Lorena Montoya scite author profile

Objectives The aim of the current study is to explore to what extent an intervention reduces the effects of social engineering (e.g., the obtaining of access via persuasion) in an office environment. In particular, we study the effect of authority during a 'social engineering' attack. Methods Thirty-one different 'offenders' visited the offices of 118 employees and on the basis of a script, asked them to hand over their office keys. Authority, one of the six principles of persuasion, was used by half of the offenders to persuade a target to comply with his/her request. Prior to the visit, an intervention was randomly administered to half of the targets to increase their resilience against attempts by others to obtain their credentials. Results A total of 37.0 % of the employees who were exposed to the intervention surrendered their keys while 62.5 % of those who were not exposed to it handed them over. The intervention has a significant effect on compliance but the same was not the case for authority.Conclusions Awareness-raising about the dangers, characteristics, and countermeasures associated with social engineering proved to have a significant positive effect on neutralizing the attacker.

show abstract

Geo-data acquisition through mobile GIS and digital video: an urban disaster management perspective☆

Montoya¹

2003

Environmental Modelling & Software

View full text Add to dashboard Cite

The Relation Between Residential Property and Its Surroundings and Day- and Night-Time Residential Burglary

Montoya

Junger

Ongena

2014

Environment and Behavior

View full text Add to dashboard Cite

This article examines how residential property and its surroundings influence day-and night-time residential burglary. Crime Prevention Through Environmental Design (CPTED) principles of territoriality, surveillance, access control, target hardening, image maintenance, and activity support underpin the study. Data were collected by observing 851 houses in the city of Enschede, half of which were burgled and half representing a random selection of houses not burgled. Multilevel multinomial regression models were estimated for predicting day-and night-time burglaries. The findings show that territoriality and access control predict daytime burglary while access control and target hardening predict night-time burglary. The analysis controls for offender availability, target attractiveness, and residential stability. The conclusion is that two separate burglary prevention frameworks are needed: one for day-and another one for night-time burglary.

show abstract

Spear phishing in organisations explained

Bullee

Montoya

Junger

et al. 2017

ICS

View full text Add to dashboard Cite

Purpose The purpose of this study is to explore how the opening phrase of a phishing email influences the action taken by the recipient. Design/methodology/approach Two types of phishing emails were sent to 593 employees, who were asked to provide personally identifiable information (PII). A personalised spear phishing email opening was randomly used in half of the emails. Findings Nineteen per cent of the employees provided their PII in a general phishing email, compared to 29 per cent in the spear phishing condition. Employees having a high power distance cultural background were more likely to provide their PII, compared to those with a low one. There was no effect of age on providing the PII requested when the recipient’s years of service within the organisation is taken into account. Practical implications This research shows that success is higher when the opening sentence of a phishing email is personalised. The resulting model explains victimisation by phishing emails well, and it would allow practitioners to focus awareness campaigns to maximise their effect. Originality/value The innovative aspect relates to explaining spear phishing using four socio-demographic variables.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Lorena Montoya

Priming and warnings are not effective to prevent social engineering attacks

The persuasion and security awareness experiment: reducing the success of social engineering attacks

Geo-data acquisition through mobile GIS and digital video: an urban disaster management perspective☆

The Relation Between Residential Property and Its Surroundings and Day- and Night-Time Residential Burglary

Spear phishing in organisations explained

Contact Info

Product

Resources

About