Abstract
We present the results of a research study in which participants were subjected to social engineering attacks via telephone, telephone scams, in order to determine the features of scams which people are most susceptible to. The study has involved 186 university participants who were attacked with one of 27 different attack scripts which span different independent variables including the pretext used and the method of elicitation. In order to ensure informed consent, each participant was warned that they would receive a scam phone call within 3 months. One independent variable used is the time between the warning and launching the scam. In spite of this warning, a large fraction of participants were still deceived by the scam.
A limitation to research in the study of telephone scams is the lack of a dataset of real phone scams for examination. Each phone call in our study was recorded and we present the dataset of these recordings, and their transcripts. To our knowledge, there is no similar publicly-available dataset or phone scams. We hope that our dataset will support future research in phone scams and their detection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aburrous, M.R., Hossain, M.A., Dahal, K.P., Thabtah, F.A.: Experimental case studies for investigating e-banking phishing techniques and attack strategies. Cogn. Comput. 2, 242–253 (2010)
Bakhshi, T., Papadaki, M., Furnell, S.: A practical assessment of social engineering vulnerabilities. In: HAISA (2008)
Das, A., Baki, S., El. Aassal, A., Verma, R., Dunbar, A.: SoK: a comprehensive reexamination of phishing research from the security perspective. IEEE Commun. Surv. Tutor. 22, 671–708 (2019)
Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (2006)
Ebbinghaus, H.: Memory: A Contribution to Experimental Psychology. Teachers College, Columbia University, New York (1913)
Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (2008)
Greening, T.: Ask and ye shall receive: a study in “social engineering’’. SIGSAC Rev. 14(2), 8–14 (1996)
Hadnagy, C., Wilson, P.: Social Engineering: The Art of Human Hacking. Wiley, Hoboken (2010)
Hadnagy, C.: Social Engineering The Art of Human Hacking. Wiley, Hoboken (2011)
Roediger III, H.L., Karpicke, J.D.: The power of testing memory: basic research and implications for educational practice. Perspect. Psychol. Sci. 1(3), 181–210 (2006)
Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Commun. ACM 50(10), 94–100 (2007)
Jakobsson, M., Johnson, N., Finn, P.: Why and how to perform fraud experiments. IEEE Secur. Privacy 6(2), 66–68 (2008)
Karakasiliotis, A., Furnell, S.M., Papadaki, M.: Assessing end-user awareness of social engineering and phishing. In: Australian Information Warfare and Security Conference (2006)
Kok, K.F.: 2019 U.S. spam & scam report. Truecaller Insights, April 2019. https://truecaller.blog/2019/04/17/truecaller-insights-2019-us-spam-phone-scam-report/. Accessed 17 Feb 2020
Mitnick, K., Simon, W.: The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers. Wiley, Hoboken (2009)
Mitnick, K.: The Art of Deception. Wiley, New York (2003)
Olson, E.: When answering the phone exposes you to fraud. New York Times, December 2018. https://www.nytimes.com/2018/12/07/business/fraud-robocalls-spoofing.html. Accessed 11 June 2020
Orgill, G.L., Romney, G.W., Bailey, M.G., Orgill, P.M.: The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems. In: Proceedings of the 5th Conference on Information Technology Education (2004)
Ethical principles of psychologists and code of conduct, June 2010
Scamalot. http://scamalot.com. Accessed 11 Oct 2017
Scamdex. www.scamdex.com. Accessed 11 Oct 2017
Scamwarners. scamwarners.com. Accessed 11 Oct 2017
Scheeres, J.: Establishing the human firewall: reducing an individual’s vulnerability to social engineering attacks. Biblioscholar (2012)
Shaban, H.: Nearly half of cellphone calls will be scams by 2019, report says. The Washington Post, September 2018. https://www.washingtonpost.com/technology/2018/09/19/nearly-half-cellphone-calls-will-be-scams-by-report-says/. Accessed 17 Feb 2020
Tu, H., Doupé, A., Zhao, Z., Ahn, G.J.: Users really do answer telephone scams. In: Proceedings of the 28th USENIX Conference on Security Symposium (2019)
Verizon: 2019 data breach investigations report (2019). https://enterprise.verizon.com/resources/reports/dbir/
Vidas, T., Owusu, E., Wang, S., Zeng, C., Cranor, L.F., Christin, N.: QRishing: the susceptibility of smartphone users to QR code phishing attacks. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 52–69. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9_4
Workman, M.: A test of interventions for security threats from social engineering. Inf. Manag. Comput. Security 16, 463–483 (2008)
Acknowledgements
This material is based upon work supported by the National Science Foundation under Grant No. 1813858. This research was also supported by a generous gift from the Herman P. & Sophia Taubman Foundation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Harris, I.G., Derakhshan, A., Carlsson, M. (2021). A Study of Targeted Telephone Scams Involving Live Attackers. In: Groß, T., Viganò, L. (eds) Socio-Technical Aspects in Security and Trust. STAST 2020. Lecture Notes in Computer Science(), vol 12812. Springer, Cham. https://doi.org/10.1007/978-3-030-79318-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-79318-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-79317-3
Online ISBN: 978-3-030-79318-0
eBook Packages: Computer ScienceComputer Science (R0)