Social engineering: Revisiting end-user awareness and susceptibility to classic attack vectors

Taimur Bakhshi

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Social engineering relies on human vulnerability to exploit system security. Social engineering attacks are relatively harder to protect against as they mainly target the user, and not just hardware or software system defenses. End user awareness can be considered as one of the simplest yet most effective ways to protect the end user against social engineering vectors. The present study ascertains the level of user susceptibility to social engineering attacks in a cooperating corporate organization. Two attack scenarios, a spear-phishing campaign and a physical intrusion vector were designed targeting the organization's user population (employees) based on publicly available information from the Internet. Clues relating to social engineering techniques were included in the attacks to alert suspicious users. Despite the revealing signs of a social engineering campaign, the results indicated that a significantly high proportion (46-60%) of the users fell prey and failed to identify the attacks. It was observed that lack of user awareness remained the primary cause of the success of the attacks, requiring corrective action through post-incident training and regular IT security drills.
Original languageEnglish
Title of host publicationProceedings 2017 13th International Conference on Emerging Technologies
PublisherInstitute of Electrical and Electronics Engineers
Number of pages6
ISBN (Electronic)978-1-5386-2260-5 , 978-1-5386-2259-9 , 978-1-5386-2261-2
DOIs
Publication statusPublished - 8 Feb 2018
Externally publishedYes
Event2017 13th International Conference on Emerging Technologies - Islamabad, Pakistan
Duration: 27 Dec 201728 Dec 2017
Conference number: 13th

Publication series

Name2017 13th International Conference on Emerging Technologies (ICET)

Conference

Conference2017 13th International Conference on Emerging Technologies
Abbreviated titleICET2017
Country/TerritoryPakistan
CityIslamabad
Period27/12/1728/12/17

Fingerprint

Dive into the research topics of 'Social engineering: Revisiting end-user awareness and susceptibility to classic attack vectors'. Together they form a unique fingerprint.

Cite this