Fraud and its PREY : conceptualising social engineering tactics and its impact on financial literacy outcomes

Financial literacy may not be as effective as previously thought in protecting against fraud victimisation. It does not inoculate investors from persuasion or social engineering tactics used by offenders to secure investment in fraudulent schemes. In fact, recent research indicates that overconfidence in investment knowledge may make individuals more susceptible to fraud. Using boiler room fraud as a case study, this article introduces the PREY (Profiled, Relational, Exploitable and Yielding) model to capture the psychological tactics used by fraud perpetrators to influence the thoughts and decision-making processes of individuals. The PREY model operationalizes the tenets of social engineering and demonstrates how such tactics could be re-engineered to increase the effectiveness of fraud prevention within the financial literacy context.

Social engineering in social networking sites : phase-based and source-based models

Social networking sites (SNSs), with their large numbers of users and large information base, seem to be perfect breeding grounds for exploiting the vulnerabilities of people, the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” While technology-based security has been addressed by research and may be well understood, social engineering is more challenging to understand and manage, especially in new environments such as SNSs, owing to some factors of SNSs that reduce the ability of users to detect the attack and increase the ability of attackers to launch it. This work will contribute to the knowledge of social engineering by presenting the first two conceptual models of social engineering attacks in SNSs. Phase-based and source-based models are presented, along with an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.

Social engineering in social networking sites : affect-based model

While social engineering represents a real and ominous threat to many organizations, companies, governments, and individuals, social networking sites (SNSs), have been identified as among the most common means of social engineering attacks. Owing to factors that reduce the ability of users to detect social engineering tricks and increase the ability of attackers to launch them, SNSs seem to be perfect breeding ground for exploiting the vulnerabilities of people, and the weakest link in security. This work will contribute to the knowledge of social engineering by identifying different entities and subentities that affect social engineering based attacks in SNSs. Moreover, this paper includes an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.

Toward understanding social engineering

There is no doubt that social engineering plays a vital role in compromising most security defenses, and in attacks on people, organizations, companies, or even governments. It is the art of deceiving and tricking people to reveal critical information or to perform an action that benefits the attacker in some way. Fraudulent and deceptive people have been using social engineering traps and tactics using information technology such as e-mails, social networks, web sites, and applications to trick victims into obeying them, accepting threats, and falling victim to various crimes and attacks such as phishing, sexual abuse, financial abuse, identity theft, impersonation, physical crime, and many other forms of attack. Although organizations, researchers, practitioners, and lawyers recognize the severe risk of social engineering-based threats, there is a severe lack of understanding and controlling of such threats. One side of the problem is perhaps the unclear concept of social engineering as well as the complexity of understand human behaviors in behaving toward, approaching, accepting, and failing to recognize threats or the deception behind them. The aim of this paper is to explain the definition of social engineering based on the related theories of the many related disciplines such as psychology, sociology, information technology, marketing, and behaviourism. We hope, by this work, to help researchers, practitioners, lawyers, and other decision makers to get a fuller picture of social engineering and, therefore, to open new directions of collaboration toward detecting and controlling it.

Social engineering in social networking sites : how good becomes evil

Social Engineering (ES) is now considered the great security threat to people and organizations. Ever since the existence of human beings, fraudulent and deceptive people have used social engineering tricks and tactics to trick victims into obeying them. There are a number of social engineering techniques that are used in information technology to compromise security defences and attack people or organizations such as phishing, identity theft, spamming, impersonation, and spaying. Recently, researchers have suggested that social networking sites (SNSs) are the most common source and best breeding grounds for exploiting the vulnerabilities of people and launching a variety of social engineering based attacks. However, the literature shows a lack of information about what types of social engineering threats exist on SNSs. This study is part of a project that attempts to predict a persons’ vulnerability to SE based on demographic factors. In this paper, we demonstrate the different types of social engineering based attacks that exist on SNSs, the purposes of these attacks, reasons why people fell (or did not fall) for these attacks, based on users’ opinions. A qualitative questionnaire-based survey was conducted to collect and analyse people’s experiences with social engineering tricks, deceptions, or attacks on SNSs.

Social engineering in social networking sites : the art of impersonation

Social networking sites (SNSs), with their large number of users and large information base, seem to be the perfect breeding ground for exploiting the vulnerabilities of people, who are considered the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” Fraudulent and deceptive people use social engineering traps and tactics through SNSs to trick users into obeying them, accepting threats, and falling victim to various crimes such as phishing, sexual abuse, financial abuse, identity theft, and physical crime. Although organizations, researchers, and practitioners recognize the serious risks of social engineering, there is a severe lack of understanding and control of such threats. This may be partly due to the complexity of human behaviors in approaching, accepting, and failing to recognize social engineering tricks. This research aims to investigate the impact of source characteristics on users’ susceptibility to social engineering victimization in SNSs, particularly Facebook. Using grounded theory method, we develop a model that explains what and how source characteristics influence Facebook users to judge the attacker as credible.

Susceptibility to social engineering in social networking sites: The case of Facebook

Past research has suggested that social engineering poses the most significant security risk. Recent studies have suggested that social networking sites (SNSs) are the most common source of social engineering attacks. The risk of social engineering attacks in SNSs is associated with the difficulty of making accurate judgments regarding source credibility in the virtual environment of SNSs. In this paper, we quantitatively investigate source credibility dimensions in terms of social engineering on Facebook, as well as the source characteristics that influence Facebook users to judge an attacker as credible, therefore making them susceptible to victimization. Moreover, in order to predict users’ susceptibility to social engineering victimization based on their demographics, we investigate the effectiveness of source characteristics on different demographic groups by measuring the consent intentions and behavior responses of users to social engineering requests using a role-play experiment.

Measuring source credibility of social engineering attackers on Facebook

Past research has suggested that social networking sites are the most common source for social engineering-based attacks. Persuasion research shows that people are more likely to obey and accept a message when the source’s presentation appears to be credible. However, many factors can impact the perceived credibility of a source, depending on its type and the characteristics of the environment. Our previous research showed that there are four dimensions of source credibility in terms of social engineering on Facebook: perceived sincerity, perceived competence, perceived attraction, and perceived worthiness. Because the dimensionalities of source credibility as well as their measurement scales can fluctuate from one type of source to another and from one type of context to another, our aim in this study includes validating the existence of those four dimensions toward the credibility of social engineering attackers on Facebook and developing a valid measurement scale for every dimension of them.

Social engineering and its impact via the internet

Historically social engineering attacks were limited upon a single organisation or single individual at a time. The impact of the Internet and growth of E-Business has allowed social engineering techniques to be applied at a global level. The paper will discuss how new social engineering techniques are being applied and puts forward a conceptual model to allow an understanding of how social engineering attacks are planned and implemented against E-Business activities.

The Social Engineering framework para el aseguramiento de PYME

El trabajo plantea un aporte al framework de ingeniería social (The Social Engineering Framework) para la evaluación del riesgo y mitigación de distintos vectores de ataque, por medio del análisis de árboles de ataque -- Adicionalmente se muestra una recopilación de estadísticas de ataques realizados a compañías de diferentes industrias relacionadas con la seguridad informática, enfocado en los ataques de ingeniería social y las consecuencias a las que se enfrentan las organizaciones -- Se acompañan las estadísticas con la descripción de ejemplos reales y sus consecuencias

The social and political underpinnings of the inclusive education movement

In this chapter we look at inclusive education as part of a number of wider social movements for social justice. Inclusive education is thus understood as a transformation of education systems, rather than simply the addition of new groups of students to schools, or the development of new techniques (Slee, 2006). We illustrate the ways movements for social change can occur at many levels. Resistance to social change also occurs at many levels. Movements for social justice often include a goal of changing what happens in education. This is because education is often seen as one of the important social institutions that can reinforce the status quo. Education is also seen as an important means of changing the status quo, giving more people access to a more meaningful education. It’s not uncommon to hear various political parties criticising each other’s educational policies as ‘social engineering.’ Movements for social justice in education understand that education has always been about social engineering. The questions of interest are thus: Social engineering for what?; Who benefits; and At whose expense?

O papel da psicologia social frente ao poder e ao controle da destrutividade

Esta dissertação é um estudo teórico que pretende apontar para a relevância da psicologia social frente a humanidade, para tanto os temas da destrutividade e do poder foram escolhidos. Assim, após um diagnóstico da situação global, tendo como centro os armamentos, a anomia e a alienação social, discorre-se em favor de uma engenharia social. Para atingir tal meta são necessários alguns procedimentos: primeiro, a análise do papel da ciência, donde são colimados três aspectos: existencial, social e epistemológico; segundo, uma fundamentação axiológica, uma revisão do status científico da psicologia, e um estudo sobre polarização de atitudes em psicólogos, assunto considerado de vital importância para o amadurecimento e grau de confiabilidade desta disciplina; terceiro, indica-se algumas estratégias (contribuições) oriundas da psicologia social, capaz de auxiliar na formação desse planejamento social. Finalmente, são três as conclusões principais: a engenharia social é de máxima importância, devendo atuar de forma incisiva na educação intercultural; a psicologia da ciência tem um papel relevante diante do plurarismo teórico e, assim como é insustentável a vida no planeta caso persista o clima de destrutividade, também é insustentável um empreendimento social, da envergadura do que aqui se propõe, sem a assistência multidisciplinar.

Cyber crime and its implications to the Pacific

Introduction Cybercrime consists of any criminal action or behaviour that is committed through the use of Information Technology. Common examples of such activities include cyber hacking, identity theft, cracking, spamming, social engineering, data tampering, online fraud, programming attacks, etc. The pervasive use of the internet clearly indicates that the impacts of cybercrime is far reaching and any one, may it be a person or an entity can be a victim of cybercriminal activities. Recently in the US, eight members of a global cybercrime ring were charged in one of the biggest ever bank heists. The cybercrime gang allegedly stole US$45 million by hacking into credit card processing firms and withdrawing money from ATMs in 27 countries (Jessica et al. 2013). An extreme example, the above case highlights how IT is changing the way crimes are being committed. No longer do criminals use masks, guns and get-a-way cars, criminals are able to commit crimes in the comfort of their homes, millions of miles from the scene of the crime and can access significant sums of money that can financially cripple organisations. The world is taking notice of this growing threat and organisations in the Pacific must also be proactive in tackling this emerging issue.

The hunt

"Information Thru Play: In 2010, responding to the success of The Threshold, Juxt Interactive again asked No Mimes Media, to partner in creating a transmedia experience to entertain and inform Cisco's Global Sales Force. The Hunt put employees at the center of a thriller where characters sent and responded to their emails, left phone messages, communicated through Facebook and Twitter, even asked them to retrieve items from a dead drop and to send them photographs and information. And while helping fictional characters Isabel and Keith escape an ancient secret organization, the sales force also learned about new Cisco technologies coming to market. Cisco had new demands for the 2010 experience. A geographically and culturally dispersed sales force raises challenges when it comes to introducing dozens of new products and technologies each year. Cisco wanted The Hunt to have global reach, to educate, to build collaboration, and to be fun. This demanded new ways of storytelling and new ways of thinking. The Hunt was quick and intense, unfolding in real time in just two weeks. Many experienced players were poised to participate and expectations were high. Many of the mechanics of the previous year's experience were repeated, and the audience ripped through the opening, discovering video clips and websites in minutes. The surprise was discovering Facebook and Twitter accounts, where characters responded to player postings and comments in real time. The Hunt involved audience members from countries around the world, including China, India, Netherlands, Germany, Norway, Pakistan, Japan, the United Kingdom, and the United States. It highlighted new Cisco technologies like Pulse and Mediator, painlessly engaging the audience in what those technologies do and how they work. Players collaborated across silos, creating networks of cross-disciplinary experts. The Hunt pushed the boundaries of storytelling, with events unfolding on Twitter and Facebook, and in the real world where the audience had to use social engineering to find and secure a package with vital information. With thousands of players highly engaged around the world, The Hunt once again proved that transmedia experiences can effectively be used to not only meet the goals of a brand, but entertain their audience as well."

Love hurts: The costly reality of online romance fraud

Online dating and romance scams continue to lure in Australians with figures this week showing people have lost more than A$23 million this year alone, with average individual losses at A$21,000 – three times higher than other types of fraud. The Australian Competition and Consumer Commission (ACCC) set up the Scam Disruption Project in August to help target those it believes have been caught in such scams. Over three months it sent 1,500 letters to potential victims in New South Wales and the Australian Capital Territory. The figures released this week show that 50 people have been scammed, losing a total A$1.7 million – that’s an average of A$34,000 per victim. Almost three quarters of the scams were dating and romance related, which saw it evolve into the number one category of fraud victimisation. Romance scams continue to pose a problem – despite the efforts of the police and ACCC – so why is it that people continue to fall for them?