Defensive Tactics to Deal with Psychological Manipulation in the Field of Information Security

Document Type : Original Article

Authors

1 Allameh Tabataba'i University

2 Scientific Department of Communication

Abstract

Social engineering, which is referred to as the psychological manipulation of people in the field of information and cyber security, is a concept formed based on the exploitation of human             vulnerabilities and thus creates a special type of attack which is formed on the basis of human characteristics and existing damages. The concept has become more useful and important due to the development of information and communications technology. Moreover, social engineering attacks are low-cost, highly effective, and, in their simplicity, they have certain elegance and   complexities due to their human-centered nature. All these facts have caused security and military to have the same characteristics against these attacks and become more important. Hence, this paper addresses the concept and its different aspects and then, recommends military solutions for it intending to find proper tactics to provide a defense against social engineering attacks.
 

Keywords


Smiley face

[1] L. Janczewski, “Social engineering based-attacks Model & New Zealand perspective”, Computer science & information technology, 2010.
[2] B. Oosterloo, “Managing social engineering risk”, Atos consulting,  p. 27, 2008.
[3] A. A. Taghipour, A. Mashayekhi, and P. Ahmadi Dehrashid, “Assessing Citizen’s Attitudes Toward Security in Cyberspace with a Passive Defense Approach”, Scientific Journal of Passive Defense, no. 52, Winter 2023. (In Persian)
[4] S. Heikkinen, “Social engineering in the world of emerging communication technologies”, Tampere university of technology, 2007.
[5] RSA, “Social engineering & cyber attacks”, RSA, 2011
[6] N. Pavkovic and L. Perkov, “Social engineering toolkit- A systematic approach to social engineering”, Ruder boskovic institute, 2011.
[7] R. Brody, W. Brizzee, and L. Cano, “Flying under the radar: social engineering”, International journal of accounting & information management, 2012.
[8] B. Oosterloo, “Managing social engineering risk”, Atos consulting, p. 18, 2008.
[9] R. Cialdini, “Influence”, G. Ghasem zadeh, Tehran: Hoormazd, 7 ed., 2022. (In Persian)
[10] R. J. Anderson, “Security engineering: a guide to building dependable distributed systems” (2 ed.), Indianapolis, IN: Wiley. p. 1040. ISBN 978-0-470-06852-6. Chapter 2, p. 17, 2008.
[11] Security Through Education, “Social Engineering Defined”, Security Through Education,
[12] George Washington university, “Social engineering – GW Information Security”, www.gwu.edu, George Washington university, Washington D.C., 2020.
[13] B. Kirdemir, “Hostile Influence and Emerging Cognitive Threats  in Cyberspace”, Centre for Economics and Foreign Policy Studies, 2019.
[14] I. Austen, “On EBay, E-Mail Phishers Find a Well-Stocked Pond”, The New York Times, ISSN 0362-4331, 7 March 2005.
[15] K. Steinmetz, F. Holt, and J. Thomas, “Falling for Social Engineering: A Qualitative Analysis of Social Engineering Policy Recommendations”, Social Science Computer Review: 5 August 2022, doi:10.1177/08944393221117501, ISSN 0894-4393, S2CID 251420893, 2022.
[16] FireEye, “The Real Dangers of Spear-Phishing Attacks”, FireEye Inc, 2016.
[17] F. Davani, “The story of HP pretexting scandal with discussion” is available at Davani, Faraz (14 August 2011), "HP Pretexting Scandal by Faraz Davani”, 2011.
[18] Federal Trade Commission, “Pretexting: Your Personal Information Revealed”, Federal Trade Commission, 2022.
[19] J. Fagone, "The Serial Swatter", The New York Times, 24 November 2015.
[20] Invincea, “Chinese Espionage Campaign Compromises Forbes.com to Target US Defense, Financial Services Companies in Watering Hole Style Attack”, invincea.com, 10 February 2015.
[21] W. Conklin, A. Greg, C. Cothren, R. Davis, and D. Williams, “Principles of Computer Security”, Fourth Edition (Official Comptia Guide), New York: McGraw-Hill Education, pp. 193–194, ISBN 978-0071835978, 2015.
[22] D. Raywood, “#BHUSA Dropped USB Experiment Detailed”, info security, 4 August 2016.
[23] J. Leyden, “Office workers give away passwords”, 18 April 2003.
[24] BBC, “Passwords revealed by sweet deal”, BBC News, 20 April 2014.
[25] F. Mouton, M. Malan, and H. S. Venter, “Social engineering from a normative ethics perspective”, University of petroria, 2013.
[26] A. Podhradsky and C. Casy, “Xbox 360 hoaxes, social engineering and gamer tag exploits”, 2013.
[27] R. Cressey and M. Nayfeh, “Cyber capabilities in the middle east”, Booz Allen Hamilton Inc, 2012.
[28] R. Chapman and C. Hannigan, (n.d.), “Social engineering networks”, 2014.
 [29] Trend Micro, “How social engineering works. Trend Micro”, www.trendmicro.com, 2012.
[30] M. Bada and J. Nurse, “The social and psychological impact of cyberattacks”, Academic press, 2019.
[31] T. Bakhshi, M. Papadaki, and S. Furnell, “Social engineering: assessing vulnerabilities in practice”, Information management & computer security, 2009.
[32] T. Thornburgh, “Social engineering: The Dark Art”, Kennesaw state university, 2012.
[33] A. Chantler, “Social engineering & crime prevention in cyberspace”, 2006.
[34] Enisa, “Social engineering: The weakest link”, Enisa Inc, 2008.
[35] B. Oosterloo, “Managing social engineering risk”, Atos consulting, p. 53, 2008.
[36] J. Treglia and M. Delia, “Cyber Security Inoculation”, Presented at NYS Cyber Security Conference, Empire State Plaza Convention Center, Albany, NY, 3–4 June, 2017.             
[37] B. Oosterloo, “Managing social engineering risk”, Atos consulting, p. 60, 2008.
[38] Verizon, “Data breach investigation”, Verizon Inc, 2012.
[39] M. Adler and E. Ziglio, “Gazing Into the Oracle: The Delphi Method and Its Application to Social Policy and Public Health”, Jessica Kingsley Publishers, p. 12, 1996.
[40] G. Rowe and G. Right, “Expert Opinions in Forecasting. Role of the Delphi Technique”, Principles of Forecasting: A Handbook of Researchers and Practitioners. International Series in Operations Research & Management Science, Vol. 30, Boston: Kluwer Academic Publishers, pp: 125–144, 2001.
[41] E. Taylor, “We Agree, Don't We? The Delphi Method for Health Environments Research”, HERD, 13 (1), pp: 11–23, 2020