Awareness and Social Engineering-Based Cyberattacks

Document Type : Original Research Article

Author

Department of Psychology, Human Science Faculty, Islamic Azad University, Bushehr Branch, Iran

Abstract

Nowadays, the psychological techniques used to harass, intimidate, threaten, and steal information are more common due to free access to technological resources and the digitization of communications. Social engineering attacks have evolved into telephone calls, emails, and face-to-face interactions. On the other hand, assessing the Information security awareness of users and thereby identifying users who are more vulnerable to social engineering attacks is crucial for enterprise cybersecurity risk assessment. So, this paper aims to investigate the relationship between awareness and social engineering-based cyberattacks. The findings showed differences in technical security solutions regarding age, education, and occupation groups (P<0.05). Based on that, educational organizations must design specific training programs considering age, education level, and occupation because each category has special requirements. Furthermore, this paper showed that most respondents did not know about social engineering approaches, indicating the need for comprehensive training about social engineering attacks.

Keywords

Main Subjects

References

  1. Zambrano, J. Torres, L. Tello-Oquendo, Á. Yánez, and L. Velásquez, "On the modeling of cyber-attacks associated with social engineering: A parental control prototype," Journal of Information Security and Applications, vol. 75, p. 103501, 2023/06/01/ 2023, doi: https://doi.org/10.1016/j.jisa.2023.103501.
  2. Syafitri, Z. Shukur, U. A. Mokhtar, R. Sulaiman, and M. A. Ibrahim, "Social Engineering Attacks Prevention: A Systematic Literature Review," IEEE Access, vol. 10, pp. 39325-39343, 2022, doi: https://doi.org/10.1109/ACCESS.2022.3162594
  3. F. Abu Hweidi and D. Eleyan, "Social Engineering Attack Concepts, Frameworks, and Awareness: A Systematic Literature Review," International Journal of Computing and Digital Systems, 2023, doi: http://dx.doi.org/10.12785/ijcds/130155
  4. Scarfone, M. Souppaya, A. Cody, and A. Orebaugh, "Technical guide to information security testing and assessment," NIST Special Publication, vol. 800, no. 115, pp. 2-25, 2008, doi: https://doi.org/10.6028/NIST.SP.800-115
  5. Junger, L. Montoya, and F. J. Overink, "Priming and warnings are not effective to prevent social engineering attacks," Computers in Human Behavior, vol. 66, pp. 75-87, 2017/01/01/ 2017, doi: https://doi.org/10.1016/j.chb.2016.09.012.
  6. Syed, "Enterprise reputation threats on social media: A case of data breach framing," The Journal of Strategic Information Systems, vol. 28, no. 3, pp. 257-274, 2019/09/01/ 2019, doi: https://doi.org/10.1016/j.jsis.2018.12.001.
  7. Nathan and A. Scobell, "Data Breach Investigations Report," ed: Verizon, 2020, [Online]. Available: https://www.cisecurity.org/wp-content/uploads/2020/07/The-2020-Verizon-Data-Breach-Investigations-Report-DBIR.pdf
  8. H. Shaari, M. R. Kamaluddin, W. F. P. Fauzi and M. Mohd, "Online-dating romance scam in Malaysia: An analysis of online conversations between scammers and victims", GEMA Online J. Lang. Stud., vol. 19, no. 1, pp. 97-115, 2019, doi: http://doi.org/10.17576/gema-2019-1901-06
  9. R. A. Rahman, "Online scammers and their mules in Malaysia", Jurnal Undang-Undang dan Masyarakat, vol. 26, 2020, pp. 65-72, 2020, doi: https://doi.org./10.17576/juum-2020-26-08
  10. S. Ming, N. L. Shi and A. M. Taha, "Awareness of the risks and dangers of social networking: Exploration on four types of Malaysian secondary schools", Journal Komunikasi Malaysian Journal of Commun., vol. 36, no. 1, pp. 147-165, 2020. https://doi.org/10.17576/JKMJC-2020-3601-09
  11. Jamil, M. S. Hassan, N. M. Salleh and R. Yaakob, "Non-financial risk disclosure: From narratives to an index based on Delphi technique", Asian Journal of Accounting and Governance, vol. 14, pp. 123-139, 2020, DOI: http://dx.doi.org/10.17576/AJAG-2020-14-10
  12. Raval, S. Chakrabarty, H. Jasoliya and D. Swain, "Understanding People’s awareness towards social engineering with survey," 2022 IEEE 2nd International Symposium on Sustainable Energy, Signal Processing and Cyber Security (iSSSC), Gunupur, Odisha, India, 2022, pp. 1-5, doi: https://doi.org/10.1109/iSSSC56467.2022.10051531
  13. Solomon et al., "Contextual security awareness: A context-based approach for assessing the security awareness of users," Knowledge-Based Systems, vol. 246, p. 108709, 2022/06/21/ 2022, doi: https://doi.org/10.1016/j.knosys.2022.108709.
  14. Analytic Exchange Program. The Future of Ransomware and Social Engineering; US Department of Homeland Security: Washington, DC, USA, 2017.
  15. Nicholson, L. Coventry, and P. Briggs, “Can we fight social engineering attacks by social means? Assessing social salience as a means to improve phish detection,” in Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), 2017, pp. 285-298, [Online]. Available: https://www.usenix.org/conference/soups2017/technical-sessions/presentation/nicholson
  16. Al-Janabi and I. Al-Shourbaji, “A study of cyber security awareness in educational environment in the middle east.” Journal of Information & Knowledge Management. vol. 15, no. 1, PP. 1650007, 2016, doi: https://doi.org/10.1142/S0219649216500076
  17. K. Alqurashi, M. A. AlZain, B. Soh, M. Masud, and J. Al-Amri, "Cyber attacks and impacts: A case study in saudi arabia," International Journal of Advanced Trends in Computer Science and Engineering
  18. , 9, no. 1, p.217-224, 2020, [Online]. Available: http://www.warse.org/IJATCSE/static/pdf/file/ijatcse33912020.pdf
  19. Elnaim and H. Al-Lami, "The current state of phishing attacks against Saudi Arabia university students," International Journal of Computer Applications Technology and Research, vol. 6, no. 1, pp. 42-50, 2017, doi: 10.7753/IJCATR0601.1008
  20. AlMindeel and J. T. Martins, "Information security awareness in a developing country context: insights from the government sector in Saudi Arabia," Information Technology & People, vol. 34, no. 2, pp. 770-788, 2021, doi: https://doi.org/10.1108/ITP-06-2019-0269
International Journal of Reliability, Risk and Safety: Theory and Application
Volume 7, Issue 1
February 2024

Files

History

  • Receive Date: 29 December 2023
  • Revise Date: 05 February 2024
  • Accept Date: 07 February 2024

Share

How to cite

Statistics