The cycle of deception - A model of social engineering attacks, defences and victims

Proceedings of the 2nd International Symposium on Human Aspects of Information Security and Assurance, HAISA 2008

Volumn , Issue , 2008, Pages 1-11

  Nohlberg, M ^a   Kowalski, S ^b  

^a UNIVERSITY OF SKÖVDE   (Sweden)

^b ROYAL INSTITUTE OF TECHNOLOGY   (Sweden)

Author keywords

Computer crime; Deception; Fraud; Security models; Social engineering

Indexed keywords

COMPUTER CRIME; SECURITY OF DATA;

DECEPTION; ECONOMICAL ASPECTS; FRAUD; LITERATURE STUDIES; RESEARCH APPROACH; SECURITY MODEL; SOCIAL ENGINEERING;

CRIME;

EID: 84926018906     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (16)

1. Adams A. and Sasse M. (1999), Users are not the Enemy: Why users compromise computer security mechanisms and how to take remedial measures, Commun. ACM 42.
2. Brostoff S., Sasse A. and Weirich D. (2002), Transforming the "weakest link": A Humancomputer Interaction Approach to Usable and Effective Security, BT Technology Journal 19(3), 122-131.
3. Cialdini, R. (1993), Influence: the psychology of persuasion. New York, Quill, ISBN: 0688128165.
4. Dalrymple, M. (2005), Auditors Find IRS Workers Prone to Hackers. [Online]. AP. Available from: http://sfgate.com/cgi-bin/article.cgi?file=/news/archive/2005/03/16/national/w162055S07. DTL, (Accessed 6 Mar. 2006)
5. De Melo, D. (2007), Sutherland's Differential Association. [Online]. Available from: http://home.comcast.net/~ddemelo/crime/differ.html, (Accessed 29 Jan 2007)
6. Ferrell, J. (1995), Culture, Crime, and Cultural Criminology. Journal of Criminal Justice and Popular Culture, 3 (2) (1995) 25-42.
7. Jordan, J. and Goudey, H. (2005), The signs, signifiers and semiotics of the successful semantic attack. Presented at the 14th Annual EICAR Conference, St. Juliens/Valletta, Malta, 2005.
8. Kowalski, S. (1994), IT Insecurity: A Multi-disciplinary Inquiry. Diss. University of Stockholm. Report series No. 94-040, Stockholm.
9. Kowalski, S. (2002), Value Based Risk Assessment: The Key to a Successful Security Target for the Telecommunication Industry, 3rd International Common Criteria Conference (ICCC) Ottawa, 2002.
10. May, T. (2001), Social Research: Issues, Methods and Process. Buckingham: Open University Press, ISBN: 0335206123.
11. Mitnick, K. (2002), The Art of deception. Indianapolis: Wiley Publishing, Inc., ISBN: 076454280X.
12. O'Connell, R. (2003), A typology of child cybersexploitation and online grooming practices. [Online]. University of Central Lancashire: Preston. Available at: http://www.uclan. ac.uk/host/cru/docs/cru010.pdf, (Accessed 11 Dec. 2007)
13. Pfleeger, C. and Pfleeger, S. H. (2003), Security in Computing (3rd ed). Upper Saddle River: Prentice Hall, ISBN: 0130355488.
14. Tanneeru, M. (2005) A convicted hacker debunks some myths. [Online]. CNN. Available at: http://edition. cnn. com/2005/TECH/internet/10/07/kevin. mitnick.cnna/index.html (Accessed 28 Mar. 2008)
15. The Local (2005), Man sexually abused "at least sixty girls". [Online]. Available at: http://www.thelocal.se/2756/20051228, (Accessed 1 Dec. 2007)
16. Winkler, I. and Dealt, B. (1995), Information Security Technology?... Don't rely on it A case Study in Social Engineering. [Online]. Proceedings of the Fifth USENIX UNIX Security Symposium. Available at: http://www.usenix.org/publications/library/proceedings/security95/full-papers/winkler.ps, (Accessed 12 Apr. 2004)