Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study

The advent of mobile technologies and social network applications has led to an increase in malicious scams and social engineering (SE) attacks which are causing loss of money and breaches of personal information. Understanding how SE attacks spread can provide useful information in curbing them. Ar...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Bilikis Banire, Dena Al Thani, Yin Yang
Formato: article
Lenguaje:EN
Publicado: MDPI AG 2021
Materias:
Acceso en línea:https://doaj.org/article/f7e81988477e44c4bb6b33c47c414825
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:f7e81988477e44c4bb6b33c47c414825
record_format dspace
spelling oai:doaj.org-article:f7e81988477e44c4bb6b33c47c4148252021-11-11T15:42:11ZInvestigating the Experience of Social Engineering Victims: Exploratory and User Testing Study10.3390/electronics102127092079-9292https://doaj.org/article/f7e81988477e44c4bb6b33c47c4148252021-11-01T00:00:00Zhttps://www.mdpi.com/2079-9292/10/21/2709https://doaj.org/toc/2079-9292The advent of mobile technologies and social network applications has led to an increase in malicious scams and social engineering (SE) attacks which are causing loss of money and breaches of personal information. Understanding how SE attacks spread can provide useful information in curbing them. Artificial Intelligence (AI) has demonstrated efficacy in detecting SE attacks, but the acceptability of such a detection approach is yet to be investigated across users with different levels of SE awareness. This paper conducted two studies: (1) exploratory study where qualitative data were collected from 20 victims of SE attacks to inform the development of an AI-based tool for detecting fraudulent messages; and (2) a user testing study with 48 participants with different occupations to determine the detection tool acceptability. Overall, six major themes emerged from the victims’ actions “experiences: reasons for falling for attacks; attack methods; advice on preventing attacks; detection methods; attack context and victims”. The user testing study showed that the AI-based tool was accepted by all users irrespective of their occupation. The categories of users’ occupations can be attributed to the level of SE awareness. Information security awareness should not be limited to organizational levels but extend to social media platforms as public information.Bilikis BanireDena Al ThaniYin YangMDPI AGarticlesocial engineeringexploratory studygrounded theoryuser testing studyElectronicsTK7800-8360ENElectronics, Vol 10, Iss 2709, p 2709 (2021)
institution DOAJ
collection DOAJ
language EN
topic social engineering
exploratory study
grounded theory
user testing study
Electronics
TK7800-8360
spellingShingle social engineering
exploratory study
grounded theory
user testing study
Electronics
TK7800-8360
Bilikis Banire
Dena Al Thani
Yin Yang
Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study
description The advent of mobile technologies and social network applications has led to an increase in malicious scams and social engineering (SE) attacks which are causing loss of money and breaches of personal information. Understanding how SE attacks spread can provide useful information in curbing them. Artificial Intelligence (AI) has demonstrated efficacy in detecting SE attacks, but the acceptability of such a detection approach is yet to be investigated across users with different levels of SE awareness. This paper conducted two studies: (1) exploratory study where qualitative data were collected from 20 victims of SE attacks to inform the development of an AI-based tool for detecting fraudulent messages; and (2) a user testing study with 48 participants with different occupations to determine the detection tool acceptability. Overall, six major themes emerged from the victims’ actions “experiences: reasons for falling for attacks; attack methods; advice on preventing attacks; detection methods; attack context and victims”. The user testing study showed that the AI-based tool was accepted by all users irrespective of their occupation. The categories of users’ occupations can be attributed to the level of SE awareness. Information security awareness should not be limited to organizational levels but extend to social media platforms as public information.
format article
author Bilikis Banire
Dena Al Thani
Yin Yang
author_facet Bilikis Banire
Dena Al Thani
Yin Yang
author_sort Bilikis Banire
title Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study
title_short Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study
title_full Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study
title_fullStr Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study
title_full_unstemmed Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study
title_sort investigating the experience of social engineering victims: exploratory and user testing study
publisher MDPI AG
publishDate 2021
url https://doaj.org/article/f7e81988477e44c4bb6b33c47c414825
work_keys_str_mv AT bilikisbanire investigatingtheexperienceofsocialengineeringvictimsexploratoryandusertestingstudy
AT denaalthani investigatingtheexperienceofsocialengineeringvictimsexploratoryandusertestingstudy
AT yinyang investigatingtheexperienceofsocialengineeringvictimsexploratoryandusertestingstudy
_version_ 1718434124717359104