Fraud and its PREY : conceptualising social engineering tactics and its impact on financial literacy outcomes

Financial literacy may not be as effective as previously thought in protecting against fraud victimisation. It does not inoculate investors from persuasion or social engineering tactics used by offenders to secure investment in fraudulent schemes. In fact, recent research indicates that overconfidence in investment knowledge may make individuals more susceptible to fraud. Using boiler room fraud as a case study, this article introduces the PREY (Profiled, Relational, Exploitable and Yielding) model to capture the psychological tactics used by fraud perpetrators to influence the thoughts and decision-making processes of individuals. The PREY model operationalizes the tenets of social engineering and demonstrates how such tactics could be re-engineered to increase the effectiveness of fraud prevention within the financial literacy context.

Social engineering in social networking sites : phase-based and source-based models

Social networking sites (SNSs), with their large numbers of users and large information base, seem to be perfect breeding grounds for exploiting the vulnerabilities of people, the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” While technology-based security has been addressed by research and may be well understood, social engineering is more challenging to understand and manage, especially in new environments such as SNSs, owing to some factors of SNSs that reduce the ability of users to detect the attack and increase the ability of attackers to launch it. This work will contribute to the knowledge of social engineering by presenting the first two conceptual models of social engineering attacks in SNSs. Phase-based and source-based models are presented, along with an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.

Social engineering in social networking sites : affect-based model

While social engineering represents a real and ominous threat to many organizations, companies, governments, and individuals, social networking sites (SNSs), have been identified as among the most common means of social engineering attacks. Owing to factors that reduce the ability of users to detect social engineering tricks and increase the ability of attackers to launch them, SNSs seem to be perfect breeding ground for exploiting the vulnerabilities of people, and the weakest link in security. This work will contribute to the knowledge of social engineering by identifying different entities and subentities that affect social engineering based attacks in SNSs. Moreover, this paper includes an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.

Toward understanding social engineering

There is no doubt that social engineering plays a vital role in compromising most security defenses, and in attacks on people, organizations, companies, or even governments. It is the art of deceiving and tricking people to reveal critical information or to perform an action that benefits the attacker in some way. Fraudulent and deceptive people have been using social engineering traps and tactics using information technology such as e-mails, social networks, web sites, and applications to trick victims into obeying them, accepting threats, and falling victim to various crimes and attacks such as phishing, sexual abuse, financial abuse, identity theft, impersonation, physical crime, and many other forms of attack. Although organizations, researchers, practitioners, and lawyers recognize the severe risk of social engineering-based threats, there is a severe lack of understanding and controlling of such threats. One side of the problem is perhaps the unclear concept of social engineering as well as the complexity of understand human behaviors in behaving toward, approaching, accepting, and failing to recognize threats or the deception behind them. The aim of this paper is to explain the definition of social engineering based on the related theories of the many related disciplines such as psychology, sociology, information technology, marketing, and behaviourism. We hope, by this work, to help researchers, practitioners, lawyers, and other decision makers to get a fuller picture of social engineering and, therefore, to open new directions of collaboration toward detecting and controlling it.

Social engineering in social networking sites : how good becomes evil

Social Engineering (ES) is now considered the great security threat to people and organizations. Ever since the existence of human beings, fraudulent and deceptive people have used social engineering tricks and tactics to trick victims into obeying them. There are a number of social engineering techniques that are used in information technology to compromise security defences and attack people or organizations such as phishing, identity theft, spamming, impersonation, and spaying. Recently, researchers have suggested that social networking sites (SNSs) are the most common source and best breeding grounds for exploiting the vulnerabilities of people and launching a variety of social engineering based attacks. However, the literature shows a lack of information about what types of social engineering threats exist on SNSs. This study is part of a project that attempts to predict a persons’ vulnerability to SE based on demographic factors. In this paper, we demonstrate the different types of social engineering based attacks that exist on SNSs, the purposes of these attacks, reasons why people fell (or did not fall) for these attacks, based on users’ opinions. A qualitative questionnaire-based survey was conducted to collect and analyse people’s experiences with social engineering tricks, deceptions, or attacks on SNSs.

Social engineering in social networking sites : the art of impersonation

Social networking sites (SNSs), with their large number of users and large information base, seem to be the perfect breeding ground for exploiting the vulnerabilities of people, who are considered the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” Fraudulent and deceptive people use social engineering traps and tactics through SNSs to trick users into obeying them, accepting threats, and falling victim to various crimes such as phishing, sexual abuse, financial abuse, identity theft, and physical crime. Although organizations, researchers, and practitioners recognize the serious risks of social engineering, there is a severe lack of understanding and control of such threats. This may be partly due to the complexity of human behaviors in approaching, accepting, and failing to recognize social engineering tricks. This research aims to investigate the impact of source characteristics on users’ susceptibility to social engineering victimization in SNSs, particularly Facebook. Using grounded theory method, we develop a model that explains what and how source characteristics influence Facebook users to judge the attacker as credible.

Susceptibility to social engineering in social networking sites: The case of Facebook

Past research has suggested that social engineering poses the most significant security risk. Recent studies have suggested that social networking sites (SNSs) are the most common source of social engineering attacks. The risk of social engineering attacks in SNSs is associated with the difficulty of making accurate judgments regarding source credibility in the virtual environment of SNSs. In this paper, we quantitatively investigate source credibility dimensions in terms of social engineering on Facebook, as well as the source characteristics that influence Facebook users to judge an attacker as credible, therefore making them susceptible to victimization. Moreover, in order to predict users’ susceptibility to social engineering victimization based on their demographics, we investigate the effectiveness of source characteristics on different demographic groups by measuring the consent intentions and behavior responses of users to social engineering requests using a role-play experiment.

Measuring source credibility of social engineering attackers on Facebook

Past research has suggested that social networking sites are the most common source for social engineering-based attacks. Persuasion research shows that people are more likely to obey and accept a message when the source’s presentation appears to be credible. However, many factors can impact the perceived credibility of a source, depending on its type and the characteristics of the environment. Our previous research showed that there are four dimensions of source credibility in terms of social engineering on Facebook: perceived sincerity, perceived competence, perceived attraction, and perceived worthiness. Because the dimensionalities of source credibility as well as their measurement scales can fluctuate from one type of source to another and from one type of context to another, our aim in this study includes validating the existence of those four dimensions toward the credibility of social engineering attackers on Facebook and developing a valid measurement scale for every dimension of them.

The social and political underpinnings of the inclusive education movement

In this chapter we look at inclusive education as part of a number of wider social movements for social justice. Inclusive education is thus understood as a transformation of education systems, rather than simply the addition of new groups of students to schools, or the development of new techniques (Slee, 2006). We illustrate the ways movements for social change can occur at many levels. Resistance to social change also occurs at many levels. Movements for social justice often include a goal of changing what happens in education. This is because education is often seen as one of the important social institutions that can reinforce the status quo. Education is also seen as an important means of changing the status quo, giving more people access to a more meaningful education. It’s not uncommon to hear various political parties criticising each other’s educational policies as ‘social engineering.’ Movements for social justice in education understand that education has always been about social engineering. The questions of interest are thus: Social engineering for what?; Who benefits; and At whose expense?

Cyber crime and its implications to the Pacific

Introduction Cybercrime consists of any criminal action or behaviour that is committed through the use of Information Technology. Common examples of such activities include cyber hacking, identity theft, cracking, spamming, social engineering, data tampering, online fraud, programming attacks, etc. The pervasive use of the internet clearly indicates that the impacts of cybercrime is far reaching and any one, may it be a person or an entity can be a victim of cybercriminal activities. Recently in the US, eight members of a global cybercrime ring were charged in one of the biggest ever bank heists. The cybercrime gang allegedly stole US$45 million by hacking into credit card processing firms and withdrawing money from ATMs in 27 countries (Jessica et al. 2013). An extreme example, the above case highlights how IT is changing the way crimes are being committed. No longer do criminals use masks, guns and get-a-way cars, criminals are able to commit crimes in the comfort of their homes, millions of miles from the scene of the crime and can access significant sums of money that can financially cripple organisations. The world is taking notice of this growing threat and organisations in the Pacific must also be proactive in tackling this emerging issue.

The hunt

"Information Thru Play: In 2010, responding to the success of The Threshold, Juxt Interactive again asked No Mimes Media, to partner in creating a transmedia experience to entertain and inform Cisco's Global Sales Force. The Hunt put employees at the center of a thriller where characters sent and responded to their emails, left phone messages, communicated through Facebook and Twitter, even asked them to retrieve items from a dead drop and to send them photographs and information. And while helping fictional characters Isabel and Keith escape an ancient secret organization, the sales force also learned about new Cisco technologies coming to market. Cisco had new demands for the 2010 experience. A geographically and culturally dispersed sales force raises challenges when it comes to introducing dozens of new products and technologies each year. Cisco wanted The Hunt to have global reach, to educate, to build collaboration, and to be fun. This demanded new ways of storytelling and new ways of thinking. The Hunt was quick and intense, unfolding in real time in just two weeks. Many experienced players were poised to participate and expectations were high. Many of the mechanics of the previous year's experience were repeated, and the audience ripped through the opening, discovering video clips and websites in minutes. The surprise was discovering Facebook and Twitter accounts, where characters responded to player postings and comments in real time. The Hunt involved audience members from countries around the world, including China, India, Netherlands, Germany, Norway, Pakistan, Japan, the United Kingdom, and the United States. It highlighted new Cisco technologies like Pulse and Mediator, painlessly engaging the audience in what those technologies do and how they work. Players collaborated across silos, creating networks of cross-disciplinary experts. The Hunt pushed the boundaries of storytelling, with events unfolding on Twitter and Facebook, and in the real world where the audience had to use social engineering to find and secure a package with vital information. With thousands of players highly engaged around the world, The Hunt once again proved that transmedia experiences can effectively be used to not only meet the goals of a brand, but entertain their audience as well."

Love hurts: The costly reality of online romance fraud

Online dating and romance scams continue to lure in Australians with figures this week showing people have lost more than A$23 million this year alone, with average individual losses at A$21,000 – three times higher than other types of fraud. The Australian Competition and Consumer Commission (ACCC) set up the Scam Disruption Project in August to help target those it believes have been caught in such scams. Over three months it sent 1,500 letters to potential victims in New South Wales and the Australian Capital Territory. The figures released this week show that 50 people have been scammed, losing a total A$1.7 million – that’s an average of A$34,000 per victim. Almost three quarters of the scams were dating and romance related, which saw it evolve into the number one category of fraud victimisation. Romance scams continue to pose a problem – despite the efforts of the police and ACCC – so why is it that people continue to fall for them?

Dancing into the second phase of creative industries

As we enter the second phase of creative industries there is a shift away from the early 1990s ideology of the arts as a creative content provider for the wealth generating ‘knowledge’ economy to an expanded rhetoric encompassing ‘cultural capital’ and its symbolic value. A renewed focus on culture is examined through a regional scan of creative industries in which social engineering of the arts occurs through policy imperatives driven by ‘profit oriented conceptualisations of culture’ (Hornidge 2011, p. 263) In the push for artists to become ‘culturpreneurs’ a trend has emerged where demand for ‘embedded creatives’ (Cunningham 2013) sees an exodus from arts-based employment through use of transferable skills into areas outside the arts. For those that stay, within the performing arts in particular, employment remains project-based, sporadic, underpaid, self-initiated and often self-financed, requiring adaptive career paths. Artist entrepreneurs must balance creation and performance of their art with increasing amounts of time spent on branding, compliance, fundraising and the logistical and commercial requirements of operating in a CI paradigm. The artists’ key challenge thus becomes one of aligning core creative and aesthetic values with market and business considerations. There is also the perceived threat posed by the ‘prosumer’ phenomenon (Bruns 2008), in which digital on-line products are created and produced by those formerly seen as consumers of art or audiences for art. Despite negative aspects to this scenario, a recent study (Steiner & Schneider 2013) reveals that artists are happier and more satisfied than other workers within and outside the creative industries. A lively hybridisation of creative practice is occurring through mobile and interactive technologies with dynamic connections to social media. Continued growth in arts festivals attracts participation in international and transdisciplinary collaborations, whilst cross-sectoral partnerships provide artists with opportunities beyond a socio-cultural setting into business, health, science and education. This is occurring alongside a renewed engagement with place through the rise of cultural precincts in ‘creative cities’ (Florida 2008, Landry 2000), providing revitalised spaces for artists to gather and work. Finally, a reconsideration of the specialist attributes and transferable skills that artists bring to the creative industries suggests ways to dance through both the challenges and opportunities occasioned by the current complexities of arts’ practices.

Using social media to facilitate knowledge transfer in complex engineering environments : a primer for educators

While highly cohesive groups are potentially advantageous they are also often correlated with the emergence of knowledge and information silos based around those same functional or occupational clusters. Consequently, an essential challenge for engineering organisations wishing to overcome informational silos is to implement mechanisms that facilitate, encourage and sustain interactions between otherwise disconnected groups. This paper acts as a primer for those seeking to gain an understanding of the design, functionality and utility of a suite of software tools generically termed social media technologies in the context of optimising the management of tacit engineering knowledge. Underpinned by knowledge management theory and using detailed case examples, this paper explores how social media technologies achieve such goals, allowing for the transfer of knowledge by tapping into the tacit and explicit knowledge of disparate groups in complex engineering environments.

Engineering social awareness in work environments

A growing interest is seen for designing intelligent environments that support personally meaningful, sociable and rich everyday experiences. In this paper we describe an intelligent, large screen display called Panorama that is aimed at supporting and enhancing social awareness within an academic work environment. Panorama is not intended to provide instrumental or other productivity related information. Rather, the goal of Panorama is to enhance social awareness by providing interpersonal and rich information related to co-workers and their everyday interactions in the department. A two-phase assessment of Panorama showed to promote curiosity and interest in exploring different activities in the environment.