Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study
The advent of mobile technologies and social network applications has led to an increase in malicious scams and social engineering (SE) attacks which are causing loss of money and breaches of personal information. Understanding how SE attacks spread can provide useful information in curbing them. Ar...
Guardado en:
Autores principales: | , , |
---|---|
Formato: | article |
Lenguaje: | EN |
Publicado: |
MDPI AG
2021
|
Materias: | |
Acceso en línea: | https://doaj.org/article/f7e81988477e44c4bb6b33c47c414825 |
Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
id |
oai:doaj.org-article:f7e81988477e44c4bb6b33c47c414825 |
---|---|
record_format |
dspace |
spelling |
oai:doaj.org-article:f7e81988477e44c4bb6b33c47c4148252021-11-11T15:42:11ZInvestigating the Experience of Social Engineering Victims: Exploratory and User Testing Study10.3390/electronics102127092079-9292https://doaj.org/article/f7e81988477e44c4bb6b33c47c4148252021-11-01T00:00:00Zhttps://www.mdpi.com/2079-9292/10/21/2709https://doaj.org/toc/2079-9292The advent of mobile technologies and social network applications has led to an increase in malicious scams and social engineering (SE) attacks which are causing loss of money and breaches of personal information. Understanding how SE attacks spread can provide useful information in curbing them. Artificial Intelligence (AI) has demonstrated efficacy in detecting SE attacks, but the acceptability of such a detection approach is yet to be investigated across users with different levels of SE awareness. This paper conducted two studies: (1) exploratory study where qualitative data were collected from 20 victims of SE attacks to inform the development of an AI-based tool for detecting fraudulent messages; and (2) a user testing study with 48 participants with different occupations to determine the detection tool acceptability. Overall, six major themes emerged from the victims’ actions “experiences: reasons for falling for attacks; attack methods; advice on preventing attacks; detection methods; attack context and victims”. The user testing study showed that the AI-based tool was accepted by all users irrespective of their occupation. The categories of users’ occupations can be attributed to the level of SE awareness. Information security awareness should not be limited to organizational levels but extend to social media platforms as public information.Bilikis BanireDena Al ThaniYin YangMDPI AGarticlesocial engineeringexploratory studygrounded theoryuser testing studyElectronicsTK7800-8360ENElectronics, Vol 10, Iss 2709, p 2709 (2021) |
institution |
DOAJ |
collection |
DOAJ |
language |
EN |
topic |
social engineering exploratory study grounded theory user testing study Electronics TK7800-8360 |
spellingShingle |
social engineering exploratory study grounded theory user testing study Electronics TK7800-8360 Bilikis Banire Dena Al Thani Yin Yang Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study |
description |
The advent of mobile technologies and social network applications has led to an increase in malicious scams and social engineering (SE) attacks which are causing loss of money and breaches of personal information. Understanding how SE attacks spread can provide useful information in curbing them. Artificial Intelligence (AI) has demonstrated efficacy in detecting SE attacks, but the acceptability of such a detection approach is yet to be investigated across users with different levels of SE awareness. This paper conducted two studies: (1) exploratory study where qualitative data were collected from 20 victims of SE attacks to inform the development of an AI-based tool for detecting fraudulent messages; and (2) a user testing study with 48 participants with different occupations to determine the detection tool acceptability. Overall, six major themes emerged from the victims’ actions “experiences: reasons for falling for attacks; attack methods; advice on preventing attacks; detection methods; attack context and victims”. The user testing study showed that the AI-based tool was accepted by all users irrespective of their occupation. The categories of users’ occupations can be attributed to the level of SE awareness. Information security awareness should not be limited to organizational levels but extend to social media platforms as public information. |
format |
article |
author |
Bilikis Banire Dena Al Thani Yin Yang |
author_facet |
Bilikis Banire Dena Al Thani Yin Yang |
author_sort |
Bilikis Banire |
title |
Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study |
title_short |
Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study |
title_full |
Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study |
title_fullStr |
Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study |
title_full_unstemmed |
Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study |
title_sort |
investigating the experience of social engineering victims: exploratory and user testing study |
publisher |
MDPI AG |
publishDate |
2021 |
url |
https://doaj.org/article/f7e81988477e44c4bb6b33c47c414825 |
work_keys_str_mv |
AT bilikisbanire investigatingtheexperienceofsocialengineeringvictimsexploratoryandusertestingstudy AT denaalthani investigatingtheexperienceofsocialengineeringvictimsexploratoryandusertestingstudy AT yinyang investigatingtheexperienceofsocialengineeringvictimsexploratoryandusertestingstudy |
_version_ |
1718434124717359104 |