Skip to main content
SpringerLink
Log in

A Study of Targeted Telephone Scams Involving Live Attackers

  • Conference paper
  • First Online:
Socio-Technical Aspects in Security and Trust (STAST 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12812))

  • 574 Accesses

Abstract

We present the results of a research study in which participants were subjected to social engineering attacks via telephone, telephone scams, in order to determine the features of scams which people are most susceptible to. The study has involved 186 university participants who were attacked with one of 27 different attack scripts which span different independent variables including the pretext used and the method of elicitation. In order to ensure informed consent, each participant was warned that they would receive a scam phone call within 3 months. One independent variable used is the time between the warning and launching the scam. In spite of this warning, a large fraction of participants were still deceived by the scam.

A limitation to research in the study of telephone scams is the lack of a dataset of real phone scams for examination. Each phone call in our study was recorded and we present the dataset of these recordings, and their transcripts. To our knowledge, there is no similar publicly-available dataset or phone scams. We hope that our dataset will support future research in phone scams and their detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aburrous, M.R., Hossain, M.A., Dahal, K.P., Thabtah, F.A.: Experimental case studies for investigating e-banking phishing techniques and attack strategies. Cogn. Comput. 2, 242–253 (2010)

    Article  Google Scholar 

  2. Bakhshi, T., Papadaki, M., Furnell, S.: A practical assessment of social engineering vulnerabilities. In: HAISA (2008)

    Google Scholar 

  3. Das, A., Baki, S., El. Aassal, A., Verma, R., Dunbar, A.: SoK: a comprehensive reexamination of phishing research from the security perspective. IEEE Commun. Surv. Tutor. 22, 671–708 (2019)

    Article  Google Scholar 

  4. Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (2006)

    Google Scholar 

  5. Ebbinghaus, H.: Memory: A Contribution to Experimental Psychology. Teachers College, Columbia University, New York (1913)

    Google Scholar 

  6. Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (2008)

    Google Scholar 

  7. Greening, T.: Ask and ye shall receive: a study in “social engineering’’. SIGSAC Rev. 14(2), 8–14 (1996)

    Article  Google Scholar 

  8. Hadnagy, C., Wilson, P.: Social Engineering: The Art of Human Hacking. Wiley, Hoboken (2010)

    Google Scholar 

  9. Hadnagy, C.: Social Engineering The Art of Human Hacking. Wiley, Hoboken (2011)

    Google Scholar 

  10. Roediger III, H.L., Karpicke, J.D.: The power of testing memory: basic research and implications for educational practice. Perspect. Psychol. Sci. 1(3), 181–210 (2006)

    Article  Google Scholar 

  11. Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Commun. ACM 50(10), 94–100 (2007)

    Article  Google Scholar 

  12. Jakobsson, M., Johnson, N., Finn, P.: Why and how to perform fraud experiments. IEEE Secur. Privacy 6(2), 66–68 (2008)

    Article  Google Scholar 

  13. Karakasiliotis, A., Furnell, S.M., Papadaki, M.: Assessing end-user awareness of social engineering and phishing. In: Australian Information Warfare and Security Conference (2006)

    Google Scholar 

  14. Kok, K.F.: 2019 U.S. spam & scam report. Truecaller Insights, April 2019. https://truecaller.blog/2019/04/17/truecaller-insights-2019-us-spam-phone-scam-report/. Accessed 17 Feb 2020

  15. Mitnick, K., Simon, W.: The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers. Wiley, Hoboken (2009)

    Google Scholar 

  16. Mitnick, K.: The Art of Deception. Wiley, New York (2003)

    Google Scholar 

  17. Olson, E.: When answering the phone exposes you to fraud. New York Times, December 2018. https://www.nytimes.com/2018/12/07/business/fraud-robocalls-spoofing.html. Accessed 11 June 2020

  18. Orgill, G.L., Romney, G.W., Bailey, M.G., Orgill, P.M.: The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems. In: Proceedings of the 5th Conference on Information Technology Education (2004)

    Google Scholar 

  19. Ethical principles of psychologists and code of conduct, June 2010

    Google Scholar 

  20. Scamalot. http://scamalot.com. Accessed 11 Oct 2017

  21. Scamdex. www.scamdex.com. Accessed 11 Oct 2017

  22. Scamwarners. scamwarners.com. Accessed 11 Oct 2017

  23. Scheeres, J.: Establishing the human firewall: reducing an individual’s vulnerability to social engineering attacks. Biblioscholar (2012)

    Google Scholar 

  24. Shaban, H.: Nearly half of cellphone calls will be scams by 2019, report says. The Washington Post, September 2018. https://www.washingtonpost.com/technology/2018/09/19/nearly-half-cellphone-calls-will-be-scams-by-report-says/. Accessed 17 Feb 2020

  25. Tu, H., Doupé, A., Zhao, Z., Ahn, G.J.: Users really do answer telephone scams. In: Proceedings of the 28th USENIX Conference on Security Symposium (2019)

    Google Scholar 

  26. Verizon: 2019 data breach investigations report (2019). https://enterprise.verizon.com/resources/reports/dbir/

  27. Vidas, T., Owusu, E., Wang, S., Zeng, C., Cranor, L.F., Christin, N.: QRishing: the susceptibility of smartphone users to QR code phishing attacks. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 52–69. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9_4

    Chapter  Google Scholar 

  28. Workman, M.: A test of interventions for security threats from social engineering. Inf. Manag. Comput. Security 16, 463–483 (2008)

    Article  Google Scholar 

Download references

Acknowledgements

This material is based upon work supported by the National Science Foundation under Grant No. 1813858. This research was also supported by a generous gift from the Herman P. & Sophia Taubman Foundation.

Author information

Authors and Affiliations

  1. University of California Irvine, Irvine, CA, 92697, USA

    Ian G. Harris & Ali Derakhshan

  2. Lootcore, Kristianstad, Sweden

    Marcel Carlsson

Authors
  1. Ian G. Harris
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ali Derakhshan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marcel Carlsson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ian G. Harris .

Editor information

Editors and Affiliations

  1. Newcastle University, Newcastle upon Tyne, UK

    Thomas Groß

  2. King's College London, London, UK

    Luca Viganò

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Harris, I.G., Derakhshan, A., Carlsson, M. (2021). A Study of Targeted Telephone Scams Involving Live Attackers. In: Groß, T., Viganò, L. (eds) Socio-Technical Aspects in Security and Trust. STAST 2020. Lecture Notes in Computer Science(), vol 12812. Springer, Cham. https://doi.org/10.1007/978-3-030-79318-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-79318-0_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-79317-3

  • Online ISBN: 978-3-030-79318-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation