In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Second International Conference on Human Aspects of Information Security & Assurance (HAISA 2008)
Title: A Practical Assessment of Social Engineering Vulnerabilities
Author(s): Taimur Bakhshi, Maria Papadaki, Steven Furnell
Keywords: Social engineering, IT Security, Phishing, Deception.
Abstract: Social engineering refers to the selection of techniques that exploit human weaknesses and manipulate people into breaking normal security procedures. This may involve convincing people to perform atypical actions or divulge confidential information. It remains a popular method of bypassing security because attacks focus on the weakest link in the security architecture: the staff of the organization, instead of directly targeting technical controls, such as firewalls or authentication systems. This paper investigates the level of susceptibility to social engineering amongst staff within a cooperating organisation. An email-based experiment was conducted, in which 152 staff members were sent a message asking them to follow a link and install a claimed software update. The message utilised a number of social engineering techniques, but was also designed to convey signs of a deception in order to alert security-aware users. The results revealed that 23% of recipients were successfully snared by the attack, suggesting that many users lack a baseline level of security awareness that is useful to protect them online.
Download count: 2423
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.