Your search keyword '"SOCIAL engineering (Fraud)"' showing total 62 results

1. HOW DO YOU KNOW IF YOU'VE BEEN.

Author

Rawlinson, Nik

Subjects

COMPUTER passwords, SOCIAL engineering (Fraud), COMPUTER network traffic, COMPUTER security

Abstract

This article from Maximum PC discusses the signs of a cyberattack and provides recommendations for identifying and resolving attacks quickly. It emphasizes that cyberattacks are often discreet and do not come with obvious signs like in movies. The article suggests taking preventive measures such as using strong passwords, enabling two-factor authentication, and keeping devices updated. It also discusses the use of SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) systems to detect and respond to intrusions. The article concludes by emphasizing the importance of being prepared and having a plan of response in case of an attack. [Extracted from the article]

Published

2024

2. User Susceptibility to Malicious Push Notifications in Augmented Reality at the Workplace.

Author

KATZ, SARAH

Subjects

AUGMENTED reality, SOCIAL engineering (Fraud), COMPUTER security, SOCIAL media, INFORMATION technology security, DIGITAL technology

Abstract

The article presents the discussion on digital environment when immersed users become distracted by an AR interface. Topics include access social media and other websites on their personal smartphones at work or use an office network to visit these platforms; and potential oversight could risk users engaging with notifications designed for social engineering or espionage.

Published

2024

3. Social engineering: Methodologies to counter computer attacks on the web. Case: Barrio 26 de Septiembre, Portoviejo, Ecuador.

Author

Meza, Jonathan, Cedeño, Emilio, Zambrano, Michelle, Zambrano, Walter, and Zambrano, David

Subjects

*SOCIAL engineering (Fraud), *CYBERTERRORISM, *PERSONAL computers, *COMPUTER security, *IDENTITY theft

Abstract

Social Engineering refers to the set of activities that have the objective of manipulating human beings through deception with the sole purpose of obtaining private access or confidential information from the same people, companies. This study aims to determine in Social engineering, methodologies to counter computer attacks on the web in the Barrio 26 de Septiembre, Portoviejo, Ecuador. With the research carried out and what is currently experienced, it can be said that it is increasingly common to be a victim of computer attacks by Social Engineering, which is characterized by studying the exploitation of user trust to extract confidential information, The purpose of these techniques is to achieve the infiltration of people into organizations, homes, or any other place; also identity theft through deception, in order to seize information or data at your convenience. This research shows its importance within the branch of computer security, it is raised through a systematic review on Social Engineering. For the elaboration of this work, a Quantitative, Analytical, Descriptive and Bibliographical methodology was chosen; For the collection of information, a survey was applied to residents of the 26 de Septiembre neighborhood to find out what knowledge they have regarding Social Engineering, taking into consideration various aspects, such as: management of credentials, types of portals or applications that they use, information that is requested the most on web pages, configuration of smart equipment (laptops, mobile devices and desktop computers). As a result, it was possible to know that the majority of the people surveyed are unaware of Social Engineering techniques, therefore, they do not know what to do and how to act in case of an attack, therefore, a list with preventive methodologies that allow the user to identify malicious computer attacks. In conclusion, it was established that the methodologies that allow to mitigate and counteract computer attacks have to do with the development of security policies and plans, computer security training, Backup's or Security Copies of personal information, a correct authentication of the information when entering a website, as well as the periodic update of devices. [ABSTRACT FROM AUTHOR]

Published

2024

4. HOW DO YOU KNOW IF YOU’VE BEEN HACKED?

Subjects

COMPUTER passwords, COMPUTER hacking, SOCIAL engineering (Fraud), COMPUTER network traffic, COMPUTER security

Abstract

This article discusses the signs of a cyberattack and provides recommendations for identifying and resolving attacks quickly. It emphasizes that modern attacks are often discreet and aim to use compromised systems for various purposes, such as mining cryptocurrency or launching anonymous attacks. The article suggests measures to prevent attacks, including strengthening passwords, using two-factor authentication, and keeping devices patched and updated. It also explains the importance of implementing SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) systems to detect and respond to intrusions. The article concludes by highlighting the need for preparedness and documentation in case of an attack, as well as staying informed about evolving security threats. [Extracted from the article]

Published

2024

5. HOW DO YOU KNOW IF YOU'VE BEEN HACKED?

Author

Rawlinson, Nik

Subjects

COMPUTER passwords, COMPUTER hacking, SOCIAL engineering (Fraud), COMPUTER network traffic, COMPUTER security

Abstract

This article discusses the signs of a cyberattack and provides recommendations for identifying and resolving attacks quickly. It emphasizes that modern attacks are often discreet and aim to use compromised systems for various purposes, such as mining cryptocurrency or launching anonymous attacks. The article suggests measures to prevent attacks, such as using strong passwords, enabling two-factor authentication, and keeping devices patched and updated. It also explains the importance of implementing SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) systems to detect and respond to intrusions. The article concludes by emphasizing the need for preparedness and staying updated on security measures to mitigate the risks of breaches. [Extracted from the article]

Published

2024

6. Comprehensive Event-Time-Action Threat Intelligence To Prevent Advanced Persistent Threats.

Author

Khadar A., Abdul, Math, Shrishail, Brahmananda S. H., and Shivamurthy G.

Subjects

*SOCIAL engineering (Fraud), *COMPUTER security, *PHISHING prevention, *PHISHING, *FORENSIC sciences, *SECURITY systems

Abstract

The overall efforts and expenses put across by the organizations and institutions to protect their sensitive information from the larceners has drastically elevated in the recent past with the enhancement and sophistication of advanced persistent threats (APT) attacks, yet obfuscation that these APTs create while in business are proving these organization's and institution's security systems feeble. To prevent the APT's proliferation, the computer security systems shall get out-of-the-box solutions that can challenge the invaders. The proposed comprehensive event-time-action (CETA) threat intelligence has come up with such a model. The basic cons of the existing security systems is to go with the flow which they have found in forensic investigation of the attacks that APTs have made. The CETA model uses the pattern and procedures that the APTs follow, as proposed by Lockheed Martin's intrusion kill chain (IKC), with a new shade every-time. CETA with the consolidation of shuffle-selective-search module, octa-secured entry module, ensnare the invader module and machine learning tools has successfully detected and with better efficiency has prevented the APT's attacks trails. The rigorous experiments with penetration tests and vulnerability exploitations the CETA model has found that sensitive information system could not be breached with success rate of 97.43% of prevention and 98.67% accuracy of detection of the attacks by the APT's spear phishing and social engineering attack vectors. [ABSTRACT FROM AUTHOR]

Published

2023

7. Cybersecurity of information systems at the National Archives and Records Service of South Africa.

Author

Moyana, Ntandoyenkosi Sinqobile and Chuma, Kabelo Given

Subjects

*SOCIAL engineering (Fraud), *NATIONAL archives, *DENIAL of service attacks, *INSTITUTIONAL repositories, *CYBERTERRORISM, *INFORMATION storage & retrieval systems, *DATA security, *ARCHIVES

Abstract

In today's computerised world, cybersecurity attacks have become a major headache with detrimental effects on cultural institutions including libraries, archives, and museums around the world. The exponential growth in the use of Information and Communication Technology (ICT) and advances in digitalisation have increased the complexity of cybersecurity attacks and threats. Archival repositories face greater exposure to cybersecurity threats and attacks due to increasing digitalisation. In South Africa, a growing number of cultural heritage institutions such as archival repositories and libraries are under constant attack by cybersecurity threats and attacks to disrupt systems, networks, and services offered to the citizens. Cybersecurity could serve as the wall keeping malicious actors from attacking these institutions. This qualitative study sought to explore cybersecurity of information systems at the National Archives and Records Service of South Africa (NARSSA) in Pretoria. Data were collected through semi-structured interviews that were tape-recorded and analysed using a thematic analysis and NVivo 12 software package. The findings of this study revealed that the NARSSA is under severe attack from phishing attacks, computer viruses and worms, Trojan horses, password attacks, and Denial of Service attacks. The results further showed that Microsoft firewall, audit train, strong user password and anti-virus software were put in place to mitigate cybersecurity attacks and threats. The NARSSA should achieve a strong cyber resilience security posture to protect computer systems against cyber-attacks. It is concluded that the NARSSA needs to invest heavily in a security awareness program to continually train staff on how to identify and respond appropriately to the growing range of cyber security threats and defend against attacks such as phishing attacks, social engineering attacks, ransomware attacks, and malware attacks. [ABSTRACT FROM AUTHOR]

Published

2023

8. Guest Editorial: Cyber-Attacks, Strategic Cyber-Foresight, and Security.

Author

Fischer, Bruno, Meissner, Dirk, Nyuur, Richard, and Sarpong, David

Subjects

*DENIAL of service attacks, *ECONOMIC impact, *SOCIAL engineering (Fraud), *CLIENT/SERVER computing equipment, *ECONOMIC security, *ANTIVIRUS software, *TECHNOLOGICAL innovations

Abstract

The papers in this special section focus on cyberattacks, strategic cyber-foresight, and security applications. Reports of cyber-attacks against individuals, organizations, and businesses are on the rise. Attackers usually have a deliberate and malicious intent and may involve the criminals taking advantage of flaws in software code, using tricks to get around antivirus tools, and or exploiting unsuspecting users into divulging sensitive information. Often launched by isolated amateurs, or criminals that belong to often well-structured organizations, with money, motivation, and an agenda, such attacks are frequently designed to temporarily or indefinitely disrupt services of a host connected to the internet or simply grind institutional systems to a halt. Popular among social engineering, malwares employed in such attacks are what has come to be known as a distributed denial-of-service attack, which affect the infrastructure of websites, computer servers, and other network resources resulting in the compromise of critical personal or institutional data. Across the globe, these attacks are growing in sophistication, and they tend to have serious economic and security consequences for their targets. The chaos they precipitate can be life-threatening, and their cost can be considerable to target organizations or nations. Such features also affect the dynamics of collaboration among firms, thus posing negative effects on innovation dynamics. [ABSTRACT FROM AUTHOR]

Published

2022

9. The Human Touch: THERE IS NO SUBSTITUTE FOR GOOD, DIRECT, HONEST TRAINING.

Author

Neville-Neil, George V.

Subjects

SOCIAL engineering (Fraud), SENIOR leadership teams, BUSINESS enterprises, COMPUTER security, EMAIL security, INFORMATION technology security

Published

2023

10. GeneratingQuality Threat Intelligence Leveraging OSINT and a Cyber Threat Unified Taxonomy.

Author

MARTINS, CLÁUDIO and MEDEIROS, IBÉRIA

Subjects

SOCIAL engineering (Fraud), EMAIL, OPEN source intelligence, INTERNET security, COMPUTER security

Abstract

Today's threats use multiple means of propagation, such as social engineering, email, and application vulnerabilities, and often operate in different phases, such as single device compromise, lateral network movement, and data exfiltration. These complex threats rely on advanced persistent threats supported by well-advanced tactics for appearing unknown to traditional security defenses. As organizations realize that attacks are increasing in size and complexity, cyber threat intelligence (TI) is growing in popularity and use. This trend followed the evolution of advanced persistent threats, as they require a different level of response that is more specific to the organization. TI can be obtained via many formats, with open-source intelligence one of the most common, and using threat intelligence platforms (TIPs) that aid organizations to consume, produce, and share TI. TIPs have multiple advantages that enable organizations to quickly bootstrap the core processes of collecting, analyzing, and sharing threat-related information. However, current TIPs have some limitations that prevent their mass adoption. This article proposes AECCP, a platform that addresses some of the TIPs limitations. AECCP improves quality TI by classifying it accordingly a single unified taxonomy, removing the information with low value, enriching it with valuable information from open-source intelligence sources, and aggregating it for complementing information associated with the same threat. AECCP was validated and evaluated with three datasets of events and compared with two other platforms, showing that it can generate quality TI automatically and help security analysts analyze security incidents in less time. [ABSTRACT FROM AUTHOR]

Published

2022

11. Persuasion: How phishing emails can influence users and bypass security measures.

Author

Ferreira, Ana and Teles, Soraia

Subjects

*SECURITY systems, *COMPUTER security, *HUMAN behavior, *SOCIAL engineering (Fraud), *MENTAL calculators

Abstract

Highlights • Phishing email subject lines contain high and diverse persuasive power in just a few words. • The paper builds on the well-known and foundational work of Cialdini's (2007), Gragg's (2003) and Stajano and Wilson (2011) to derive a unique list of Principles of Persuasion in social engineering, resulting from the application of the relational method by two independent researchers. • The study of the relations between existing persuasion principles was applied to the content analysis, by two independent researchers, of a random sample of phishing emails subject lines (N = 194), dated from 2008 to 2017. A thematic content analysis and a sample characterization in terms of visual elements and targeted content, revealed that the most prominent persuasion principles were 'Authority', 'Strong Affect', 'Integrity' and 'Reciprocation'. The persuasion principle 'Strong Affect' was the one containing the larger percentage of references with the presence of visual elements. The use of the pronoun 'you' and 'your' was more evident for the categories 'Strong Affect' and 'Authority', while the employment of the pronouns 'we, us, our' was more expressive in the 'Reciprocation' principle. • This paper presents a method on the way to define a tool for automated identification of principles of human persuasion in social engineering, within phishing emails. Future solutions should focus on the use of socio-technical aspects related mainly to a small number of persuasion principles ('Authority' and 'Distraction – Strong Affect'), which seem to be the most commonly used in phishing emails. Abstract Phishing is a very dangerous form of social engineering with the aim to deceive people into disclosing private/confidential information. Despite widespread warnings and means to educate users to identify phishing messages, these are still a prevalent practice and a lucrative business. The authors believe that persuasion, as a style of human communication designed to influence others, has a central role in successful digital scams. Research on persuasion applied to phishing emails is scarce and tends to build on Cialdini's work alone. Only a single study has proposed a list of merged principles from three different perspectives but it has methodological limitations regarding the analysis' performance by a single researcher and the testing of principles in a small, not validated sample of phishing emails. This paper aims to fill those gaps by building on Cialdini's, Gragg's and Stajano & Wilson's works to derive a unique list of Principles of Persuasion in Social Engineering (PPSE), resulting from the application of the relational method by two independent researchers. The PPSE are identified, by two independent researchers (Kappa > 0.789) on a sample of phishing email subject lines (N = 194), dated from 2008 to 2017 and randomly selected from a reliable phishing archive (millersmiles.co.uk). A thematic content analysis, together with the sample characterization in terms of visual elements and targeted content, revealed that the most prominent principles of persuasion in phishing emails were 'Authority', 'Strong Affect', 'Integrity' and 'Reciprocation'. The larger percentage of references with the presence of visual elements was found for the 'Strong Affect' principle. The use of the pronouns 'you' and 'your' was more evident for the categories 'Strong Affect' and 'Authority', while the employment of the pronouns 'we, us, our' was more frequent in the 'Reciprocation' principle. This paper constitutes a step further in understanding the use of principles of persuasion in phishing emails with future applications on how their recognition can be automated. [ABSTRACT FROM AUTHOR]

Published

2019

12. On the anatomy of social engineering attacks-A literature-based dissection of successful attacks.

Author

Bullée, Jan‐Willem Hendrik, Montoya, Lorena, Pieters, Wolter, Junger, Marianne, and Hartel, Pieter

Subjects

*INTERNET security, *COMPUTER security, *WIRELESS communications, *INFORMATION technology, *DATA analytics, *SOCIAL engineering (Fraud)

Abstract

The aim of this study was to explore the extent to which persuasion principles are used in successful social engineering attacks. Seventy-four scenarios were extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenario was split into attack steps, containing single interactions between offender and target. For each attack step, persuasion principles were identified. The main findings are that (a) persuasion principles are often used in social engineering attacks, (b) authority (1 of the 6 persuasion principles) is used considerably more often than others, and (c) single-principle attack steps occur more often than multiple-principle ones. The social engineers identified in the scenarios more often used persuasion principles compared to other social influences. The scenario analysis illustrates how to exploit the human element in security. The findings support the view that security mechanisms should include not only technical but also social countermeasures. [ABSTRACT FROM AUTHOR]

Published

2018

13. Hackerphobia.

Author

Hutheesing, Nikhil and Ross, Philip E.

Subjects

COMPUTER hacking, BUSINESS enterprise digital resources, CONFIDENTIAL business information, COMPUTER security, SOCIAL engineering (Fraud)

Abstract

The article explores the challenges posed by hacking to businesses as of 1998. Topics discussed include the amount spent by businesses annually on protective hardware and software, companies that resorted to denying their employees Internet access to avoid being hacked such as cigarette manufacturer Philip Morris, and the use of social engineering to steal companies' confidential data.

Published

1998

14. Understanding of advanced social engineering attack techniques: Part I.

Author

Holeton, Jody

Subjects

*SOCIAL engineering (Fraud), *CYBERTERRORISM, *PHISHING, *COMPUTER crimes, *SWINDLERS & swindling, *COMPUTER security, *PONZI schemes, *INTERNET forums

Published

2022

15. Cybersecurity skills: Foundational theory and the cornerstone of advanced persistent threats (APTs) mitigation.

Author

Carlton, Melissa and Levy, Yair

Subjects

*INTERNET security, *SOCIAL engineering (Fraud), *COMPUTER security

Abstract

Cyber threats have been growing with social engineering and business e-mail compromise reported as the two most rising penetration vectors. Advanced Persistent Threats (APTs) are penetration techniques that combine several approaches to gain access to organizational networks. Organizations need a team of skilled individuals to mitigate or prevent the complexity and seriousness of cyber threats such as APTs. A skill is defined as the combination of ability, knowledge and experience to do something well. Therefore, cybersecurity skills correspond to individual's ability, knowledge and experience surrounding the hardware and software required to identify, protect, detect, respond and recover against damage, unauthorized use, modification, and/or exploitation of cyber infrastructure. Moreover, a strong security posture cannot exist without individuals that possess high level of cybersecurity skills as cyber-attackers prejudice against all nationalities. Therefore, the importance to find individuals that use their cybersecurity skills for good is paramount. This paper presents an-in-depth discussion on the theoretical rationale for cybersecurity skills as the cornerstone of APTs and other cyber threat mitigation. [ABSTRACT FROM AUTHOR]

Published

2017

16. Protecting against Tomorrow's Malware Attacks Today.

Author

Bunker, Guy

Subjects

MALWARE prevention, COUNTERTERRORISM, CYBERTERRORISM, INTERNET security, SOCIAL engineering (Fraud), COMPUTER security

Abstract

This article discusses why cybersecurity organizations need to rethink how they protect against the next wave of malware attacks and information-borne threats. The author analyzes monetization strategies driving malware development, the latest social engineering and payload delivery techniques, and a layer of sanitization to detect and prevent an attack before it starts. [ABSTRACT FROM AUTHOR]

Published

2016

17. A Double-Cross Policy against Social Engineers.

Author

Sindre, Guttorm

Subjects

DATA security, SOCIAL engineering (Fraud), REENGINEERING (Management), COMPUTER hacking, COMPUTER security

Abstract

Social engineering, where an attacker for instance calls up by phone and fools an employee into giving away sensitive information rather than getting the same information through a hacker attack, is may be the easiest way to break security in many organizations. Yet companies often spend much more on technical protection, and there has been relatively little research on the social aspects of information security compared to the technical ones. Commonly suggested processes advocate the systematic verification of identity for information requests that may be legitimate if the caller is who he claims to be, and flat rejection of illegitimate requests. This paper argues that an alternative approach, where the attacker is lured on, believing that the attack is succeeding, might in some cases provide even better protection. [ABSTRACT FROM AUTHOR]

Published

2011

18. REELING IN WORKERS.

Author

Olenick, Doug

Subjects

SOCIAL engineering (Fraud), PHISHING prevention, COMPUTER security

Abstract

The article offers the insights of several information technology (IT) experts regarding socially engineered phishing campaigns. Experts include chief information security officer (CISO) Michael Lamberg of software and services business OpenLink Financial, head of threat prevention marketing Andy Feit at security vendor Check Point Software Technologies, and chief technology officer (CTO) Vidur Apparao of email security vendor Agari.

Published

2016

19. AUDIT OF BANK'S INFORMATION SECURITY WHEN WORKING WITH ELECTRONIC MONEY.

Author

Melnychenko, O. V.

Subjects

BANK examination, INFORMATION storage & retrieval systems, COMPUTER security, DIGITAL currency, SOCIAL engineering (Fraud), BANKERS, TRAINING

Abstract

The article is devoted to the audit of the bank's information security when working with electronic money. The author considers main requirements and principles of conducting audit, identifies main directions of the audit, in particular, organisational-technical and legal provision of banks for prevention of violation of integrity, accessibility, confidentiality and observance of information systems, which ensure functioning of the electronic money systems. Moreover, the article pays attention to social engineering and focuses on the necessity to conduct audit of training of bank specialists that deal with electronic money operations and users (owners) of electronic money. [ABSTRACT FROM AUTHOR]

Published

2013

20. Electronic Security Issues: Protecting our Electronic Life from Social Engineering Attacks.

Author

Onwudebelu, Ugochukwu and Akpojaro, Jackson

Subjects

COMPUTER security, SOCIAL engineering (Fraud), DATA privacy, DATA protection, ELECTRONIC records, COMPUTER networks

Abstract

The essential need for security is apparent to organizations, government and individuals. Whether it is to secure a company's assets, abide by a law, or guard an individual's privacy, it has become evident that all are vulnerable to one form of electronic attack or another and that in order to protect sensitive information, all possible security precautions must be taken to limit any form of authorized access to electronic records or computer-related equipment. In this security-conscious era, we spend huge sums on technology to protect our computer networks and data. As IT security spending has increased so also has the number of successful attacks. This paper has been developed to highlight the fact that we all have an 'electronic life' which is been hunted by social engineers, and provides a solution on how this life can be protected. The purpose is to provide organizations and individual a simple solution for increasing security awareness against social engineering attacks towards their critical information. [ABSTRACT FROM AUTHOR]

Published

2012

21. Why do some people manage phishing e-mails better than others?

Author

Pattinson, Malcolm, Jerram, Cate, Parsons, Kathryn, McCormac, Agata, and Butavicius, Marcus

Subjects

EMAIL systems, INFORMATION resources management, COMPUTER users, COMMUNICATION, COMPUTER security, SOCIAL engineering (Fraud)

Abstract

Purpose – The purpose of this paper is to investigate the behaviour response of computer users when either phishing e-mails or genuine e-mails arrive in their inbox. The paper describes how this research was conducted and presents and discusses the findings. Design/methodology/approach – This study was a scenario-based role-play experiment that involved the development of a web-based questionnaire that was only accessible by invited participants when they attended a one-hour, facilitated session in a computer laboratory. Findings – The findings indicate that overall, genuine e-mails were managed better than phishing e-mails. However, informed participants managed phishing e-mails better than not-informed participants. Other findings show how familiarity with computers, cognitive impulsivity and personality traits affect behavioural responses to both types of e-mail. Research limitations/implications – This study does not claim to evaluate actual susceptibility to phishing emails. The subjects were University students and therefore the conclusions are not necessarily representative of the general population of e-mail users. Practical implications – The outcomes of this research would assist management in their endeavours to improve computer user behaviour and, as a result, help to mitigate risks to their organisational information systems. Originality/value – The literature review indicates that this paper addresses a genuine gap in the research. [ABSTRACT FROM AUTHOR]

Published

2012

22. Practical Methods for Information Security Risk Management.

Author

Amancei, Cristian

Subjects

COMPUTER security, RISK management in business, CONFIDENTIAL communications, SOCIAL engineering (Fraud), NETWORK Access Machine (Computer), COMPUTER software

Abstract

The purpose of this paper is to present some directions to perform the risk management for information security. The article follows to practical methods through questionnaire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation. [ABSTRACT FROM AUTHOR]

Published

2011

23. Password Collection through Social Engineering: An Analysis of a Simulated Attack.

Author

Cazier, Joseph A. and Botelho, Christopher M.

Subjects

SOCIAL engineering (Fraud), COMPUTER passwords, COMPUTER security, PRIVACY, COMPUTER hacking, CONSUMERS

Abstract

This study demonstrates that consumers, healthcare workers and corporate America are still very much vulnerable to simple social engineering attacks, even with current levels of security training. Through a simulation of what a real social engineer might try to do (with a few safeguards to protect participants) security levels were tested in the business district of a large downtown financial center, a hospital, and a university campus. Through the simulation attack, researchers were able to get useful demographic and tactical information from the majority of the victims. In addition, 73% of respondents shared a password with the researchers. Those with recent security awareness training were just as likely as those without to share their passwords with strangers. Results, implications and future directions are discussed [ABSTRACT FROM AUTHOR]

Published

2010

24. An overview of social engineering malware: Trends, tactics, and implications.

Author

Abraham, Sherly and Chengalur-Smith, InduShobha

Subjects

SOCIAL engineering (Fraud), INTERNET security, MALWARE, COMPUTER hacking, EMAIL security, COMPUTER users, DATA security, COMPUTER security

Abstract

Abstract: Social engineering continues to be an increasing attack vector for the propagation of malicious programs. For this article, we collected data on malware incidents and highlighted the prevalence and longevity of social engineering malware. We developed a framework that shows the steps social engineering malware executes to be successful. To explain its pervasiveness and persistence, we discuss some common avenues through which such attacks occur. The attack vector is a combination of psychological and technical ploys, which includes luring a computer user to execute the malware, and combating any existing technical countermeasures. We describe some of the prevalent psychological ploys and technical countermeasures used by social engineering malware. We show how the techniques used by purveyors of such malware have evolved to circumvent existing countermeasures. The implications of our analyses lead us to emphasize (1) the importance for organizations to plan a comprehensive information security program, and (2) the shared social responsibility required to combat social engineering malware. [ABSTRACT FROM AUTHOR]

Published

2010

25. The art of social engineering.

Author

Townsend, Kevin

Subjects

SOCIAL engineering (Fraud), SOCIAL networks, DATA security, DATA protection, COMPUTER security

Abstract

Social engineering is not new and it''s here to stay. Kevin Townsend looks at how social networking is a social engineer''s best friend and asks what we can do to protect ourselves from this very real — and very personal — threat [Copyright &y& Elsevier]

Published

2010

26. The Weakest Link: The Risks Associated with Social Networking Websites.

Author

Lehrman, Yosef

Subjects

ONLINE social networks, SOCIAL engineering (Fraud), TRUST, COMPUTER security, DATA protection, PRIVACY

Abstract

The article focuses on security risks related to social networking websites in the context of social engineering, defined as manipulating people into performing actions or divulging confidential information. According to the article, social engineers will exploit trust in human beings and use seemingly harmless information to launch cyber attacks. The article discusses how social engineers online "friends" with people or pretending to be people they trust. The article notes that users should have as little information online as possible and should make sure they treat strangers online as they would treat strangers in everyday life.

Published

2010

27. PEOPLE, PROCESS, AND TECHNOLOGY; A BLEND TO INCREASE AN ORGANIZATION SECURITY POSTURE.

Author

COTENESCU, Vlad-Mihai

Subjects

ORGANIZATION, COMPUTER security, DATA security, SOCIAL engineering (Fraud), TECHNOLOGY & society, SECURITY systems

Abstract

Few would argue that enterprises have increasingly become dependent on IT to facilitate business operations. In today's knowledge-driven economy, information is critical to an enterprise's ability not only to survive but also to thrive. Experienced business leaders know that information deserves at least the same level of protection as any other asset, and have made information security managers a common addition to the organization chart. Organizations lose proprietary information daily due to hackers, insiders, or business partners. Most organizations think that this issue isbeing addressed with technology alone, but that is not realistic. This article will try to demonstrate that focusing holistically on people, processes, andtechnology can reduce the impact of data loss. People can be trained to recognize threats such asphishing and social engineering. Processes can address the issue through policies and procedures. Technology can be implemented to monitor and prevent attacks against the environment. [ABSTRACT FROM AUTHOR]

Published

2016

28. Social engineering: assessing vulnerabilities in practice.

Author

Bakhshi, Taimur, Papadaki, Maria, and Furnell, Steven

Subjects

SOCIAL engineering (Fraud), EMAIL systems, HIGH technology industries personnel, EMPLOYEE training, COMPUTER security, SECURITY systems, COMPUTER crimes, DATA protection, INDUSTRIAL management

Abstract

The article presents a study which explores the level of susceptibility to social engineering among employees within a cooperating organisation. Social engineering remains a popular method of compromising the security of computing systems. An e-mail-based experiment was done where staff were sent a message asking them to follow a link and install a claimed software update. The results showed that 23% of recipients were fooled by the attack. It suggests that many users lack security awareness needed to protect them online.

Published

2009

29. Social Engineering: Hacking the Wetware!

Author

Applegate, ScottD.

Subjects

*COMPUTER hackers, *PHISHING, *SOCIAL control, *COMPUTER hacking, *COMPUTER security, *SOCIAL engineering (Fraud)

Abstract

Social engineering is a methodology that allows an attacker to bypass technical controls by attacking the human element in an organization. There are many techniques commonly used in social engineering including but not limited to Trojan and phishing email messages, impersonation, persuasion, bribery, shoulder surfing, and dumpster diving. Hackers rely on social engineering attacks to bypass technical controls by focusing on the human factors. Social engineers often exploit the natural tendency people have toward trusting others who seem likeable or credible, deferring to authority or need to acquiesce to social conformity. Mitigation of social engineering begins with good policy and awareness training, but there are a number of other approaches an organization can take to defend against this type of an attack. Social engineering attacks are likely to increase, and it is becoming increasingly important for organizations to address this issue. [ABSTRACT FROM AUTHOR]

Published

2009

30. Educate Users Against Social Engineering.

Author

Beckman, Mel

Subjects

SOCIAL engineering (Fraud), DATA security, BUSINESS records, ACCESS to information, COMPUTER security, ACCESS control

Abstract

The article focuses on the importance of protecting the corporate information assets of an organization against social engineering. It mentions that users must be educated on the methods the hackers enforce through the creation of social engineering syllabus and social engineering exercises. Also, it offers effective security measures to combat against social engineering such as misdirection and following good security practices and procedures.

Published

2011

31. Robot Social Engineering: Attacking Human Factors with Non-Human Actors.

Author

Postnikoff, Brittany and Goldberg, Ian

Subjects

HUMAN-robot interaction, SOCIAL robots, SOCIAL engineering (Fraud), SOCIAL skills, INTERNET security

Abstract

Social robots may make use of social abilities such as persuasion, commanding obedience, and lying. Meanwhile, the field of computer security and privacy has shown that these interpersonal skills can be applied by humans to perform social engineering attacks. Social engineering attacks are the deliberate application of manipulative social skills by an individual in an attempt to achieve a goal by convincing others to do or say things that may or may not be in their best interests. In our work we argue that robot social engineering attacks are already possible and that defenses should be developed to protect against these attacks.We do this by defining what a robot social engineer is, outlining how previous research has demonstrated robot social engineering, and discussing the risks that can accompany robot social engineering attacks. [ABSTRACT FROM AUTHOR]

Published

2018

32. We Are the Front Lines – Protecting Yourself Protects the Organization.

Author

Buenger, Tony

Subjects

CYBERTERRORISM, SOCIAL engineering (Fraud), COMPUTER passwords, MULTI-factor authentication, INTERNET security, COMPUTER security

Abstract

The article discusses a forum discussion to protect organization from cyberattacks. Topics discussed include cyber attacker uses social engineering as a primary tool to bypass the traditional network layers of defense; attacker can determine an individual's password through various means, including collecting stolen passwords available for sale on the dark web, exploiting the tendency to use predictable passwords and two-factor authentication is the next logical step for securing.

Published

2019

33. Social engineering attacks caused majority of business breaches in 2020.

Subjects

SOCIAL engineering (Fraud), CYBERTERRORISM, RANSOMWARE, COMPUTER security, ONLINE identity theft, DENIAL of service attacks

Published

2021

34. Cybercrime and Social Engineering.

Author

Bassingthwaighte, Mark

Subjects

COMPUTER crimes, SOCIAL engineering (Fraud), LAWYERS -- Crimes against, SWINDLERS & swindling, PHISHING prevention, LAW firms -- Security measures, COMPUTER security, EMPLOYEE training

Abstract

The article discusses the relationship between cybercrime and social engineering, and it mentions scams targeting lawyers and law firms, as well as information about attorney-client privilege and phishing attacks. Computer security measures for attorneys and law firms are addressed, along with employee training and online tools for preventing cybercrime and fraudulent email attacks.

Published

2018

35. New rules for combating new threats.

Author

Tankard, Colin

Subjects

*COMPUTER security, *CYBERTERRORISM, *INFORMATION theory, *SOCIAL engineering (Fraud), *MALWARE, *COMPUTER access control

Abstract

Today's security attacks are more insidious than they used to be. They use a combination of blended techniques and are aimed at achieving a particular result, such as stealing information that can be used for financial gain. The term APT (advanced persistent threat) has come into use to describe new types of attacks that are characterised by their use of multiple approaches to gaining access to systems, including social engineering, zero-day malware, trojans and compromised hardware, and the sophisticated way that they attempt to fly under the radar to avoid detection so that they can be used over the longer term, not just for immediate financial gain. [Copyright &y& Elsevier]

Published

2014

36. The Changing Nature Of Web Security Threats.

Author

Collins, Jon

Subjects

WEBSITE security, COMPUTER security, COMPUTER crimes, SOCIAL engineering (Fraud), COMPUTER network laws

Abstract

The article focuses on the evolution of Web-based security threats, the Web-related issues associated with these threats, and the development in Web security protections. It discusses the nature of different kinds of threats including web page drive-by infections, social engineering and fraud, and denial of service and botnets. It also discusses how to choose and implement a security solution, and recommends the need for proper policies and awareness on the matter.

Published

2009

37. WHAT'S NEW IN SECURITY TO COUNTER EVOLVING CYBERCRIME.

Author

Mohanty, Rajat

Subjects

COMPUTER crime prevention, CYBERTERRORISM, COUNTERTERRORISM, CYBERCRIMINALS, DIGITAL technology, COMPUTER hackers, SOCIAL engineering (Fraud), COMPUTER security

Abstract

The article discusses security measures that could prevent the threat of evolving cybercrime. Topics discussed include the growing reliance of cybercriminals on digital technology, hackers' use of social engineering attacks to provoke individuals to download viruses and disclose confidential information, and the emergence of micro-security solutions that are capable of identifying and countering cybercrime methodologies.

Published

2016

38. Board Level Security.

Author

Fitzmaurice, Andrew

Subjects

COMPUTER security, INFORMATION technology, INFORMATION storage & retrieval systems, INFORMATION sharing, INTELLECTUAL property, SOCIAL engineering (Fraud)

Abstract

When people hear cyber security they automatically think of IT. So when organisations hear the words cyber security breach there is often a tendency to leave it with the IT department, not only to deal with the breach but to ensure the breach doesn't happen again says Andrew Fitzmaurice, Chief Executive, Templar Executives. [ABSTRACT FROM AUTHOR]

Published

2013

39. UP CLOSE and PERSONAL.

Author

Judd, Elizabeth

Subjects

COMMUNITY banks, COMPUTER hacking, SOCIAL engineering (Fraud), MALWARE, COMPUTER security, SAFETY, MANAGEMENT

Abstract

The article focuses on data security in community banks and also mentions up-close and personal approach to computer hacking, which is termed as social engineering. Topics discussed include awareness regarding social engineering techniques in community banks, the need of risks assessment for data security and prevention of data from malware and establishment of policies and procedures to prevent social engineering attacks.

Published

2014

40. COMPUTER CRACKING: The case of Kevin Mitnick.

Author

Johnson, Laura

Subjects

COMPUTER hackers, SOCIAL engineering (Fraud), COMPUTER crimes, CONSULTING firm standards, SERVICE industries, COMPUTER security

Abstract

The article profiles Kevin Mitnick, the most notorious computer hackers in the U.S. It mentions that Mitnick uses what is known as "social engineering" to accomplish his crimes. He serves four and a half year in prison pre-trial before he agreed to plead guilty to wire and computer fraud. He owns Mitnick Security Consulting LLC, an information security consulting firm based in Henderson, Nevada. He suggests not following his footsteps, noting that there are definitely other roads or other opportunities that people can learn and educate themselves about hacking, security, and pen testing.

Published

2010

41. Rise in "social engineering" fraud - JLT.

Subjects

INFORMATION technology, COMPUTER security, SOCIAL engineering (Fraud), BUSINESS size, MALWARE

Abstract

The article informs that JLT has revealed that getting insured for so-called "social engineering" fraud exposure is becoming more difficult to achieve, regardless of business size or sector. It revealed that social engineering attacks can pierce Information Technology (IT) security by encouraging employees to download malware that will allow fraudsters insider access to IT systems.

Published

2017

42. Wake-up Call.

Author

SAVAGE, MARCIA

Subjects

COMPUTER security, SOCIAL engineering (Fraud), COMPUTER crimes, DATABASES

Abstract

The article focuses on the security breaches near the first half of 2011, which include social engineering attacks on Epsilon, Comodo and HBGary Federal. The author says that it seems the cat-and-mouse game continues for information security experts and cybercriminals despite the initiatives of businesses to better protect their databases with high-end security systems. She says that the best way to train people about security in the cyberworld can be done through hands-on demonstrations and education on better understanding of the e-mail's content.

Published

2011

43. These simple security threats may be lurking in your office right now.

Author

Poe, Emily

Subjects

COMPUTER security, COMPUTER hacking, SOCIAL engineering (Fraud), CAMERAS, SMARTPHONES

Abstract

The article discusses various security threats that could be lurking in organizations in the U.S. Topics covered include visual or in-person hacking, social engineering, and insider threats. Also mentioned is the use of smartglasses, cameras or smartphones to steal private information from a company.

Published

2014

44. Safeguarding your data.

Author

ENGLE, PAUL

Subjects

*COMPUTER network security, *COMPUTER security, *VIRTUAL private networks, *FIREWALLS (Computer security), *SOCIAL engineering (Fraud)

Abstract

The article focuses on protection of corporate networks data from accidental or unauthorized loss. It discusses approaches including restricting network access through two-factor authentication over a virtual private network, protections against social engineering and classification of data in terms of consequences of loss. It also examines strategies to further enhance security such as installation of firewalls, penetration tests and minimizing information collected from customers.

Published

2014

45. Twin Campaigns Compromise Websites to Infect Visitors.

Author

Lemos, Robert

Subjects

*MALWARE, *SOCIAL engineering (Fraud), *WEBSITES, *COMPUTER security

Abstract

The article reports on a malware campaign, GWLoad, that has compromised more than 40,000 Web pages in the past two weeks prior to October 30, 2013 using a malicious code that could infect visitors' computers with a program that poses as a media player, according to security firm Websense. It explains the use of social engineering to install the malware on a victim's computer. It also discusses the continued ransomware dissemination of the older malware campaign, the CookieBomb.

Published

2013

46. Lock up your mailbox.

Author

HOLMES, GORDON

Subjects

EMAIL security, PHISHING prevention, COMPUTER hackers, SOCIAL engineering (Fraud), COMPUTER passwords, COMPUTER security

Abstract

The author presents tips on how to keep e-mail accounts secure and protect them from hackers. Ways in which e-mail accounts are compromised include phishing or the use of key-logging malware. Hackers' use of social engineering, wherein they gather information on a target and use it to answer security questions in order to gain access to an e-mail account is mentioned. E-mail users are advised to make sure their passwords are strong enough and to restrict access to their Facebook pages.

Published

2013

47. Technolog.

Author

GRAHAM-SMITH, DARIEN

Subjects

SOCIAL engineering (Fraud), BLOGS, COMPUTER security

Abstract

The author feels embarrassed to be caught out by a phishing scam on Twitter when he is the author of the book "The Ultimate Guide to Internet Security." He admits the fact that no one is invulnerable to scams no matter what precautions are taken and he describes the scam as a classic social engineering attack. He cites the case of blogging site LiveJournal to show how its security model is being compromised and put at risk.

Published

2013

48. Carefully Examine Requests for Contact Information from "Social Engineers.".

Subjects

FRAUD, SOCIAL engineering (Fraud), COMPUTER security, BANK security, FINANCIAL institutions, INFORMATION technology

Abstract

The article discusses how fraudsters are finding ways to perform social engineering as a means to extract data from secure sources. An example of social engineering breach is explained, showing what could happen to cause a security breach at an institution. Things that may help a company's security efforts are noted.

Published

2012

49. 2 MINUTES ON… Privacy and the social network.

Author

Moscaritolo, Angela

Subjects

ONLINE social networks, COMPUTER security, CYBERTERRORISM, SOCIAL engineering (Fraud)

Abstract

The article discusses privacy issues facing social networking sites. Google's social networking platform, Buzz, faced criticisms during its launch because it automatically set users to follow the people they frequently e-mailed and chatted with. Other social networking sites often offer applications which they did not develop themselves. According to Randy Abrams of the Essential Security against Evolving Threats (ESET), information made public on these sites can make it easy for cybercriminals to perform social engineering attacks.

Published

2010

50. Social Engineering Risks.

Subjects

SOCIAL engineering (Fraud), COMPUTER hacking, COMPUTER crimes, COMPUTER security, DATA protection

Abstract

The article offers information on social engineering. It is defined as a different kind of hack which plays on human nature. Several information security experts including John Palumbo, an independent information technology security consultant and Colin Greenless, security and counter-fraud consultant at Siemens Enterprise Communications offer their views on social engineering. The author also cites a social engineering exercise conducted by Siemens at a large financial services firm.

Published

2009