Search results

1 – 1 of 1
Per page
102050
Citations:
Loading...
Access Restricted. View access options
Article
Publication date: 20 March 2009

Taimur Bakhshi, Maria Papadaki and Steven Furnell

The purpose of this paper is to investigate the level of susceptibility to social engineering amongst staff within a cooperating organisation.

2205

Abstract

Purpose

The purpose of this paper is to investigate the level of susceptibility to social engineering amongst staff within a cooperating organisation.

Design/methodology/approach

An e‐mail‐based experiment was conducted, in which 152 staff members were sent a message asking them to follow a link to an external web site and install a claimed software update. The message utilised a number of social engineering techniques, but was also designed to convey signs of a deception in order to alert security‐aware users. The external web site, to which the link was pointing, was intentionally badly designed in the hope of raising the users' suspicions and preventing them from proceeding with the software installation.

Findings

In spite of a short window of operation for the experiment, the results revealed that 23 per‐cent of recipients were fooled by the attack, suggesting that many users lack a baseline level of security awareness that is useful to protect them online.

Research limitations/implications

After running for approximately 3.5 h, the experiment was ceased, after a request from the organisation's IT department. Thus, the correct percentage of unique visits is likely to have been higher. Also, the mailings were sent towards the end of a working day, thus limiting the number of people who got to read and respond to the message before the experiment was ended.

Practical implications

Despite its limitations, the experiment clearly revealed a significant level of vulnerability to social engineering attacks. As a consequence, the need to raise user awareness of social engineering and the related techniques is crucial.

Originality/value

This paper provides further evidence of users' susceptibility to the problems, by presenting the results of an e‐mail‐based social engineering study that was conducted amongst staff within a cooperating organisation.

Details

Information Management & Computer Security, vol. 17 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

1 – 1 of 1
Per page
102050