Can we fight social engineering attacks by social means? Assessing social salience as a means to improve phish detection
نویسندگان
چکیده
Phishing continues to be a problem for both individuals and organisations, with billions of dollars lost every year. We propose the use of nudges – more specifically social saliency nudges – that aim to highlight important information to the user when evaluating emails. We used Signal Detection Theory to assess the effects of both sender saliency (highlighting important fields from the sender) and receiver saliency (showing numbers of other users in receipt of the same email). Sender saliency improved phish detection but did not introduce any unwanted response bias. Users were asked to rate their confidence in their own judgements and these confidence scores were poorly calibrated with actual performance, particularly for phishing (as opposed to genuine) emails. We also examined the role of impulsive behaviour on phish detection, concluding that those who score highly on dysfunctional impulsivity are less likely to detect the presence of phishing emails.
منابع مشابه
A Systematic Gap Analysis of Social Engineering Defence Mechanisms Considering Social Psychology
Social engineering is the acquisition of information about computer systems by methods that deeply include non-technical means. While technical security of most critical systems is high, the systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (i) does not require any (advanced) technical tools, (ii) can be used by anyone, (iii) is cheap. Tradition...
متن کاملA Novel Trust Management Model in the Social Internet of Things
The Internet of Things (IoT) and social networking integration, create a new concept named Social Internet of Things (SIoT) according to which the things are able to autonomously establish social relationships with regard to the owners. Things in SIoT operate according to a service-oriented architecture. There may be misbehaving owners and consequently misbehaving devices that can perform harmf...
متن کاملThe Neglected Human Factor for Information Security Management
Effective information systems security management combines technological measures and managerial efforts. Although various technical means have been employed to cope with security threats, human factors have been comparatively neglected. This article examines human factors that can lead to social engineering intrusions. Social engineering is a technique used by malicious attackers to gain acces...
متن کاملAdvanced social engineering attacks
Social engineering has emerged as a serious threat in virtual communities and is an effective means to attack information systems. The services used by today’s knowledge workers prepare the ground for sophisticated social engineering attacks. The growing trend towards BYOD (bring your own device) policies and the use of online communication and collaboration tools in private and business enviro...
متن کاملAnalyzing Correlation between Internationalization Orientation and Social Network
The research on social networks and collaborative strategies has highlighted from the mid of 1980 which has contributed to the success and development of firms. The relationship and communication with trade partners in overseas help success of firms in entering to foreign markets and improve new partners and new markets abroad. Doing firm internationalization in foreign countries faces some ba...
متن کامل