Understanding and deciphering of social engineering attack scenarios

Yasin, Affan; Fatima, Rubia; Lin, Liu; Wang, Jianmin; Ali, Raian; Wei, Ziqi

doi:10.1002/spy2.161

Cited by 9 publications

(20 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Using social engineering knowledge to improve requirements engineering : Through our research studies on social engineering and phishing attacks, 31 which are related to information security, we are able to extract valuable insight and knowledge. From the knowledge gained from previous research study, 32,33 we found that social engineers are excellent elicitors of target victim information requirements. For better understanding, social engineers can be seen as a detective piecing together clues to a crime.…”

Section: Design Rationale and Explanation Of The Proposed Activitymentioning

confidence: 86%

“…In general, persuasion seeks to influence an audience's perception or behavior with the intent of achieving a specific result." 34 In this research study, we have utilized different persuasion techniques in the design of the activity such as (i) time pressure, 33 (ii) trust, 35 and (iii) curiosity. 36 One of the benefits of implementing time pressure in the activity design is that the players can face time pressure thereby increasing the chances of making mistakes and will be helpful in getting or deciding the winner.…”

Section: Design Rationale and Explanation Of The Proposed Activitymentioning

confidence: 99%

“…Persuasion can be defined as follows: “Influencing someone's beliefs, attitudes, or behaviors to get them to act or think in a certain way is persuasion. In general, persuasion seeks to influence an audience's perception or behavior with the intent of achieving a specific result.” 34 In this research study, we have utilized different persuasion techniques in the design of the activity such as (i) time pressure, 33 (ii) trust, 35 and (iii) curiosity 36 …”

Section: Design Rationale and Explanation Of The Proposed Activitymentioning

confidence: 99%

See 2 more Smart Citations

Gamifying requirements: An empirical analysis of game‐based technique for novices

Yasin,

Fatima,

JiangBin

et al. 2023

J Software Evolu Process

Self Cite

View full text Add to dashboard Cite

Requirements elicitation is a process that involves gathering requirements for a given project. Several studies have been published suggesting strategies to improve the requirements gathering process. Using game‐based and crowd‐based approaches, researchers are extracting requirements that are useful for product development today. This study follows the same line of research. This research study aims to improve the understanding of the requirements gathering process by novices or students through different activities: (I) knowledge of requirements gathering method and (II) techniques or activities viable for software requirements (education). Important methods used to address the above objectives are as follows: (I) a comprehensive review of the literature to understand requirements gathering; (II) designing an activity to embed RE challenges and RE sub‐activities; and (III) experiment, survey, and observation to collect data and to assess the proposed methods' effectiveness. The suggested activity for requirement gathering is based on the game tic‐tac‐toe. The participants suggest that the design of the activity is helpful in brainstorming and is also valuable for identifying requirements; moreover, a post questionnaire has been designed to determine the learning of the participants regarding the proposed activity. We can observe simply from the coefficients that both skills and challenges (as perceived by the participants) have positive impacts on engagement, immersion, and perceived learning. The proposed activity helps novices or students gain (basic) knowledge of the requirements gathering process/technique; the outlined activity can be a way of learning requirements and gathering knowledge (basic). From this study, we conclude that the proposed activity has positive results and is helpful for participants to get a better understanding of the requirements engineering method(s).

show abstract

Section: Design Rationale and Explanation Of The Proposed Activitymentioning

confidence: 86%

Section: Design Rationale and Explanation Of The Proposed Activitymentioning

confidence: 99%

Section: Design Rationale and Explanation Of The Proposed Activitymentioning

confidence: 99%

See 1 more Smart Citation

Gamifying requirements: An empirical analysis of game‐based technique for novices

Yasin,

Fatima,

JiangBin

et al. 2023

J Software Evolu Process

Self Cite

View full text Add to dashboard Cite

show abstract

“…Complicating the thinking process [67][68][69] Language plays an integral role in the thought process for social interaction. This reliance can create an opportunity to invoke 'thinking confusion' through language.…”

Section: Sub-domains Of Language/reasoning Descriptionmentioning

confidence: 99%

A Study on the Psychology of Social Engineering-Based Cyberattacks and Existing Countermeasures

2022

View full text Add to dashboard Cite

As cybersecurity strategies become more robust and challenging, cybercriminals are mutating cyberattacks to be more evasive. Recent studies have highlighted the use of social engineering by criminals to exploit the human factor in an organization’s security architecture. Social engineering attacks exploit specific human attributes and psychology to bypass technical security measures for malicious acts. Social engineering is becoming a pervasive approach used for compromising individuals and organizations (is relatively more convenient to compromise a human compared to discovering a vulnerability in the security system). Social engineering-based cyberattacks are extremely difficult to counter as they do not follow specific patterns or approaches for conducting an attack, making them highly effective, efficient, easy, and obscure approaches for compromising any organization. To counter such attacks, a better understanding of the attack tactics is highly essential. Hence, this paper provides an in-depth analysis of the approaches used to conduct social engineering-based cyberattacks. This study discusses human vulnerabilities employed by criminals in recent security breaches. Further, the paper highlights the existing approaches, including machine learning-based methods, to counter social engineering-based cyberattacks.

show abstract

“…Yasin et al 16 postulated a Social engineering analysis framework which may be applied in higher education in mitigating social engineering attacks. The framework is composed of social role analysis which examined who is the victim in the attack and the social expectation.…”

Section: Nature Of Software Engineering Attacksmentioning

confidence: 99%

Enhanced social engineering framework mitigating against social engineering attacks in higher education

Matyokurehwa

Rudhumbu

Gombiro

et al. 2022

Security and Privacy

View full text Add to dashboard Cite

The purpose of this paper was to develop and validate an enhanced social engineering framework to mitigate against social engineering attacks. The study formulated a theoretical framework which was informed by the strengths and weaknesses of existing social engineering frameworks, the framework was also guided by the Dhillon's balanced control theory. The theoretical framework was validated by experts using the Delphi technique which comprised of three rounds. A sample of 25 experts from three higher education institutions which met the inclusion criteria were selected. The study was guided by the interpretivism philosophy to get a deep understanding of the phenomenon under study. The findings reveal that social engineering awareness, organizational security policy and Internet of Things (IOT) security succor in reducing social engineering attacks. The findings from this study will be utilized by decision makers in higher education sector to come up with engaging social engineering training programs, set up an organizational security policy and preclude IOT attacks to mitigate social engineering attacks in higher education. The study contributes to the field of social engineering with an enhanced social engineering framework that mitigate against social engineering attacks. The study adds to under-represented social engineering framework in higher education.

show abstract

Understanding and deciphering of social engineering attack scenarios

Cited by 9 publications

References 32 publications

Gamifying requirements: An empirical analysis of game‐based technique for novices

Gamifying requirements: An empirical analysis of game‐based technique for novices

A Study on the Psychology of Social Engineering-Based Cyberattacks and Existing Countermeasures

Enhanced social engineering framework mitigating against social engineering attacks in higher education

Contact Info

Product

Resources

About