Description
Social engineering attacks pose a significant threat to (cyber)security and physical safety of people. This may be of particular importance in university settings where sensitive information and intellectual property are abundant. This project aims to study the prevalence and susceptability, methods, and impact of social engineering attacks within a university environment. By understanding these attacks, we can test and further develop effective countermeasures to protect the university community. For example the output of this thesis may result in a on-campus poster campaign (or similar). In this thesis project you will investigate safety threats by social engineering methods together with on-campus stakeholders.
Depending on the study outcome and setup, there is an opportunity to publish this research in an international peer-reviewed journal. Furthermore, the results of this thesis will ideally be a direct basis and inspiration for an active change and intervention.
Research Questions
The precise focus of the project may also be influenced by the students interest. Exemplary research questions may include:
- How effective are different types of social engineering methods? What are their boundary conditions?
- How can harm effectively be prevented?
- What knowledge gaps or hurdles exist that prevent people (victims and bystanders) from acting?
Type of Research
Mixed Methods incorporating both qualitative and quantitative measures. Importantly this project requires the student to be on-site at UT.
Key words
Social engineering, physical safety, theft, believability, threat assessment, deception, countermeasures and interventions
Information
Please contact Steven Watson (s.j.watson@utwente.nl) when you are interested in this assignment.
Start
Start is flexible. This project si available for up to two students.
Literature
- Bullee, J. W., & Junger, M. (2020). How effective are social engineering interventions? A meta-analysis. Information & Computer Security, 28(5), 801-830.
- Bullée, J. W., Montoya, L., Junger, M., & Hartel, P. H. (2016). Telephone-based social engineering attacks: An experiment testing the success and time decay of an intervention. In Proceedings of the Singapore Cyber-Security Conference (SG-CRC) 2016 (pp. 107-114). IOS Press.
- Bullée, J. W. H., Montoya, L., Pieters, W., Junger, M., & Hartel, P. H. (2015). The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of experimental criminology, 11, 97-115.
- Wulff, A. N., & Hyman Jr, I. E. (2022). Crime blindness: The impact of inattentional blindness on eyewitness awareness, memory, and identification. Applied Cognitive Psychology, 36(1), 166-178.
- Gibbs, R., Davies, G., & Chou, S. (2020). A systematic review on factors affecting the likelihood of change blindness. Reviewing Crime Psychology, 95-115.
- Laney, C., & Loftus, E. F. (2009). Change blindness and eyewitness testimony. In Current issues in applied memory research (pp. 156-174). Psychology Press.
- Hyman, I. E., Wulff, A. N., & Thomas, A. K. (2018). Crime blindness: How selective attention and inattentional blindness can disrupt eyewitness awareness and memory. Policy Insights from the Behavioral and Brain Sciences, 5(2), 202-208.