound by the terms and conditions of employment and terms of contract. It was considered that, king can do no wrong. There were direct relation between crown and its servants and the crown was empowered to terminate the services of its servant without affording them opportunity of hearing or without pay them any retrenchment compensation, pension benefits, damages for wrongful termination or any other relief which are applicable in present era.

MODEL OF VULNERABILITIES ANALYSIS OF SOCIO-TECHNICAL SYSTEMS TO THE SOCIAL ENGINEERING INFLUENCES

Socio-technical systems as education with technical and social subsystems are considered. The directions for ensuring their safety have been established and among them the use of technical capabilities has been singled out, taking into account user behavior. Attention is paid to their vulnerabilities to the realisability of sociotechnical threats, in particular, the influence of social engineering. The orientation of such an influence on the manipulation of weaknesses, needs, mania (passions), user hobbies is shown. This leads to the insolvency of socio-technical systems to counteract the influence of social engineering. This can be prevented by analyzing the user's vulnerabilities regarding the forms of manipulation of their consciousness. The approaches to counteracting the use of social engineering are compared. For each of them, the application features, advantages, and disadvantages are analyzed. Given this, it is proposed to use fuzzy directed social graphs to set a model for analyzing the vulnerabilities of socio-technical systems. This was preceded by the definition of the concepts of the social network, actor, relationships. This view allows us to take into account the characteristics of the social engineering influence. In particular, the numbers of input and output arcs distinguish varieties of actors from the social engineer, user, manipulative form, vulnerability. While the importance of each of them is determined using the characteristics of centrality and prestige. At the same time, the levels of the actor, dyad, and the triad of vulnerabilities analysis of socio-technical systems to the effects of social engineering are highlighted. This will make it possible to determine the ways of such impacts taking into account the peculiarities of their realizability through user vulnerabilities and, as a result, to counteract them. In further research, it is planned to develop a method for analyzing the vulnerability of socio-technical systems to the impacts of social engineering based on the proposed model.

Social engineering in the context of ensuring information security

The paper presents the main key features of social engineering and a social engineer activity. Emphasis is placed on the study of social engineering techniques in the system of human-machine interaction used to implement the illegal (malicious) manipulation of human behavior patterns. The matrix of social engineering qualification criteria and the map of information security risks caused by social engineer actions were built.

Threat Language: Cognitive Exploitation in Social Engineering

A social engineering aims to elicit sensitive information by using various manipulation approach to exploit the victim. The increasing of social communication platform such as email, messenger, facebook, linkedin, researchgate, combined with the social psychology and cognitive linguistics become a new weapon to attack either personal or even institutional targets. This paper explores the language used by the attacker to expose psychological threat to elicit sensitive information and to direct the victim to execute the certain action. The data are taken from emails which contain threat language. This paper illustrates how an attacker uses threat language to perform social engineering. The analysis is based on social engineering attack classification (Mouton, 2016) and cognitive pragmatics (Bara, 2010). The result shows rather than using persuasive approach, the attacker uses the threat to exploit cognitive process in thinking and decision making. Moreover the research also found pattern of a social engineer email: warning, threat, and enhancement.