161 resultados para phishing emails
Resumo:
This paper is a work in progress that examines current consumer engagement with eHealth information through Smartphones or tablets. We focus on three activity types: seeking, posting and ‘other’ engagement activity and compare two age groups, 25-40s and over 40-55s. Findings show that around 30% of the younger age group is engaging with Government and other Health providers’ websites, receiving eHealth emails, and reading other people’s comments about health related issues in online discussion groups/websites/blog. Approximately 20% engage with Government and other Health providers’ social media and watch or listen to audio or video podcasts. For the older age group, their most active engagement with eHealth information is in the seeking category through Government or other health websites (approximately 15%), and less than 10% for social media sites. Their posting activity is less than 5%. Other activities show that less than 15% of the older age group engages through receiving emails and reading blogs, less than 10% watch or listen to podcasts, and their online consulting activity is less than 7%. We note that scores are low for both groups in terms of engaging with eHealth information through Twitter.
Resumo:
The QUT Outdoor Worker Sun Protection (OWSP) project undertook a comprehensive applied health promotion project to demonstrate the effectiveness of sun protection measures which influence high risk outdoor workers in Queensland to adopt sun safe behaviours. The three year project (2010-2013) was driven by two key concepts: 1) The hierarchy of control, which is used to address risks in the workplace, advocates for six control measures that need to be considered in order of priority (refer to Section 3.4.2); and 2) the Ottawa Charter which recommends five action means to achieve health promotion (refer to Section 2.1). The project framework was underpinned by a participatory action research approach that valued peoples’ input, took advantage of existing skills and resources, and stimulated innovation (refer to Section 4.2). Fourteen workplaces (small and large) with a majority outdoor workforce were recruited across regional Queensland (Darling Downs, Northwest, Mackay and Cairns) from four industries types: 1) building and construction, 2) rural and farming, 3) local government, and 4) public sector. A workplace champion was identified at each workplace and was supported (through resource provision, regular contact and site visits) over a 14 to 18 month intervention period to make sun safety a priority in their workplace. Employees and employers were independently assessed for pre- and postintervention sun protection behaviours. As part of the intervention, an individualised sun safety action plan was developed in conjunction with each workplace to guide changes across six key strategy areas including: 1) Policy (e.g., adopt sun safety practices during all company events); 2) Structural and environmental (e.g., shade on worksites; eliminate or minimise reflective surfaces); 3) Personal protective equipment (PPE) (e.g., trial different types of sunscreens, or wide-brimmed hats); 4) Education and awareness (e.g., include sun safety in inductions and toolbox talks; send reminder emails or text messages to workers);5) Role modelling (e.g., by managers, supervisors, workplace champions and mentors); and 6) Skin examinations (e.g., allow time off work for skin checks). The participatory action process revealed that there was no “one size fits all” approach to sun safety in the workplace; a comprehensive, tailored approach was fundamental. This included providing workplaces with information, resources, skills, know how, incentives and practical help. For example, workplaces engaged in farming complete differing seasonal tasks across the year and needed to prepare for optimal sun safety of their workers during less labour intensive times. In some construction workplaces, long pants were considered a trip hazard and could not be used as part of a PPE strategy. Culture change was difficult to achieve and workplace champions needed guidance on the steps to facilitate this (e.g., influencing leaders through peer support, mentoring and role modelling). With the assistance of the project team the majority of workplaces were able to successfully implement the sun safety strategies contained within their action plans, up skilling them in the evidence for sun safety, how to overcome barriers, how to negotiate with all relevant parties and assess success. The most important enablers to the implementation of a successful action plan were a pro-active workplace champion, strong employee engagement, supportive management, the use of highly visual educational resources, and external support (provided by the project team through regular contact either directly through phone calls or indirectly through emails and e-newsletters). Identified barriers included a lack of time, the multiple roles of workplace champions, (especially among smaller workplaces), competing issues leading to a lack of priority for sun safety, the culture of outdoor workers, and costs or budgeting constraints. The level of sun safety awareness, knowledge, and sun protective behaviours reported by the workers increased between pre-and post-intervention. Of the nine sun protective behaviours that were assessed, the largest changes reported included a 26% increase in workers who “usually or always” wore a broad-brimmed hat, a 20% increase in the use of natural shade, a 19% increase in workers wearing long-sleeved collared shirts, and a 16% increase in workers wearing long trousers.
Resumo:
Even though web security protocols are designed to make computer communication secure, it is widely known that there is potential for security breakdowns at the human-machine interface. This paper examines findings from a qualitative study investigating the identification of security decisions used on the web. The study was designed to uncover how security is perceived in an individual user's context. Study participants were tertiary qualified individuals, with a focus on HCI designers, security professionals and the general population. The study identifies that security frameworks for the web are inadequate from an interaction perspective, with even tertiary qualified users having a poor or partial understanding of security, of which they themselves are acutely aware. The result is that individuals feel they must protect themselves on the web. The findings contribute a significant mapping of the ways in which individuals reason and act to protect themselves on the web. We use these findings to highlight the need to design for trust at three levels, and the need to ensure that HCI design does not impact on the users' main identified protection mechanism: separation.
Resumo:
There is no doubt that social engineering plays a vital role in compromising most security defenses, and in attacks on people, organizations, companies, or even governments. It is the art of deceiving and tricking people to reveal critical information or to perform an action that benefits the attacker in some way. Fraudulent and deceptive people have been using social engineering traps and tactics using information technology such as e-mails, social networks, web sites, and applications to trick victims into obeying them, accepting threats, and falling victim to various crimes and attacks such as phishing, sexual abuse, financial abuse, identity theft, impersonation, physical crime, and many other forms of attack. Although organizations, researchers, practitioners, and lawyers recognize the severe risk of social engineering-based threats, there is a severe lack of understanding and controlling of such threats. One side of the problem is perhaps the unclear concept of social engineering as well as the complexity of understand human behaviors in behaving toward, approaching, accepting, and failing to recognize threats or the deception behind them. The aim of this paper is to explain the definition of social engineering based on the related theories of the many related disciplines such as psychology, sociology, information technology, marketing, and behaviourism. We hope, by this work, to help researchers, practitioners, lawyers, and other decision makers to get a fuller picture of social engineering and, therefore, to open new directions of collaboration toward detecting and controlling it.
Resumo:
E-mail spam has remained a scourge and menacing nuisance for users, internet and network service operators and providers, in spite of the anti-spam techniques available; and spammers are relentlessly circumventing these anti-spam techniques embedded or installed in form of software products on both client and server sides of both fixed and mobile devices to their advantage. This continuous evasion degrades the capabilities of these anti-spam techniques as none of them provides a comprehensive reliable solution to the problem posed by spam and spammers. Major problem for instance arises when these anti-spam techniques misjudge or misclassify legitimate emails as spam (false positive); or fail to deliver or block spam on the SMTP server (false negative); and the spam passes-on to the receiver, and yet this server from where it originates does not notice or even have an auto alert service to indicate that the spam it was designed to prevent has slipped and moved on to the receiver’s SMTP server; and the receiver’s SMTP server still fail to stop the spam from reaching user’s device and with no auto alert mechanism to inform itself of this inability; thus causing a staggering cost in loss of time, effort and finance. This paper takes a comparative literature overview of some of these anti-spam techniques, especially the filtering technological endorsements designed to prevent spam, their merits and demerits to entrench their capability enhancements, as well as evaluative analytical recommendations that will be subject to further research.
Resumo:
Social Engineering (ES) is now considered the great security threat to people and organizations. Ever since the existence of human beings, fraudulent and deceptive people have used social engineering tricks and tactics to trick victims into obeying them. There are a number of social engineering techniques that are used in information technology to compromise security defences and attack people or organizations such as phishing, identity theft, spamming, impersonation, and spaying. Recently, researchers have suggested that social networking sites (SNSs) are the most common source and best breeding grounds for exploiting the vulnerabilities of people and launching a variety of social engineering based attacks. However, the literature shows a lack of information about what types of social engineering threats exist on SNSs. This study is part of a project that attempts to predict a persons’ vulnerability to SE based on demographic factors. In this paper, we demonstrate the different types of social engineering based attacks that exist on SNSs, the purposes of these attacks, reasons why people fell (or did not fall) for these attacks, based on users’ opinions. A qualitative questionnaire-based survey was conducted to collect and analyse people’s experiences with social engineering tricks, deceptions, or attacks on SNSs.
Resumo:
Social networking sites (SNSs), with their large number of users and large information base, seem to be the perfect breeding ground for exploiting the vulnerabilities of people, who are considered the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” Fraudulent and deceptive people use social engineering traps and tactics through SNSs to trick users into obeying them, accepting threats, and falling victim to various crimes such as phishing, sexual abuse, financial abuse, identity theft, and physical crime. Although organizations, researchers, and practitioners recognize the serious risks of social engineering, there is a severe lack of understanding and control of such threats. This may be partly due to the complexity of human behaviors in approaching, accepting, and failing to recognize social engineering tricks. This research aims to investigate the impact of source characteristics on users’ susceptibility to social engineering victimization in SNSs, particularly Facebook. Using grounded theory method, we develop a model that explains what and how source characteristics influence Facebook users to judge the attacker as credible.
Resumo:
Phishing and related cybercrime is responsible for billions of dollars in losses annually. Gartner reported more than 5 million U.S. consumers lost money to phishing attacks in the 12 months ending in September 2008 (Gartner 2009). This paper asks whether the majority of organised phishing and related cybercrime originates in Eastern Europe rather than elsewhere such as China or the USA. The Russian “Mafiya” in particular has been popularised by the media and entertainment industries to the point where it can be hard to separate fact from fiction but we have endeavoured to look critically at the information available on this area to produce a survey. We take a particular focus on cybercrime from an Australian perspective, as Australia was one of the first places where Phishing attacks against Internet banks were seen. It is suspected these attacks came from Ukrainian spammers. The survey is built from case studies both where individuals from Eastern Europe have been charged with related crimes or unsolved cases where there is some nexus to Eastern Europe. It also uses some earlier work done looking at those early Phishing attacks, archival analysis of Phishing attacks in July 2006 and new work looking at correlation between the Corruption Perception Index, Internet penetration and tertiary education in Russia and the Ukraine. The value of this work is to inform and educate those charged with responding to cybercrime where a large part of the problem originates and try to understand why.
Resumo:
"Information Thru Play: In 2010, responding to the success of The Threshold, Juxt Interactive again asked No Mimes Media, to partner in creating a transmedia experience to entertain and inform Cisco's Global Sales Force. The Hunt put employees at the center of a thriller where characters sent and responded to their emails, left phone messages, communicated through Facebook and Twitter, even asked them to retrieve items from a dead drop and to send them photographs and information. And while helping fictional characters Isabel and Keith escape an ancient secret organization, the sales force also learned about new Cisco technologies coming to market. Cisco had new demands for the 2010 experience. A geographically and culturally dispersed sales force raises challenges when it comes to introducing dozens of new products and technologies each year. Cisco wanted The Hunt to have global reach, to educate, to build collaboration, and to be fun. This demanded new ways of storytelling and new ways of thinking. The Hunt was quick and intense, unfolding in real time in just two weeks. Many experienced players were poised to participate and expectations were high. Many of the mechanics of the previous year's experience were repeated, and the audience ripped through the opening, discovering video clips and websites in minutes. The surprise was discovering Facebook and Twitter accounts, where characters responded to player postings and comments in real time. The Hunt involved audience members from countries around the world, including China, India, Netherlands, Germany, Norway, Pakistan, Japan, the United Kingdom, and the United States. It highlighted new Cisco technologies like Pulse and Mediator, painlessly engaging the audience in what those technologies do and how they work. Players collaborated across silos, creating networks of cross-disciplinary experts. The Hunt pushed the boundaries of storytelling, with events unfolding on Twitter and Facebook, and in the real world where the audience had to use social engineering to find and secure a package with vital information. With thousands of players highly engaged around the world, The Hunt once again proved that transmedia experiences can effectively be used to not only meet the goals of a brand, but entertain their audience as well."
Resumo:
Organisations employ Enterprise Social Networks (ESNs) (such as Yammer) expecting better intra-organisational communication and collaboration. However, ESNs are struggling to gain momentum and wide adoption among users. Promoting user participation is a challenge, particularly in relation to lurkers – the silent ESN members who do not contribute any content. Building on behaviour change research, we propose a three-route model consisting of the central, peripheral and coercive routes of influence that depict users’ cognitive strategies, and we examine how management interventions (e.g. sending promotional emails) impact users’ beliefs and (consequent) posting and lurking behaviours in ESNs. Furthermore, we identify users’ salient motivations to lurk or post. We employ a multi-method research design to conceptualise, operationalise and validate the research model. This study has implications for academics and practitioners regarding the nature, patterns and outcomes of management interventions in prompting ESN.
Resumo:
1. Introduction The success of self-regulation, in terms of enhancing older drivers’ safety and maintaining their mobility, depends largely upon older drivers’ awareness of the declines in their driving abilities. Therefore, interventions targeted at increasing older drivers’ safety should aim to enhance their awareness of their physical, sensory and cognitive limitations. Moreover, previous research suggests that driving behaviour change may occur through stages and that interventions and feedback may be perceived differently at each stage. 2. Study aims To further understand the process of driving self-regulation among older adults by exploring their perceptions and experiences of self-regulation, using the PAPM as a framework. To investigate the possible impact of feedback on their driving on their decision making process. 3. Methodology Research tool: Qualitative focus groups (n=5 sessions) Recruitment: Posters, media, newspaper advertisement and emails Inclusion criteria: Aged 70 or more, English-speaking, current drivers Participants: Convenience sample of 27 men and women aged 74 to 90 in the Sunshine Coast and Brisbane city, Queensland, Australia. 4. Analysis Thematic analysis was conducted following the process outlined by Braun and Clarke (2006) to identify, analyse and report themes within the data. Four main themes were identified.
Resumo:
There is a strong sense of negativity associated with online fraud victimization. Despite an increasing awareness, understanding about the reality of victimization experiences is not apparent. Rather, victims of online fraud are constructed as greedy and gullible and there is an overwhelming sense of blame and responsibility levelled at them for the actions that led to their losses. This belief transcends both non-victims and victims. The existence of this victim-blaming discourse is significant. Based on interviews with 85 seniors across Queensland, Australia, who received fraudulent emails, this article establishes the victim-blaming discourse as an overwhelmingly powerful and controlling discourse about online fraud victimization. However, the article also examines how humour acts as a tool to reinforce this discourse by isolating victims and impacting on their ability to disclose to those around them. Identifying and challenging this victim-blaming discourse, as well as the role of humour and its social acceptance, is a first step in the facilitation of victim recovery and future well-being.
Resumo:
Past research has suggested that social engineering poses the most significant security risk. Recent studies have suggested that social networking sites (SNSs) are the most common source of social engineering attacks. The risk of social engineering attacks in SNSs is associated with the difficulty of making accurate judgments regarding source credibility in the virtual environment of SNSs. In this paper, we quantitatively investigate source credibility dimensions in terms of social engineering on Facebook, as well as the source characteristics that influence Facebook users to judge an attacker as credible, therefore making them susceptible to victimization. Moreover, in order to predict users’ susceptibility to social engineering victimization based on their demographics, we investigate the effectiveness of source characteristics on different demographic groups by measuring the consent intentions and behavior responses of users to social engineering requests using a role-play experiment.
Resumo:
Past research has suggested that social networking sites are the most common source for social engineering-based attacks. Persuasion research shows that people are more likely to obey and accept a message when the source’s presentation appears to be credible. However, many factors can impact the perceived credibility of a source, depending on its type and the characteristics of the environment. Our previous research showed that there are four dimensions of source credibility in terms of social engineering on Facebook: perceived sincerity, perceived competence, perceived attraction, and perceived worthiness. Because the dimensionalities of source credibility as well as their measurement scales can fluctuate from one type of source to another and from one type of context to another, our aim in this study includes validating the existence of those four dimensions toward the credibility of social engineering attackers on Facebook and developing a valid measurement scale for every dimension of them.
Resumo:
Survey methods were engaged to measure the change in use and knowledge of climate information by pastoralists in western Queensland. The initial mail survey was undertaken in 2000-01 (n=43) and provided a useful benchmark of pastoralists climate knowledge. Two years of climate applications activities were completed and clients were re-surveyed in 2003 (n=49) to measure the change in knowledge and assess the effectiveness of the climate applications activities. Two methods were used to assess changes in client knowledge, viz., self-assessment and test questions. We found that the use of seasonal climate forecasts in decision making increased from 36% in 2001 (n=42) to 51% in 2003 (n=49) (P=0.07). The self-assessment technique was unsatisfactory as a measure of changing knowledge over short periods (1-3 years), but the test question technique was successful and indicated an improvement in climate knowledge among respondents. The increased levels of use of seasonal climate forecasts in management and improved knowledge was partly attributed to the climate applications activities of the project. Further, those who used seasonal forecasting (n=25) didn't understand key components of forecasts (e.g. probability, median) better than those who didn't use seasonal forecasts (n=24) (P>0.05). This identifies the potential for misunderstanding and misinterpretation of forecasts among users and highlights the need for providers of forecasts to understand the difficulties and prepare simply written descriptions of forecasts and disseminate these with the maps showing probabilities. The most preferred means of accessing climate information were internet, email, 'The Season Ahead' newsletter and newspaper. The least preferred were direct contact with extension officers and attending field days and group meetings. Eighty-six percent of respondents used the internet and 67% used ADSL broadband internet (April 2003). Despite these findings, extension officers play a key role in preparing and publishing the information on the web, in emails and newsletters. We also believe that direct contact with extension officers trained in climate applications is desirable in workshop-like events to improve knowledge of the difficult concepts underpinning climate forecasts, which may then stimulate further adoption.
