Publication details

Home Publications Publication details

Improving Awareness of Social Engineering Attacks
Smith A, Papadaki M, Furnell SM
Proceedings of the 9th IFIP World Congress on Computer Education (WCCE 2009), Bento Gonclaves, Brazil, 27-31 July, 2009

Social engineering is a method of attack involving the exploitation of human weakness, gullibility and ignorance. Although related techniques have existed for some time, current awareness of social engineering and its many guises is relatively low and efforts are therefore required to improve the protection of the user community. This paper begins by examining the problems posed by social engineering, and outlining some of the previous efforts that have been made to address the threat. This leads toward the discussion of a new awareness-raising website that has been specifically designed to aid users in understanding and avoiding the risks. Findings from an experimental trial involving 46 participants are used to illustrate that the system served to increase users’ understanding of threat concepts, as well as providing an engaging environment in which they would be likely to persevere with their learning.

Smith A, Papadaki M, Furnell SM