Search results

This study aimed to investigate how honest participants perceived an attacker to be during shoulder surfing scenarios that varied in terms of which Principle of Persuasion in Social Engineering (PPSE) was used, whether perceived honesty changed as scenarios progressed, and whether any changes were greater in some scenarios than others.

Participants read one of six shoulder surfing scenarios. Five depicted an attacker using one of the PPSEs. The other depicted an attacker using as few PPSEs as possible, which served as a control condition. Participants then rated perceived attacker honesty.

The results revealed honesty ratings in each condition were equal during the beginning of the conversation, participants in each condition perceived the attacker to be honest during the beginning of the conversation, perceived attacker honesty declined when the attacker requested the target perform an action that would afford shoulder surfing, perceived attacker honesty declined more when the Distraction and Social Proof PPSEs were used, participants perceived the attacker to be dishonest when making such requests using the Distraction and Social Proof PPSEs and perceived attacker honesty did not change when the attacker used the target’s computer.

To the best of the authors’ knowledge, this experiment is the first to investigate how persuasion tactics affect perceptions of attackers during shoulder surfing attacks. These results have important implications for shoulder surfing prevention training programs and penetration tests.

This study aims to examine how social engineers use persuasion principles during vishing attacks.

In total, 86 examples of real-world vishing attacks were found in articles and videos. Each example was coded to determine which persuasion principles were present in that attack and how they were implemented, i.e. what specific elements of the attack contributed to the presence of each persuasion principle.

Authority (A), social proof (S) and distraction (D) were the most widely used persuasion principles in vishing attacks, followed by liking, similarity and deception (L). These four persuasion principles occurred in a majority of vishing attacks, while commitment, reciprocation and consistency (C) did not. Further, certain sets of persuasion principles (i.e. authority, distraction, liking, similarity, and deception and social proof; , authority, commitment, reciprocation, and consistency, distraction, liking, similarity and deception, and social proof; and authority, distraction and social proof) were used more than others. It was noteworthy that despite their similarities, those sets of persuasion principles were implemented in different ways, and certain specific ways of implementing certain persuasion principles (e.g. vishers claiming to have authority over the victim) were quite rare.

To the best of authors’ knowledge, this study is the first to investigate how social engineers use persuasion principles during vishing attacks. As such, it provides important insight into how social engineers implement vishing attacks and lays a critical foundation for future research investigating the psychological aspects of vishing attacks. The present results have important implications for vishing countermeasures and education.

Nonexperts do not always follow the advice in cybersecurity warning messages. To increase compliance, it is recommended that warning messages use nontechnical language, describe how the cyberattack will affect the user personally and do so in a way that aligns with how the user thinks about cyberattacks. Implementing those recommendations requires an understanding of how nonexperts think about cyberattack consequences. Unfortunately, research has yet to reveal nonexperts’ thinking about cyberattack consequences. Toward that end, the purpose of this study was to examine how nonexperts think about cyberattack consequences.

Nonexperts sorted cyberattack consequences based on perceived similarity and labeled each group based on the reason those grouped consequences were perceived to be similar. Participants’ labels were analyzed to understand the general themes and the specific features that are present in nonexperts’ thinking.

The results suggested participants mainly thought about cyberattack consequences in terms of what the attacker is doing and what will be affected. Further, the results suggested participants thought about certain aspects of the consequences in concrete terms and other aspects of the consequences in general terms.

This research illuminates how nonexperts think about cyberattack consequences. This paper also reveals what aspects of nonexperts’ thinking are more or less concrete and identifies specific terminology that can be used to describe aspects that fall into each case. Such information allows one to align warning messages to nonexperts’ thinking in more nuanced ways than would otherwise be possible.

Not many weeks back, according to newspaper reports, three members of the library staff of the School of Slavonic and East European Studies in London were dismissed. All had refused to carry out issue desk duty. All, according to the newspaper account, were members of ASTMS. None, according to the Library Association yearbook, was a member of the appropriate professional organisation for librarians in Great Britain.

Aarhus Kommunes Biblioteker (Teknisk Bibliotek), Ingerslevs Plads 7, Aarhus, Denmark. Representative: V. NEDERGAARD PEDERSEN (Librarian).

A non-governmental organisation (NGO) with schools in Sierra Leone prioritises admission of the most disadvantaged children but nevertheless achieves high educational and social standards. These schools were asked to provide continuing professional development and learning (CPDL) for other schools. This paper aims to report the design, development and delivery of CPDL which aimed to mobilise effective practices more widely. It also reports the design and results of an impact evaluation.

It was recognised that CPDL delivered by foreigners would be (1) unaffordable in this impoverished West African country and (2) culturally inappropriate. It was therefore delivered by local teachers from the NGO's own schools. Most had obtained no formal teaching qualification. They were trained to collect data using a quasi-experimental design for an impact evaluation of children's attendance and literacy. A total of five schools participated in the CPDL, with ten control schools.

A largely unqualified team succeeded in mobilising knowledge in the experimental schools. Children's attendance in experimental schools improved over that in control schools. Performance in literacy also improved significantly and was maintained at follow-up.

Findings of the impact evaluation are seen as indicative rather than causal because a quasi-experimental study was conducted rather than a randomised controlled trial.

This lies in (1) teachers in schools with a severely disadvantaged intake providing a structured programme of CPDL for teachers in other schools; (2) school improvement through knowledge mobilisation in CPDL; (3) an impact evaluation with a quasi-experimental design showing improvement in children's performance.

Concerns of nursing literature today reflect the aspirations and changing character of the profession as it seeks to: