Social Engineering

Aspectual Human Performance Variability in Social Engineering Attacks

Abstract:

Most of the influence and persuasion techniques used in social engineering have been documented across many domains, including cybersecurity, and have been shown to rely on similar effect mechanisms used in areas such as marketing, scams, and street cons. This paper shows that, while these attacks are explained in terms of the social and psychological effect mechanisms, the aspectual lens provides a more nuanced understanding of human performance variability implicated in social engineering. The aspectual lens provides a comprehensive analytical and ontological framing, and hints at aspectually informed measures for mitigating social engineering attacks and dampening the said human performance variability.

An Assessment of End-user Vulnerability to Phishing Attacks

ABSTRACT

Phishing has grown to become a significant threat to unsuspecting Internet users. This paper investigates user susceptibility to such attacks by assessing the degree to which they can differentiate between phishing messages and those that are genuine. A web-based survey was used to present a mix of 20 legitimate and illegitimate emails, and participants were asked to classify them and explain the rationale for their decisions. A total of 179 participants were involved in the study, and results reveal that they were 36% successful in identifying legitimate emails and 45% successful in spotting illegitimate ones.  Additionally, in many cases, the participants who identified illegitimate emails correctly could not provide convincing reasons for their selections.  

Hacking the Human: Countering the Socially Engineered Attack

ABSTRACT

The security model developed here suggests that a focus on systemic changes to an organisation’s processes can produce improved security.  This model of security is novel in that it is designed to ease reliance on the human within the system, therefore reducing the likelihood and impact of social engineering attacks. It highlights the layer of human protection and the systemic protection that can be placed around information. This layered approach to security is original in that it is applied in a social engineering context. The model is then used to map the attacks and their respective countermeasures. 

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com