The cycle of deception - A model of social engineering attacks, defences and victims
2008 (English)In: Proceedings of the 2nd International Symposium on Human Aspects of Information Security and Assurance, HAISA 2008, University of Plymouth , 2008, 1-11 p.Conference paper (Refereed)
In this paper we propose a model for describing deceptive crimes in general and social engineering in particular. Our research approach was naïve inductivist and the methods used were literature study and interviews with the lead investigator in a grooming case, as we see many similarities between the techniques used in grooming, and those used in social engineering. From this we create cycles describing attacker, defender, and the victim and merge them into a model describing the cycle of deception. The model is then extended into a possible deception sphere. The resulting models can be used to educate about social engineering, to create automated social engineering attacks, to facilitate better incident reporting, and to understand the impact and economical aspects of defenses.
Place, publisher, year, edition, pages
University of Plymouth , 2008. 1-11 p.
Computer crime, Deception, Fraud, Security models, Social engineering, Security of data, Economical aspects, Literature studies, Research approach, Security model, Crime
Computer and Information Science
IdentifiersURN: urn:nbn:se:kth:diva-196199ScopusID: 2-s2.0-84926018906ISBN: 9781841021898OAI: oai:DiVA.org:kth-196199DiVA: diva2:1046723
2nd International Symposium on Human Aspects of Information Security and Assurance, HAISA 2008, 8 July 2008 through 9 July 2008
Conference Paper. QC 201611152016-11-152016-11-142016-11-15Bibliographically approved