Discriminating Fradulent Financial Statements by Identifying Linguistic Hedging

Managerial financial fraud is estimated in the billions of dollars annually in the United States. Since fraud includes obfuscation, misdirection, and fabrication, this study proposes using deception theory as a means of detecting fraud in textual portions of financial statements (10K). A corpus of 101 fraudulent 10Ks was collected from the Securities and Exchange Commission along with 101 matching non-fraudulent 10Ks. Natural Language Processing techniques were applied to the corpus to generate raw counts and usage rates of hedging devices: hedging modal verbs, hedging adjectives, hedging adverbs, hedging conjunctions, hedging nouns, and hedging lexical verbs. A classification model, based on logistic regression, successfully discriminates with 69.3% accuracy and accounts for nearly 20% of the observed variance. Two machinelearning algorithms are investigated. Bayesian Network and JRip achieve accuracy results of 62.4% and 67.8% respectively. Both results are better than chance or of human deception detection suggesting the possibility of a diagnostic tool for auditors

Got Phished? Internet Security and Human Vulnerability

A leading cause of security breaches is a basic human vulnerability: our susceptibility to deception. Hackers exploit this vulnerability by sending phishing emails that induce users to click on malicious links that then download malware or trick the victim into revealing personal confidential information to the hacker. Past research has focused on human susceptibility to generic phishing emails or individually targeted spear-phishing emails. This study addresses how contextualization of phishing emails for targeted groups impacts their susceptibility to phishing. We manipulated the framing and content of email messages and tested the effects on users’ susceptibility to phishing. We constructed phishing emails to elicit either the fear of losing something valuable (e.g., course registrations, tuition assistance) or the anticipation of gaining something desirable (e.g., iPad, gift card, social networks). We designed the emails’ context to manipulate human psychological weaknesses such as greed, social needs, and so on. We sent fictitious (benign) emails to 7,225 undergraduate students and recorded their responses. Results revealed that contextualizing messages to appeal to recipients’ psychological weaknesses increased their susceptibility to phishing. The fear of losing or anticipation of gaining something valuable increased susceptibility to deception and vulnerability to phishing. The results of our study provide important contributions to information security research, including a theoretical framework based on the heuristic-systematic processing model to study the susceptibility of users to deception. We demonstrate through our experiment that several situational factors do, in fact, alter the effectiveness of phishing attempts

Generic Taxonomy of Social Engineering Attack

Social engineering is a type of attack that allows unauthorized access to a system to achieve specific objective. Commonly, the purpose is to obtain information for social engineers. Some successful social engineering attacks get victims’ information via human based retrieval approach, example technique terms as dumpster diving or shoulder surfing attack to get access to password. Alternatively, victims’ information also can be stolen using technical-based method such as from pop-up windows, email or web sites to get the password or other sensitive information. This research performed a preliminary analysis on social engineering attack taxonomy that emphasized on types of technical-based social engineering attack. Results from the analysis become a guideline in proposing a new generic taxonomy of Social Engineering Attack (SEA)

Evidential Recovery in a RFID Business System

Efficient stock management in the commercial retail sector is being dominated by Radio Frequency Identification (RFID) tag implementations. Research reports of the security risk of RFID tags show that breaches are likely and that forensic readiness is a requirement. In this paper a RFID tag business simulation is reported that replicates previous research reports of security breaches with the purpose of identifying potential evidence after such attacks. A Read/Write Tag was cloned and used to replicate a SQL poisoning attack on a simulated Business System. A forensic investigation was then undertaken to identify potential locations for evidential recovery. This paper differentiates from the replicated studies in that the whole Business System is considered evidential. The scope of the inquiry includes the technical artefacts, the information artefacts and the human actors. The result of the investigation shows locations of evidence and the priority for investigations in RFID system architectures

Social Engineering: The Art of Attacks

The correct management of information systems security is often over looked in technological measures and management efforts, and although there are now many tools to address security threats, the human aspect has been neglected. This paper discusses the human factors that could potentially lead to in trusions with social engineering. Social engineering is a method used by hackers to obtain access to systems by manipulating flaws in behavior known as mental preconceptions. Social engineering is a risk to security information and must be considered just as important as in technological areas. In this paper we also aprproach social engineering, taking an introductory brief in its history, what is psychological manipulation and human weaknesses, what are the social engineering attacks, how they use authority and fear establishment, it is also approached how a social engineering attack is executed, providing value monetizing the scam, and identity exploration.info:eu-repo/semantics/publishedVersio

Engenharia Social (ou o carneiro que afinal era um lobo)

Todos os anos perdem-se milhares de milhões de euros devido a atos de espionagem industrial, muitas vezes sem que as organizações lesadas sequer se apercebam. As organizações devem estar alerta para esta ameaça algo silenciosa que, na quase totalidade dos casos, parte de dentro de si próprias, sob a forma de Engenharia Social. Neste capítulo exploram-se os conceitos de Engenharia Social, as suas manifestações mais populares e as formas de deteção, prevenção e combate. A importância do tema para as organizações e para a economia em geral fazem surgir a necessidade de uma sensibilização em torno destas ocorrências e para a definição de uma política de segurança clara e comum a toda a organização. A atual falta de formação e até mesmo ingenuidade dos colaboradores das organizações perante este tema proporciona um campo fértil para a proliferação de atividades da Engenharia Social