Rand Abu Hammour
Editorial Notes
NOTICE OF CONCERN: ACM has received evidence that casts doubt on the integrity of the peer review process for the DATA 2019 Conference. As a result, ACM is issuing a Notice of Concern for all papers published and strongly suggests that the papers from this Conference not be cited in the literature until ACM's investigation has concluded and final decisions have been made regarding the integrity of the peer review process for this Conference.
ABSTRACT
Social Engineering Attack has recently become a real threat affecting organizations, and 53.9% of such attacks target the banking sector. Successful attacks violate privacy by breaching sensitive data, and can cause huge financial loss for organizations and individuals, alongside reputational damage for firms. Although banks invest extensive resources in cyber security, with large budgets spent on securing their hardware and software, the human factor offers numerous weaknesses that can be easily exploited, and real and pertinent security challenges remain serious threats. This paper presents an information technology governance framework applied on a Jordanian bank to protect the system from social engineering attack. We worked on a case study that mainly focuses on phishing attack, which is considered one of the most common threats in banks, and the way staff will deal with it. The results show positive improvements in staff awareness and in avoiding such types of attacks, as well as a marked increase in reporting any suspicious activity noticed by employees.
- S. Muslah Albladi and G. R. S. Weir, "A Conceptual Model to Predict Social Engineering Victims," 12th International Conference on Global Security, Safety and Sustainability (ICGS3), London, United Kingdom, 2019, pp. 212--212..Google Scholar
- Anti-Phishing Working Group, APWG Phishing Attack Trends Report, 3Q, 2018.Google Scholar
- Amir Mohammad Fathollahi-Fard, Mostafa Hajiaghaei-Keshteli, Reza Tavakkoli-Moghaddam, "The Social Engineering Optimizer (SEO)", Engineering Applications of Artificial Intelligence, Vol 72, 2018, pp.267--293.Google ScholarDigital Library
- C, Ajaegbu & Adesegun, Oreoluwa & Y.A., Adekunle & Oludele, Awodele. H. Wilcox and M. Bhattacharya, "A framework to mitigate social engineering through social media within the enterprise," 11th Industrial Electronics and Applications (ICIEA), Hefei, 2016, pp. 1039--1044.Google Scholar
- Fatima Salahdine, Naima Kaabouch. "Social Engineering Attacks: A Survey", Future Internet, 11(4), 2019.Google Scholar
- M. Junger, L. Montoya, F-J. Overink." Priming and Warnings Are Not Effective To Prevent Social Engineering Attacks". Computers in Human Behavior, Vol 66, 2017, pp. 75--87.Google ScholarDigital Library
- Maher Aburrous • M. A. Hossain • Keshav Dahal. "Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies", Cognitive Computation, 2(3), 2010, pp 242--253.Google ScholarCross Ref
- M. Bezuidenhout, F. Mouton and H. S. Venter, "Social engineering attack detection model: SEADM," 2010 Information Security for South Africa, Sandton, Johannesburg, 2010, pp. 1--8.Google Scholar
- Matthew Edwards, Robert Larson, Benjamin Green, Awais Rashid, Alistair Baron. (2016). "Panning for gold: automatically analysing online social engineering attack surfaces", Computers & Security, vol 66, 2017, pp. 18--34.Google Scholar
- Malik Qasaimeh, Raad S. Al-Qassas, Shadi Aljawarneh, "Recent Development in Smart Grid Authentication Approaches: A Systematic Literature Review", Cybernetics and Information Technologies, vol 19, no 1, 2019.Google Scholar
- Macharia Kiama. "Social Engineering: Managing the Human Element of Information Security in the Organization", master thesis,. university of Nairobi, 2016.Google Scholar
- S. Gupta, A. Singhal and A. Kapoor, "A literature survey on social engineering attacks: Phishing attack," 2016 International Conference on Computing, Communication and Automation (ICCCA), Noida, 2016, pp. 537--540.Google Scholar
- V. Lyashenko, O. Kobylin and M. Minenko, "Tools for Investigating the Phishing Attacks Dynamics," International Scientific-Practical Conference Problems of Infocommunications. Science and Technology, Kharkiv, Ukraine, 2018, pp. 43--46.Google Scholar
- C. Lekati, "Complexities in Investigating Cases of Social Engineering: How Reverse Engineering and Profiling can Assist in the Collection of Evidence," 11th International Conference on IT Security Incident Management & IT Forensics, Hamburg, 2018, pp. 107--109.Google Scholar
- Mahmood Alsaadi, Malik Qasaimeh, Sara Tedmori, "HIPAA Security and Privacy Rules Auditing in Extreme Programming Environments", International Journal of Information Systems in the Service Sector, vol 9, no.1, 2017.Google ScholarDigital Library
- Central Bank of Jordan, Information and Technology Governance Regulations number, ISACA, (65/2016), 2016.Google Scholar
- ScanWave Information Security Consultants Company, Phishing Statistics in Jordan and worldwide: http://www.scanwave.org/, last accessed: 03/06/19Google Scholar
Recommendations
Mitigating Phishing Attacks: An Overview
ACM SE '19: Proceedings of the 2019 ACM Southeast ConferenceSocial engineering is the process of getting a person to provide a service or complete a task that may give away private or confidential information. Phishing is the most common type of social engineering. In phishing, an attacker poses as a trustworthy ...
Cyber Social Engineering Kill Chain
Science of Cyber SecurityAbstractCyber attacks are often initiated with a social engineering attack to penetrate a network, which we call Cyber Social Engineering (CSE) attacks. Despite many studies, our understanding of CSE attacks is inadequate in explaining why these attacks ...
Overview of Social Engineering Attacks on Social Networks
AbstractSocial networks have become a trusted communication medium for both personal and professional communication. However, hackers regularly exploit the trust of the users of social networks for their own gain. This is often done by using phishing ...
Comments