Social engineering awareness game (SEAG): an empirical evaluation of using game towards improving information security awareness

The sharp rise of social engineering attacks in recent years poses serious threats to technology consumers.This is due to the degree of damage that can be done through social engineering. This paper seeks to elaborate on the use of a Social Engineering Awareness Game (SEAG) to improve the rate of awareness of social engineering.This game was tailored towards the needs of technology consumers that are intended to make use of it by ensuring that not only it is knowledgeable but also attractive and fun. In this paper we highlighted the objectives of this study and how it was done.A control laboratory experiment involving participants randomly assigned to either the experimental group or control group (using paper-based) to evaluate the outcome. The impact that the game had on the participants was recorded with an average of 71% improvement in their knowledge and awareness of social engineering, this made them to find the game beneficial and informative.The major drawback of the game is it needs to be more user-friendly and centered.We conclude by showing the need for more research to be put in place pertaining to the aspect of using games in the educational field especially in the network security field that has more threats growing rapidly

Undermining:social engineering using open source intelligence gathering

Digital deposits are undergoing exponential growth. These may in turn be exploited to support cyber security initiatives through open source intelligence gathering. Open source intelligence itself is a doubleedged sword as the data may be harnessed not only by intelligence services to counter cyber-crime and terrorist activity but also by the perpetrator of criminal activity who use them to socially engineer online activity and undermine their victims. Our preliminary case study shows how the security of any company can be surreptitiously compromised by covertly gathering the open source personal data of the company’s employees and exploiting these in a cyber attack. Our method uses tools that can search, drill down and visualise open source intelligence structurally. It then exploits these data to organise creative spear phishing attacks on the unsuspecting victims who unknowingly activate the malware necessary to compromise the company’s computer systems. The entire process is the covert and virtual equivalent of overtly stealing someone’s password ‘over the shoulder’. A more sophisticated development of this case study will provide a seamless sequence of interoperable computing processes from the initial gathering of employee names to the successful penetration of security measures

Generic Taxonomy of Social Engineering Attack

Social engineering is a type of attack that allows unauthorized access to a system to achieve specific objective. Commonly, the purpose is to obtain information for social engineers. Some successful social engineering attacks get victims’ information via human based retrieval approach, example technique terms as dumpster diving or shoulder surfing attack to get access to password. Alternatively, victims’ information also can be stolen using technical-based method such as from pop-up windows, email or web sites to get the password or other sensitive information. This research performed a preliminary analysis on social engineering attack taxonomy that emphasized on types of technical-based social engineering attack. Results from the analysis become a guideline in proposing a new generic taxonomy of Social Engineering Attack (SEA)

The Social Engineering Attack Spiral (SEAS)

YesCybercrime is on the increase and attacks are becoming ever more sophisticated. Organisations are investing huge sums of money and vast resources in trying to establish effective and timely countermeasures. This is still a game of catch up, where hackers have the upper hand and potential victims are trying to produce secure systems hardened against what feels like are inevitable future attacks. The focus so far has been on technology and not people and the amount of resource allocated to countermeasures and research into cyber security attacks follows the same trend. This paper adds to the growing body of work looking at social engineering attacks and therefore seeks to redress this imbalance to some extent. The objective is to produce a model for social engineering that provides a better understanding of the attack process such that improved and timely countermeasures can be applied and early interventions implemented

A Taxonomy for Social Engineering attacks

As the technology to secure information improves, hackers will employ less technical means to get access to unauthorized data. The use of Social Engineering as a non tech method of hacking has been increasingly used during the past few years. There are different types of social engineering methods reported but what is lacking is a unifying effort to understand these methods in the aggregate. This paper aims to classify these methods through taxonomy so that organizations can gain a better understanding of these attack methods and accordingly be vigilant against them