Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

6 Citations (Scopus)
200 Downloads (Pure)

Abstract

The objective of this study is to get insight into the effectiveness of an information campaign to counter a social engineering attack via the telephone. Four different offenders phoned 48 employees and made them believe that their PC was distributing spam emails. Targets were told that this unfortunate situation could be solved by downloading and executing software from a website (i.e. an untrusted one). A total of 46.15 % of the employees not exposed to the intervention followed the instructions of the offender. This was significantly different to those exposed to an intervention 1 week prior to the attack (9.1%); however there was no effect for those exposed to an intervention 2 weeks prior to the attack (54.6%). This research suggests that scam awareness-raising campaigns reduce vulnerability only in the short term.
Original languageUndefined
Title of host publicationProceedings of the inaugural Singapore Cyber Security R&D Conference (SG-CRC 2016)
EditorsA. Mathur, A. Roychoudhury
Place of PublicationAmsterdam
PublisherIOS Press
Pages107-114
Number of pages6
ISBN (Print)978-1-61499-616-3
DOIs
Publication statusPublished - Jan 2016

Publication series

NameCryptology and Information Security Series
PublisherIOS Press
Volume14
ISSN (Print)1871-6431

Keywords

  • SCS-Cybersecurity
  • EC Grant Agreement nr.: FP7/2007-2013
  • EC Grant Agreement nr.: FP7/318003
  • Retention
  • Scam
  • Training
  • IR-98314
  • Social Engineering
  • Time
  • EWI-26500
  • Awareness
  • Decay
  • METIS-315056
  • Telephone

Cite this

Bullee, J-W., Montoya, L., Junger, M., & Hartel, P. H. (2016). Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention. In A. Mathur, & A. Roychoudhury (Eds.), Proceedings of the inaugural Singapore Cyber Security R&D Conference (SG-CRC 2016) (pp. 107-114). (Cryptology and Information Security Series; Vol. 14). Amsterdam: IOS Press. https://doi.org/10.3233/978-1-61499-617-0-107
Bullee, Jan-Willem ; Montoya, L. ; Junger, Marianne ; Hartel, Pieter H. / Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention. Proceedings of the inaugural Singapore Cyber Security R&D Conference (SG-CRC 2016). editor / A. Mathur ; A. Roychoudhury. Amsterdam : IOS Press, 2016. pp. 107-114 (Cryptology and Information Security Series).
@inproceedings{7195aa285db44bb8bf844a027155a1cf,
title = "Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention",
abstract = "The objective of this study is to get insight into the effectiveness of an information campaign to counter a social engineering attack via the telephone. Four different offenders phoned 48 employees and made them believe that their PC was distributing spam emails. Targets were told that this unfortunate situation could be solved by downloading and executing software from a website (i.e. an untrusted one). A total of 46.15 {\%} of the employees not exposed to the intervention followed the instructions of the offender. This was significantly different to those exposed to an intervention 1 week prior to the attack (9.1{\%}); however there was no effect for those exposed to an intervention 2 weeks prior to the attack (54.6{\%}). This research suggests that scam awareness-raising campaigns reduce vulnerability only in the short term.",
keywords = "SCS-Cybersecurity, EC Grant Agreement nr.: FP7/2007-2013, EC Grant Agreement nr.: FP7/318003, Retention, Scam, Training, IR-98314, Social Engineering, Time, EWI-26500, Awareness, Decay, METIS-315056, Telephone",
author = "Jan-Willem Bullee and L. Montoya and Marianne Junger and Hartel, {Pieter H.}",
note = "Foreground = 100{\%}; Type of activity = conference; Main leader =UT; Type of audience = scientific community, industry; Size of audience = 150; Countries addressed = international;",
year = "2016",
month = "1",
doi = "10.3233/978-1-61499-617-0-107",
language = "Undefined",
isbn = "978-1-61499-616-3",
series = "Cryptology and Information Security Series",
publisher = "IOS Press",
pages = "107--114",
editor = "A. Mathur and A. Roychoudhury",
booktitle = "Proceedings of the inaugural Singapore Cyber Security R&D Conference (SG-CRC 2016)",
address = "Netherlands",

}

Bullee, J-W, Montoya, L, Junger, M & Hartel, PH 2016, Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention. in A Mathur & A Roychoudhury (eds), Proceedings of the inaugural Singapore Cyber Security R&D Conference (SG-CRC 2016). Cryptology and Information Security Series, vol. 14, IOS Press, Amsterdam, pp. 107-114. https://doi.org/10.3233/978-1-61499-617-0-107

Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention. / Bullee, Jan-Willem; Montoya, L.; Junger, Marianne; Hartel, Pieter H.

Proceedings of the inaugural Singapore Cyber Security R&D Conference (SG-CRC 2016). ed. / A. Mathur; A. Roychoudhury. Amsterdam : IOS Press, 2016. p. 107-114 (Cryptology and Information Security Series; Vol. 14).

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention

AU - Bullee, Jan-Willem

AU - Montoya, L.

AU - Junger, Marianne

AU - Hartel, Pieter H.

N1 - Foreground = 100%; Type of activity = conference; Main leader =UT; Type of audience = scientific community, industry; Size of audience = 150; Countries addressed = international;

PY - 2016/1

Y1 - 2016/1

N2 - The objective of this study is to get insight into the effectiveness of an information campaign to counter a social engineering attack via the telephone. Four different offenders phoned 48 employees and made them believe that their PC was distributing spam emails. Targets were told that this unfortunate situation could be solved by downloading and executing software from a website (i.e. an untrusted one). A total of 46.15 % of the employees not exposed to the intervention followed the instructions of the offender. This was significantly different to those exposed to an intervention 1 week prior to the attack (9.1%); however there was no effect for those exposed to an intervention 2 weeks prior to the attack (54.6%). This research suggests that scam awareness-raising campaigns reduce vulnerability only in the short term.

AB - The objective of this study is to get insight into the effectiveness of an information campaign to counter a social engineering attack via the telephone. Four different offenders phoned 48 employees and made them believe that their PC was distributing spam emails. Targets were told that this unfortunate situation could be solved by downloading and executing software from a website (i.e. an untrusted one). A total of 46.15 % of the employees not exposed to the intervention followed the instructions of the offender. This was significantly different to those exposed to an intervention 1 week prior to the attack (9.1%); however there was no effect for those exposed to an intervention 2 weeks prior to the attack (54.6%). This research suggests that scam awareness-raising campaigns reduce vulnerability only in the short term.

KW - SCS-Cybersecurity

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - EC Grant Agreement nr.: FP7/318003

KW - Retention

KW - Scam

KW - Training

KW - IR-98314

KW - Social Engineering

KW - Time

KW - EWI-26500

KW - Awareness

KW - Decay

KW - METIS-315056

KW - Telephone

U2 - 10.3233/978-1-61499-617-0-107

DO - 10.3233/978-1-61499-617-0-107

M3 - Conference contribution

SN - 978-1-61499-616-3

T3 - Cryptology and Information Security Series

SP - 107

EP - 114

BT - Proceedings of the inaugural Singapore Cyber Security R&D Conference (SG-CRC 2016)

A2 - Mathur, A.

A2 - Roychoudhury, A.

PB - IOS Press

CY - Amsterdam

ER -

Bullee J-W, Montoya L, Junger M, Hartel PH. Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention. In Mathur A, Roychoudhury A, editors, Proceedings of the inaugural Singapore Cyber Security R&D Conference (SG-CRC 2016). Amsterdam: IOS Press. 2016. p. 107-114. (Cryptology and Information Security Series). https://doi.org/10.3233/978-1-61499-617-0-107