Improving Awareness of Social Engineering Attacks
نویسندگان
چکیده
Social engineering is a method of attack involving the exploitation of human weakness, gullibility and ignorance. Although related techniques have existed for some time, current awareness of social engineering and its many guises is relatively low and efforts are therefore required to improve the protection of the user community. This paper begins by examining the problems posed by social engineering, and outlining some of the previous efforts that have been made to address the threat. This leads toward the discussion of a new awareness-raising website that has been specifically designed to aid users in understanding and avoiding the risks. Findings from an experimental trial involving 46 participants are used to illustrate that the system served to increase users’ understanding of threat concepts, as well as providing an engaging environment in which they would be likely to persevere with their learning.
منابع مشابه
A Systematic Gap Analysis of Social Engineering Defence Mechanisms Considering Social Psychology
Social engineering is the acquisition of information about computer systems by methods that deeply include non-technical means. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii) can be used by anyone, (iii) is cheap. Tradition...
متن کاملThe Design and Evaluation of an Interactive Social Engineering Training Programme
Social engineering is a major issue affecting organisational security. Educating employees on how to avoid social engineering attacks is important because social engineering tries to penetrate an organisation by using employees to grant authorized access to sensitive information. While there are a number of theoretical studies about social engineering, a few practical studies have moved towards...
متن کاملSocial Engineering in the Context of Cialdini's Psychology of Persuasion and Personality Traits
This thesis shows that social engineering mainly relies on peripheral route persuasion and that consequently, Cialdini’s principles of influence can be used to explain how social engineering attacks work. It is further shown by a comprehensive literature review that individual values of personality traits relate to social engineering susceptibility. Based on these arguments, a framework is prop...
متن کاملExperimental Case Studies for Investigating E-Banking Phishing Intelligent Techniques and Attack Strategies
Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical...
متن کاملA Typology Of Social Engineering Attacks - An Information Science Perspective
Hackers are increasingly exploiting the social movement on the Internet, which is responsible for domestication of the web and its associated technologies, by using novel methods of online social engineering. However, there is not enough support in the form of published research that can help us gain a holistic understanding of human vulnerabilities that are central to online social engineering...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009