The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems

“…Human factors have been mentioned to be the greatest risk and as such require the most focus. Much research has been placed either on education, training and awareness [14], [16], [21], [26] or technical controls. Although each HOT dimension has its own weaknesses or vulnerabilities, as all encompass some human involvement, education can close the gap between all the dimensions (e.g.…”

“…According to Orgill [21], social engineering attacks usually entail two facets namely: the physical aspect (e.g. workplace, online) and the psychological aspect or a combination using both aspects to gain desired information.…”

“…This is also evident in anti-phishing literature as most research focused on technical solutions such as: developing browser toolbars/plug-ins [23] preventative measures, characteristics and email structure [6], [20], [22], algorithms for detecting, identifying and measuring phishing emails and sites [8], [11], [32] and evaluating the effectiveness of web browser toolbar warnings/indicators [4], [7], [12], [31]. Many employees cannot identify the difference between a genuine and a spoofed website [4], [21]. Furthermore, many users are too preoccupied with their primary work duties that they hardly remember to pay attention for web browser security indicators [19].…”

An Enterprise Anti-phishing Framework

“…Human factors have been mentioned to be the greatest risk and as such require the most focus. Much research has been placed either on education, training and awareness [14], [16], [21], [26] or technical controls. Although each HOT dimension has its own weaknesses or vulnerabilities, as all encompass some human involvement, education can close the gap between all the dimensions (e.g.…”

“…According to Orgill [21], social engineering attacks usually entail two facets namely: the physical aspect (e.g. workplace, online) and the psychological aspect or a combination using both aspects to gain desired information.…”

“…This is also evident in anti-phishing literature as most research focused on technical solutions such as: developing browser toolbars/plug-ins [23] preventative measures, characteristics and email structure [6], [20], [22], algorithms for detecting, identifying and measuring phishing emails and sites [8], [11], [32] and evaluating the effectiveness of web browser toolbar warnings/indicators [4], [7], [12], [31]. Many employees cannot identify the difference between a genuine and a spoofed website [4], [21]. Furthermore, many users are too preoccupied with their primary work duties that they hardly remember to pay attention for web browser security indicators [19].…”

An Enterprise Anti-phishing Framework

“…The information that will be gathered can be any available personal or organizational information, such as name, age, work, position, interests, hobbies, address, banks the victims deals with, friends the victim trusts, or even the car a victim dreams to have. Some of the information available might not be useful by its own; however, it can be used by a social engineer to gain more information that is valuable [23].…”

“…Zimbardo (2007), explains that the level of familiarization with problems is different in different people; some believe that a predicament is more relevant to them, while others are not concerned with the same affliction [68]. The extent of activity in this behavior varies depending on the feelings a person attaches to a predicament and the amount of loss that may be incurred in the case that an attack occurs [23]. The knowledge of constraints shows the degree to which people consider their mannerisms to be restrained by issues that are uncontrollable.…”

Social engineering in social networking sites: Affect-based model

Social Engineering