Abstract
Social engineering is een aanvalstechniek waarin misleiding en bedrog worden gebruikt om doelwitten actief te laten meewerken aan hun eigen slachtofferschap. In dit artikel wordt aan de hand van een praktisch voorbeeld en bijbehorende heorieën inzicht gegeven in social engineering-praktijken. Daarnaast zal er ook orden ingegaan op een drietal experimenten (i.e. face-to-face, telefoon en e-mail) waarin systematisch onderzoek naar dit gevaar centraal staat. De resultaten geven inzicht in hoe kwetsbaar een organisatie is voor social engineering en welke medewerkers het meeste baat hebben bij een bewustwordingscampagne.
Social engineering is the usage of social manipulation and psychological tricks to make the targets assist offenders in their attack. This paper aimed to discuss the success of social engineering attacks and interventions in an organisational setting. Three kinds of social engineering experiments were discussed, each using a different modality (i.e. face-to-face (f2f), email and telephone). In each experiment, the targets (i.e. participants) were persuaded to perform actions that contribute to their victimisation.
A portion of the participants in both the f2f and telephone experiment received an intervention to reduce victimisation. The conclusion is that awareness raising about dangers, characteristics and countermeasures related to social engineering proved to have a significant positive effect on protecting the target. The results of these experiments allow practitioners to focus awareness campaigns to maximise their effectiveness
Social engineering is the usage of social manipulation and psychological tricks to make the targets assist offenders in their attack. This paper aimed to discuss the success of social engineering attacks and interventions in an organisational setting. Three kinds of social engineering experiments were discussed, each using a different modality (i.e. face-to-face (f2f), email and telephone). In each experiment, the targets (i.e. participants) were persuaded to perform actions that contribute to their victimisation.
A portion of the participants in both the f2f and telephone experiment received an intervention to reduce victimisation. The conclusion is that awareness raising about dangers, characteristics and countermeasures related to social engineering proved to have a significant positive effect on protecting the target. The results of these experiments allow practitioners to focus awareness campaigns to maximise their effectiveness
Original language | English |
---|---|
Pages (from-to) | 40-53 |
Number of pages | 14 |
Journal | Tijdschrift voor veiligheid |
Volume | 17 |
Issue number | 1-2 |
DOIs | |
Publication status | Published - 2018 |