Objectives The aim of the current study is to explore to what extent an intervention reduces the effects of social engineering (e.g., the obtaining of access via persuasion) in an office environment. In particular, we study the effect of authority during a 'social engineering' attack. Methods Thirty-one different 'offenders' visited the offices of 118 employees and on the basis of a script, asked them to hand over their office keys. Authority, one of the six principles of persuasion, was used by half of the offenders to persuade a target to comply with his/her request. Prior to the visit, an intervention was randomly administered to half of the targets to increase their resilience against attempts by others to obtain their credentials. Results A total of 37.0 % of the employees who were exposed to the intervention surrendered their keys while 62.5 % of those who were not exposed to it handed them over. The intervention has a significant effect on compliance but the same was not the case for authority.Conclusions Awareness-raising about the dangers, characteristics, and countermeasures associated with social engineering proved to have a significant positive effect on neutralizing the attacker.
This article examines how residential property and its surroundings influence day-and night-time residential burglary. Crime Prevention Through Environmental Design (CPTED) principles of territoriality, surveillance, access control, target hardening, image maintenance, and activity support underpin the study. Data were collected by observing 851 houses in the city of Enschede, half of which were burgled and half representing a random selection of houses not burgled. Multilevel multinomial regression models were estimated for predicting day-and night-time burglaries. The findings show that territoriality and access control predict daytime burglary while access control and target hardening predict night-time burglary. The analysis controls for offender availability, target attractiveness, and residential stability. The conclusion is that two separate burglary prevention frameworks are needed: one for day-and another one for night-time burglary.
Purpose
The purpose of this study is to explore how the opening phrase of a phishing email influences the action taken by the recipient.
Design/methodology/approach
Two types of phishing emails were sent to 593 employees, who were asked to provide personally identifiable information (PII). A personalised spear phishing email opening was randomly used in half of the emails.
Findings
Nineteen per cent of the employees provided their PII in a general phishing email, compared to 29 per cent in the spear phishing condition. Employees having a high power distance cultural background were more likely to provide their PII, compared to those with a low one. There was no effect of age on providing the PII requested when the recipient’s years of service within the organisation is taken into account.
Practical implications
This research shows that success is higher when the opening sentence of a phishing email is personalised. The resulting model explains victimisation by phishing emails well, and it would allow practitioners to focus awareness campaigns to maximise their effect.
Originality/value
The innovative aspect relates to explaining spear phishing using four socio-demographic variables.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.