2017
DOI: 10.1016/j.cose.2016.09.009
|View full text |Cite
|
Sign up to set email alerts
|

Mind your SMSes: Mitigating social engineering in second factor authentication

Abstract: SMS-based second factor authentication is a cornerstone for many service providers, ranging from email service providers and social networks to financial institutions and online marketplaces. Attackers have not been slow to capitalize on the vulnerabilities of this mechanism by using social engineering techniques to coerce users to forward authentication codes. We demonstrate one social engineering attack for which we experimentally obtained a 50% success rate against Google's SMS-based authentication. At the … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
18
0

Year Published

2019
2019
2021
2021

Publication Types

Select...
4
2

Relationship

0
6

Authors

Journals

citations
Cited by 35 publications
(18 citation statements)
references
References 22 publications
0
18
0
Order By: Relevance
“…This factor of social proof is misused by the social engineers to attain the desired goal Commitment 8,10,14,23 If people agree, to an intention or aim, they are most likely to complete that commitment as people think by not fulfilling this will affect on the self-image Reciprocation 10,14,23,24 Generally, people return a favor. This type of human factor is manipulated when some inside social engineer needs some crucial information Human need and greed 5,10,28 People are vulnerable to what they need and greed. Social engineers carefully access their dreams, needs, and greed and use that information to achieve the target Friendship 8,24 People tend to perform particular action or favor if his/her friend or relative requests that.…”
Section: Human Factors References Explanationmentioning
confidence: 99%
See 3 more Smart Citations
“…This factor of social proof is misused by the social engineers to attain the desired goal Commitment 8,10,14,23 If people agree, to an intention or aim, they are most likely to complete that commitment as people think by not fulfilling this will affect on the self-image Reciprocation 10,14,23,24 Generally, people return a favor. This type of human factor is manipulated when some inside social engineer needs some crucial information Human need and greed 5,10,28 People are vulnerable to what they need and greed. Social engineers carefully access their dreams, needs, and greed and use that information to achieve the target Friendship 8,24 People tend to perform particular action or favor if his/her friend or relative requests that.…”
Section: Human Factors References Explanationmentioning
confidence: 99%
“…While the victim is distracted, the social engineer can gather information what they want. For example, spilling a glass of water and make victim move out of a room Curiosity 4,5,15 Human by nature is curious. Social engineers misuse this human ability of curiosity in many ways, some of them are by sending phished emails or infected files with a curious title.…”
Section: Human Factors References Explanationmentioning
confidence: 99%
See 2 more Smart Citations
“…Users must have access to a registered smartphone in addition to the typical user ID and password information for logging into an online service that uses OTPs. SMS is used by many banks, online stores, and social networks [36] for sending OTPs. However, in some cases, the way these methods are implemented does not protect against phishing and man-in-the-middle (MITM) attacks.…”
Section: One-time Passwordsmentioning
confidence: 99%