Survey of Non-malicious User Actions that Introduce Network and System Vulnerabilities and Exploits

Robles, Anibal; Norris, Jarrod; Watson, Stacey; Browne, Aidan F.

doi:10.1109/secon.2018.8478938

Cited by 4 publications

(3 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, research studies have shown that these abilities are essential for SE and an attempt to minimize possible cyber-attacks. 15,16 It is an increasingly recognized fact that academics and enterprises are facing severe threats from SE attacks. It is now necessary that organizations train and educate the end-consumers so that the SE threat can be minimized.…”

Section: Literature Reviewmentioning

confidence: 99%

“…17 In order to counter SE attacks, it will be helpful If one can reproduce the attacker's actions in a controlled environment; it not only constructs an environment where a participant can experiment and learn without the fear of any loss but also enable him/her to identify any threats early, eventually mitigating the chances of successful cyber attacks. 4,11,16 Researchers discussed that individuals and organizations are vulnerable to SE attacks. 4,12,18,19 We believe that there is a particular need for in-depth scenario gathering and analyzing of real life SE attacks.…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Understanding and deciphering of social engineering attack scenarios

Yasin

Fatima

Lin

et al. 2021

Security and Privacy

View full text Add to dashboard Cite

Malicious scammers and social engineers are causing great harms to modern society, as they have led to the loss of data, information, money, and many more for individuals and companies. Knowledge about social engineering (SE) is wide-spread and it exits in non-academic papers and communication channels. Knowledge is mostly based on expert opinion and experience reports. Such knowledge, if articulated, can provide a valid source of knowledge and information. We performed the analysis of such sources, guided by academic principles around SE, and solicit existing SE scenarios from public awareness education materials, news stories, research literature, official advisories to public departments. We adopted grounded theory to extract the general knowledge behind SE, such as, attacking cycles, information gathering strategies, psychological principles, attack vectors, and so on. In this article, we aim to review and synthesize a body of knowledge (rationale and motivation of social engineers). The study aims to: (a) understand the rationale of social engineers; (b) capture the knowledge of SE attacks and extract important information from the sources;(c) propose an activity for counteracting SE attacks, and how it can be used in security education.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Literature Reviewmentioning

confidence: 99%

Understanding and deciphering of social engineering attack scenarios

Yasin

Fatima

Lin

et al. 2021

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…To date, research has focused on the structure of SE attacks scenarios [13], the emotional experience of SE victims [14], the behavior of victims of SE attacks [15], education and awareness of SE attack scenarios [16], and performance of automatic detection of spams on social networks [9] and focusing on a specific platform. Additionally, studies have shown that training people on new attacking methods than only focusing on technical and sophisticated security mechanisms can minimize possibilities of SE attacks [17,18]. Thus, the degree of awareness varies between organizations and professions.…”

Section: Introductionmentioning

confidence: 99%

Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study

2021

View full text Add to dashboard Cite

The advent of mobile technologies and social network applications has led to an increase in malicious scams and social engineering (SE) attacks which are causing loss of money and breaches of personal information. Understanding how SE attacks spread can provide useful information in curbing them. Artificial Intelligence (AI) has demonstrated efficacy in detecting SE attacks, but the acceptability of such a detection approach is yet to be investigated across users with different levels of SE awareness. This paper conducted two studies: (1) exploratory study where qualitative data were collected from 20 victims of SE attacks to inform the development of an AI-based tool for detecting fraudulent messages; and (2) a user testing study with 48 participants with different occupations to determine the detection tool acceptability. Overall, six major themes emerged from the victims’ actions “experiences: reasons for falling for attacks; attack methods; advice on preventing attacks; detection methods; attack context and victims”. The user testing study showed that the AI-based tool was accepted by all users irrespective of their occupation. The categories of users’ occupations can be attributed to the level of SE awareness. Information security awareness should not be limited to organizational levels but extend to social media platforms as public information.

show abstract

A novel tamper detection watermarking approach for improving image integrity

AlShaikh

2022

Multimed Tools Appl

View full text Add to dashboard Cite

Survey of Non-malicious User Actions that Introduce Network and System Vulnerabilities and Exploits

Cited by 4 publications

References 5 publications

Understanding and deciphering of social engineering attack scenarios

Understanding and deciphering of social engineering attack scenarios

Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study

A novel tamper detection watermarking approach for improving image integrity

Contact Info

Product

Resources

About