Since it is difficult to change people’s behavior, it doesn’t help to provide training about how to behave securely. This is shown by Marcus Nohlberg in his dissertation at Stockholm University in Sweden in which he studied attacks that are called social engineering in IT contexts.
The concept of social engineering refers to the art of using social codes and knowledge of human behavior to get us to provide information or do things we should not do. A topical example happened very recently in Sweden, where people received calls from a person who purported to represent the IT office at their bank and asked them to identify themselves using their personal bank encoders. The attacker then used these codes to steal money from the victims’ accounts.
“I predicted a couple of years ago that this kind of attack would become common, especially account fraud,” says Marcus Nohlberg.
Despite the serious consequences, with many successful fraud attempts, this technique has received little attention among researchers. Marcus Nohlberg’s research has led to enhanced knowledge about what methods attackers use and what it is that makes people and organizations so vulnerable. Somewhat depressingly, Marcus Nohlberg’s research shows that information and training do not work as well as we think:
“There will always be a small group of people who do not do as they were taught. What’s more, it’s all too seldom that people undergo training in security issues in general. To change behavior, this is something that needs to be worked with constantly. The best thing is practical training, and it’s probable that organizations will need to start running internal checks where they in fact create fictitious attacks in order to identify weaknesses,” says Marcus Nohlberg.
Social engineering as a method of fraud is costly for the attacker since it requires commitment and time. However, software and technologies already exist that can interact with other people automatically:
“You can easily imagine how serious it will be when such programs target victims via digital forums like Facebook in the future. When it becomes just as simple as spreading spam, this will present a major threat to social activities on the Internet.”
In his research, Marcus Nohlberg presents a description of fraud crimes from the perspectives of victims, perpetrators, and defenders, but he also offers suggested measures for preventing attacks, based on his own experiences from controlled attacks.
Title of dissertation: Securing Information Assets -- Understanding, Measuring and Protecting against Social Engineering Attacks.
Maria Erlandsson | alfa
Illinois researchers researchers find tweeting in cities lower than expected
21.02.2018 | University of Illinois College of Engineering
Polluted air may pollute our morality
08.02.2018 | Association for Psychological Science
For the first time, an interdisciplinary team from the University of Basel has succeeded in integrating artificial organelles into the cells of live zebrafish embryos. This innovative approach using artificial organelles as cellular implants offers new potential in treating a range of diseases, as the authors report in an article published in Nature Communications.
In the cells of higher organisms, organelles such as the nucleus or mitochondria perform a range of complex functions necessary for life. In the networks of...
Animal photoreceptors capture light with photopigments. Researchers from the University of Göttingen have now discovered that these photopigments fulfill an...
On 15 March, the AWI research aeroplane Polar 5 will depart for Greenland. Concentrating on the furthest northeast region of the island, an international team...
The world’s second-largest ice shelf was the destination for a Polarstern expedition that ended in Punta Arenas, Chile on 14th March 2018. Oceanographers from...
At the 2018 ILA Berlin Air Show from April 25–29, the Fraunhofer Institute for Laser Technology ILT is showcasing extreme high-speed Laser Material Deposition (EHLA): A video documents how for metal components that are highly loaded, EHLA has already proved itself as an alternative to hard chrome plating, which is now allowed only under special conditions.
When the EU restricted the use of hexavalent chromium compounds to special applications requiring authorization, the move prompted a rethink in the surface...
19.03.2018 | Event News
16.03.2018 | Event News
13.03.2018 | Event News
19.03.2018 | Physics and Astronomy
19.03.2018 | Materials Sciences
19.03.2018 | Event News