4 June 2018

Personalised social engineering

Anybody can become the victim of a confidence trick, in the modern parlance they might succumb to social engineering. Through such illicit tools, a third party might gain access to the contents of one’s hard drive, one’s bank account, or even steal one’s identity for nefarious purposes. Human behaviour and deception cut to the core of the modern hacker’s approach to breaching so-called cyber security.

A snippet of information, a date of birth, a mother’s unmarried name, a home address leaked by the gullible or deceived can be added to information gleaned from social media sites such as Facebook and Twitter where users commonly share their innermost secrets with no regard for privacy or ultimately their personal online security. Researchers have previously demonstrated that human personality traits can influence the susceptibility of an individual to manipulation related to social engineering deception attacks and exploits. By creating a cognitive dissonance, a trickster might obtain useful information, such as login details, by simple of sophisticated deception. The end result will always be the same – a third party having access to an account, information, and data to which they have no legitimate claim.

Now, James Stewart of Keiser University, in Fort Lauderdale, Florida, and Maurice Dawson of the Illinois Institute of Technology, in Chicago, USA, have undertaken a quantitative and non-experimental study to investigate what specific factors lead to gullibility in an individual faced with social engineering threats based on personality traits. The team points out that security professionals are yet to address completely the human factors involved in data breaches and other hacking and cracking efforts. Nobody has yet found a viable strategy for investigating these nor has conventional training in security whether homeland security or business security squared up to the risks in a satisfying manner. “However, the human element has the greatest potential to compromise the embedded technology,” Keiser and Dawson assert.

It has previously been observed that behaviour patterns and indicators, such as threat vulnerability, threat severity, trust, commitment, fear, and obedience to authority can often be manipulated by confidence tricksters of all kinds. The presence of such personality traits is commonly a strong indicator of social engineering susceptibility. The team has also looked for correlates with age, education level, country and other factors, such as ethnicity.

“The principle of influence independent variables were reactance, affective commitment and continuance commitment. The dependent susceptibility variable was a scored grouping of the principle of influence factors that included trust, vulnerability and threat and obedience,” the team concludes.

Stewart, J. and Dawson, M. (2018) ‘How the modification of personality traits leave one vulnerable to manipulation in social engineering’, Int. J. Information Privacy, Security and Integrity, Vol. 3, No. 3, pp.187–208.

No comments: