Social engineering attacks on the knowledge worker

SIN 2013 - Proceedings of the 6th International Conference on Security of Information and Networks

Volumn , Issue , 2013, Pages 28-35

  Krombholz, Katharina ^a   Hobel, Heidelinde ^a   Huber, Markus ^a   Weippl, Edgar ^a  

^a SBA RESEARCH   (Austria)

Author keywords

Attack scenarios; Bring your own device; Knowledge worker; Privacy; Security; Social engineering

Indexed keywords

ATTACK SCENARIOS; BRING YOUR OWN DEVICES; KNOWLEDGE WORKERS; SECURITY; SOCIAL ENGINEERING;

DATA PRIVACY; FREQUENCY HOPPING; INDUSTRY; KNOWLEDGE MANAGEMENT; SECURITY OF DATA; TOOLS; VIRTUAL REALITY;

ENGINEERING;

EID: 84893276970     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2523514.2523596     Document Type: Conference Paper

References (41)

1. Anatomy of an attack. available online: http://httpblogs.rsa.com/anatomy- of-an-attack/, last accessed on 2013-07-17.
2. Google hack attack was ultra sophisticated. available online: http://www.wired.com/threatlevel/2010/01/operationaurora/, last accessed on 2013-07-17.
3. Microsoft hacked: Joins apple, facebook, twitter - Information Week. available online: http://www.InformationWeek.com/security/Attackacks/microsoft- hacked-joins-apple-facebook-tw/240149323, last accessed on 2013-07-10.
4. The robin sage experiment: Fake profile fools security pros. available at http://www.networkworld.com/news/2010/070810-the-robin-sage-experiment-fake. html?t51hb, last accessed on: 2013-07-14.
5. Whatsapp. available online: http://www.whatsapp.com/, last accessed on 2013-07-18.
6. L. Alvisi, A. Clement, A. Epasto, S. Lattanzi, and A. Panconesi. Sok: The evolution of sybil defense via social networks. IEEE Symposium on Security and Privacy, 2013.
7. G. Bader, A. Anjomshoaa, and A. Tjoa. Privacy aspects of mashup architecture. In Social Computing (SocialCom), 2010 IEEE Second International Conference on, pages 1141-1146, 2010.
8. M. Balduzzi, C. Platzer, T. Holz, E. Kirda, D. Balzarotti, and C. Kruegel. Abusing social networks for automated user profiling. In Recent Advances in Intrusion Detection, pages 422-441. Springer, 2010.
9. R. Ballagas, M. Rohs, J. G. Sheridan, and J. Borchers. Byod: Bring your own device. In Proceedings of the Workshop on Ubiquitous Display Environments, Ubicomp, 2004.
10. L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All your contacts are belong to us: automated identity theft attacks on social networks. In Proceedings of the 18th international conference on World wide web, pages 551-560. ACM, 2009.
11. Y. Boshmaf, I. Muslukhov, K. Beznosov, and M. Ripeanu. The socialbot network: when bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference, pages 93-102. ACM, 2011.
12. G. Brown, T. Howe, M. Ihbe, A. Prakash, and K. Borders. Social networks and context-aware spam. In Proceedings of the 2008 ACM conference on Computer supported cooperative work, CSCW'08, pages 403-412, New York, NY, USA, 2008. ACM.
13. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in android. In Proceedings of the 9th international conference on Mobile systems, applications, and services, MobiSys'11, pages 239-252, New York, NY, USA, 2011. ACM.
14. R. Cialdini. Influence: science and practice. Allyn and Bacon, 2001.
15. P. F. Drucker. Landmarks of tomorrow: a report on the new "post-modern," world. Harper, New York, 1st edition, 1959.
16. S. Granger. Social Engineering Fundamentals, Part I: Hacker Tactics. SecurityFocus, 2001.
17. N. Gruschka and M. Jensen. Attack surfaces: A taxonomy for attacks on cloud services. In IEEE CLOUD, pages 276-279, 2010.
18. C. Herley and D. Florencio. Phishing as a Tragedy of the Commons. NSPW 2008, Lake Tahoe, CA, 2008.
19. M. Huber, S. Kowalski, M. Nohlberg, and S. Tjoa. Towards automating social engineering using social networking sites. In Computational Science and Engineering, 2009. CSE'09. International Conference on, Volume 3, pages 117-124. IEEE, 2009.
20. M. Huber, M. Mulazzani, M. Leithner, S. Schrittwieser, G. Wondracek, and E. Weippl. Social snapshots: digital forensics for online social networks. In Proceedings of the 27th Annual Computer Security Applications Conference, 2011.
21. M. Huber, M. Mulazzani, S. Schrittwieser, and E. Weippl. Cheap and automated socio-technical attacks based on social networking sites. In 3rd Workshop on Artificial Intelligence and Security (AISec'10), 10 2010.
22. M. Huber, M. Mulazzani, E. Weippl, G. Kitzler, and S. Goluch. Friend-in-the-middle attacks: Exploiting social networking sites for spam. IEEE Internet Computing: Special Issue on Security and Privacy in Social Networks, 5 2011.
23. D. Irani, M. Balduzzi, D. Balzarotti, E. Kirda, and C. Pu. Reverse social engineering attacks in online social networks. Detection of Intrusions and Malware, and Vulnerability Assessment, pages 55-74, 2011.
24. T. Jagatic, N. Johnson, M. Jakobsson, and F. Menczer. Social phishing. Communications of the ACM, 50(10): 94-100, 2007.
25. K. Krombholz, D. Merkl, and E. Weippl. Fake identities in social media: A case study on the sustainability of the facebook business model. JoSSR, 4(2): 175-212, 2012.
26. K. Marett, D. Biros, and M. Knode. Self-efficacy, Training Effectiveness, and Deception Detection: A Longitudinal Study of Lie Detection Training. lecture notes in computer science, 3073: 187-200, 2004.
27. K. Miller, J. Voas, and G. Hurlburt. Byod: Security and privacy considerations. IT Professional, 14(5): 53-55, 2012.
28. K. Mitnick and W. Simon. The Art of Deception: Controlling the Human Element of Security. Wiley, 2002.
29. M. Mulazzani, S. Schrittwieser, M. Leithner, M. Huber, and E. Weippl. Dark clouds on the horizon: using cloud storage as attack vector and online slack space. In Proceedings of the 20th USENIX conference on Security, SEC'11, pages 5-5, Berkeley, CA, USA, 2011. USENIX Association.
30. R. Nelson. Methods of Hacking: Social Engineering. online, 2008. Available at: http://www.isr.umd.edu/gemstone/infosec/ver2/papers/socialeng. html, last accessed on 2013-07-04.
31. K. Parsons, A. McCormac, M. Pattinson, M. Butavicius, and C. Jerram. Phishing for the truth: A scenario-based experiment of usersâǎ ź behavioural response to emails. In L. Janczewski, H. Wolfe, and S. Shenoi, editors, Security and Privacy Protection in Information Processing Systems, Volume 405 of IFIP Advances in Information and Communication Technology, pages 366-378. Springer Berlin Heidelberg, 2013.
32. N. Perlroth. Chinese hackers infiltrate new york times computers, Jan. 2013. available at https://www.nytimes.com/2013/01/31/technology/chinese- hackers-infiltrate-new-york-times-computers.html, last accessed on: 2013-07-01.
33. R. Potharaju, A. Newell, C. Nita-Rotaru, and X. Zhang. Plagiarizing smartphone applications: attack strategies and defense techniques. In Proceedings of the 4th international conference on Engineering Secure Software and Systems, ESSoS'12, pages 106-120, Berlin, Heidelberg, 2012. Springer-Verlag.
34. T. Qin and J. Burgoon. An Investigation of Heuristics of Human Judgment in Detecting Deception and Potential Implications in Countering Social Engineering. Intelligence and Security Informatics, 2007 IEEE, pages 152-159, 2007.
35. J. C. Roberts, II and W. Al-Hamdani. Who can you trust in the cloud? a review of security issues within cloud computing. In Proceedings of the 2011 Information Security Curriculum Development Conference, InfoSecCD'11, pages 15-19, New York, NY, USA, 2011. ACM.
36. S. Schrittwieser, P. Fruehwirt, P. Kieseberg, M. Leithner, M. Mulazzani, M. Huber, and E. Weippl. Guess Who Is Texting You? Evaluating the Security of Smartphone Messaging Applications. In Network and Distributed System Security Symposium (NDSS 2012), 2 2012.
37. SocialEngineer. What is phishing - paypal phishing examples. available online: http://www.socialengineer.org/wiki/archives/Phishing/PhishingPayPal. html, last accessed on 2013-07-04.
38. Sophos. Sophos facebook id probe shows 41% of users happy to reveal all to potential identity thieves, 2007. available online: http://www.sophos.com/en- us/pressoffice/press-releases/2007/08/facebook.aspx, last accessed on 2013-07-13.
39. S. Stasiukonis. Social Engineering, the USB Way. 2006. available at http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID= 208803634, last accessed on: 2013-07-02.
40. L. Tam, M. Glassman, and M. Vandenwauver. The psychology of password management: a tradeoff between security and convenience. Behav. Inf. Technol., 29(3): 233-244, May 2010.
41. H. Thompson. The human element of information security. Security Privacy, IEEE, 11(1): 32-35, 2013.