Analysis of social engineering in practice
Keywords: Cybercrime, Cyber Security, Social Engineering, Phishing
Date: December 18, 2014
Teachers: Prof dr. M. Junger
JW Bullee? / Lastdrager?
We are looking for a master student with an interest in cybercrime and cyber security.
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions that will divulge confidential information, usually account information (e.g. login, passwords). In the digital world phishing emails are one of the most used methods for criminals to try to collect account information to try to steal or extort money. For many users recognizing an email as a fraudulent mail is not easy. Accordingly, many attempts have been done to help users to become more digi-savvy in order to recognise phishing attempts and not fall for them.
How vulnerable are online users to phishing attempts? This is the main question of this study. Large security companies investigate how vulnerable employees are when they are receiving phishing mails. However these companies do not often systematically investigate how often online users fill in account information and how they might explain ‘success rates’ in more detail. For instance, are women more or less likely to fall for phishing attempts than men, or younger versus elderly people, or higher-ranked employees versus subordinates? What else plays a role?
In this project we will collaborate with the security companies that execute these phishing attempts and you will analyse all the information that they have.
You will be working on this within the framework of a European project (http://www.trespass-project.eu/).
Contact: M. Junger RA 3351