Merton Lansley,Francois Mouton,Stelios Kapetanakis,Nikolaos Polatidis

DOI: https://doi.org/10.1080/24751839.2020.1747001

2020-04-10

Journal of Information and Telecommunication

Abstract:Social engineering attacks are one of the most well-known and easiest to apply attacks in the cybersecurity domain. Research has shown that the majority of attacks against computer systems was based on the use of social engineering methods. Considering the importance of emerging fields such as machine learning and cybersecurity we have developed a method that detects social engineering attacks that is based on natural language processing and artificial neural networks. This method can be applied in offline texts or online environments and flag a conversation as a social engineering attack or not. Initially, the conversation text is parsed and checked for grammatical errors using natural language processing techniques and then an artificial neural network is used to classify possible attacks. The proposed method has been evaluated using a real dataset and a semi-synthetic dataset with very high accuracy results. Furthermore, alternative classification methods have been used for comparisons in both datasets.

Affan Yasin,Rubia Fatima,Lin Liu,Jianmin Wang,Raian Ali,Ziqi Wei

DOI: https://doi.org/10.1002/spy2.161

2021-01-01

Security and Privacy

Abstract:Malicious scammers and social engineers are causing great harms to modern society, as they have led to the loss of data, information, money, and many more for individuals and companies. Knowledge about social engineering (SE) is wide‐spread and it exits in non‐academic papers and communication channels. Knowledge is mostly based on expert opinion and experience reports. Such knowledge, if articulated, can provide a valid source of knowledge and information. We performed the analysis of such sources, guided by academic principles around SE, and solicit existing SE scenarios from public awareness education materials, news stories, research literature, official advisories to public departments. We adopted grounded theory to extract the general knowledge behind SE, such as, attacking cycles, information gathering strategies, psychological principles, attack vectors, and so on. In this article, we aim to review and synthesize a body of knowledge (rationale and motivation of social engineers). The study aims to: (a) understand the rationale of social engineers; (b) capture the knowledge of SE attacks and extract important information from the sources; (c) propose an activity for counteracting SE attacks, and how it can be used in security education.

Lin Ai,Tharindu Kumarage,Amrita Bhattacharjee,Zizhou Liu,Zheng Hui,Michael Davinroy,James Cook,Laura Cassani,Kirill Trapeznikov,Matthias Kirchner,Arslan Basharat,Anthony Hoogs,Joshua Garland,Huan Liu,Julia Hirschberg

2024-10-12

Abstract:The proliferation of Large Language Models (LLMs) poses challenges in detecting and mitigating digital deception, as these models can emulate human conversational patterns and facilitate chat-based social engineering (CSE) attacks. This study investigates the dual capabilities of LLMs as both facilitators and defenders against CSE threats. We develop a novel dataset, SEConvo, simulating CSE scenarios in academic and recruitment contexts, and designed to examine how LLMs can be exploited in these situations. Our findings reveal that, while off-the-shelf LLMs generate high-quality CSE content, their detection capabilities are suboptimal, leading to increased operational costs for defense. In response, we propose ConvoSentinel, a modular defense pipeline that improves detection at both the message and the conversation levels, offering enhanced adaptability and cost-effectiveness. The retrieval-augmented module in ConvoSentinel identifies malicious intent by comparing messages to a database of similar conversations, enhancing CSE detection at all stages. Our study highlights the need for advanced strategies to leverage LLMs in cybersecurity.

Computation and Language

Irfan Ozen,Karthika Subramani,Phani Vadrevu,Roberto Perdisci

2024-01-11

Abstract:Social engineering (SE) aims at deceiving users into performing actions that may compromise their security and privacy. These threats exploit weaknesses in human's decision making processes by using tactics such as pretext, baiting, impersonation, etc. On the web, SE attacks include attack classes such as scareware, tech support scams, survey scams, sweepstakes, etc., which can result in sensitive data leaks, malware infections, and monetary loss. For instance, US consumers lose billions of dollars annually due to various SE attacks. Unfortunately, generic social engineering attacks remain understudied, compared to other important threats, such as software vulnerabilities and exploitation, network intrusions, malicious software, and phishing. The few existing technical studies that focus on social engineering are limited in scope and mostly focus on measurements rather than developing a generic defense. To fill this gap, we present SEShield, a framework for in-browser detection of social engineering attacks. SEShield consists of three main components: (i) a custom security crawler, called SECrawler, that is dedicated to scouting the web to collect examples of in-the-wild SE attacks; (ii) SENet, a deep learning-based image classifier trained on data collected by SECrawler that aims to detect the often glaring visual traits of SE attack pages; and (iii) SEGuard, a proof-of-concept extension that embeds SENet into the web browser and enables real-time SE attack detection. We perform an extensive evaluation of our system and show that SENet is able to detect new instances of SE attacks with a detection rate of up to 99.6% at 1% false positive, thus providing an effective first defense against SE attacks on the web.

Cryptography and Security,Machine Learning

Jingru Yu,Yi Yu,Xuhong Wang,Yilun Lin,Manzhi Yang,Yu Qiao,Fei-Yue Wang

2024-07-23

Abstract:Social engineering (SE) attacks remain a significant threat to both individuals and organizations. The advancement of Artificial Intelligence (AI), including diffusion models and large language models (LLMs), has potentially intensified these threats by enabling more personalized and convincing attacks. This survey paper categorizes SE attack mechanisms, analyzes their evolution, and explores methods for measuring these threats. It highlights the challenges in raising awareness about the risks of AI-enhanced SE attacks and offers insights into developing proactive and adaptable defense strategies. Additionally, we introduce a categorization of the evolving nature of AI-powered social engineering attacks into "3E phases": Enlarging, wherein the magnitude of attacks expands through the leverage of digital media; Enriching, introducing novel attack vectors and techniques; and Emerging, signifying the advent of novel threats and methods. Moreover, we emphasize the necessity for a robust framework to assess the risk of AI-powered SE attacks. By identifying and addressing gaps in existing research, we aim to guide future studies and encourage the development of more effective defenses against the growing threat of AI-powered social engineering.

Cryptography and Security

Xi Chen,Indranil Bose,Alvin Leung,Chenhui Guo

2009-01-01

Abstract:We assess the severity of phishing attacks in terms of their risk levels and the potential loss in market value to the firms. We analyze 1,030 phishing alerts released on a public database as well as financial data related to the targeted firms using a hybrid text and data mining method that predicts the severity of the attack with high accuracy. Our research identifies the important textual and financial variables that impact the severity of the attacks and determine that different antecedents influence risk level and potential financial loss associated with phishing attacks.

Daojing He,Xin Lv,Xueqian Xu,Shui Yu,Dawei Li,Sammy Chan,Mohsen Guizani

DOI: https://doi.org/10.1109/mnet.105.2100425

IF: 10.294

2022-01-01

IEEE Network

Abstract:In recent years, social engineering attacks that use phishing emails as the medium and target specific groups of people have occurred frequently. Current enterprise systems are vulnerable to social engineering attacks. In addition, existing detection methods are relatively ineffective. Therefore, we propose a double-layer detection framework based on deep learning technology. First, a phishing email detection model based on Long Short-Term Memory (LSTM) and extreme gradient boosting tree (XGBoost) is designed from the perspective of individual security. Then, an insider threat detection model based on Bidirectional LSTM and Attention mechanism is designed from the perspective of group security. Finally, combined with the social engineering network attack simulation theory, a social engineering attack and defense simulation platform is established. In the double-layer frame-work, we use Bi-LSTM to obtain long-range dependent features of email body and user sequence information. Then XGBoost and Attention mechanism are used to further strengthen the network structure and improve the classification accuracy. Compared with traditional methods, our model does not require manual feature extraction, and can accurately identify phishing emails and insider threats. Finally, our proposed social engineering simulation platform verifies the effectiveness of the two-layer model. The experimental results show that our proposed framework has the characteristics of timely detection and after-the-fact investigation, which can effectively detect phishing attacks and insider threats faced by enterprise systems.

Glynn Rogers,Malcolm Crompton,Gaurav Sapre,Jonathan Chan

DOI: https://doi.org/10.48550/arXiv.2302.13532

2023-02-27

Cryptography and Security

Abstract:Social Engineering has emerged as a significant threat in cyber security. In a dialog based attack, by having enough of a potential victim's personal data to be convincing, a social engineer impersonates the victim in order to manipulate the attack's target into revealing sufficient information for accessing the victim's accounts etc. We utilise the developing understanding of human information processing in the Information Sciences to characterise the vulnerability of the target to manipulation and to propose a form of countermeasure. Our focus is on the possibility of the social engineer being able to build the victim's profile by, in part, inferring personal attribute values from statistical information available either informally, from general knowledge, or, more formally, from some public database. We use an orthogonalised log linear analysis of data in the form of a contingence table to develop a measure of how susceptible particular subtables are to probabilistic inference as the basis for our proposed countermeasure. This is based on the observation that inference relies on a high degree of non-uniformity and exploits the orthogonality of the analysis to define the measure in terms of subspace projections.

Mithün Paul,Genevieve Bartlett,Jelena Mirkovic,Marjorie Freedman

2024-05-21

Abstract:Enterprise security is increasingly being threatened by social engineering attacks, such as phishing, which deceive employees into giving access to enterprise data. To protect both the users themselves and enterprise data, more and more organizations provide cyber security training that seeks to teach employees/customers to identify and report suspicious content. By its very nature, such training seeks to focus on signals that are likely to persist across a wide range of attacks. Further, it expects the user to apply the learnings from these training on e-mail messages that were not filtered by existing, automatic enterprise security (e.g., spam filters and commercial phishing detection software). However, relying on such training now shifts the detection of phishing from an automatic process to a human driven one which is fallible especially when a user errs due to distraction, forgetfulness, etc. In this work we explore treating this type of detection as a natural language processing task and modifying training pipelines accordingly. We present a dataset with annotated labels where these labels are created from the classes of signals that users are typically asked to identify in such training. We also present baseline classifier models trained on these classes of labels. With a comparative analysis of performance between human annotators and the models on these labels, we provide insights which can contribute to the improvement of the respective curricula for both machine and human training.

Cryptography and Security

Joel Dmello,Srivaramangai R

DOI: https://doi.org/10.22214/ijraset.2024.59306

2024-03-31

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: Social engineering attacks, which take use of psychological manipulation rather than technical flaws, represent a serious threat to people, organizations, and society at large. This research paper explores the field of social engineering detection and provides a thorough analysis of current approaches, their efficacy, and the difficulties encountered in spotting and countering these misleading techniques. This paper presents a comprehensive overview of the use of machine learning and deep learning technologies to detect and address harmful behaviours such as hate speech, cyberbullying, phishing, and spam on social media and communication platforms. It covers a range of studies and methods, including the application of various algorithms such as Enigma Cipher, Rail Fence Cipher, Convolutional Neural Networks, BiLSTM, decision trees, Logistic Regression, SVM, Naive Bayes, and others. The document highlights ongoing endeavours to tackle the issues posed by harmful activities online through innovative technological advancements, showcasing the continuous evolution in this dynamic field.

Judee K. Burgoon,J. P. Blair,Tiantian Qin,Jay F. Nunamaker

DOI: https://doi.org/10.1007/3-540-44853-5_7

2003-01-01

Abstract:Tools to detect deceit from language use pose a promising avenue for increasing the ability to distinguish truthful transmissions, transcripts, intercepted messages, informant reports and the like from deceptive ones. This investigation presents preliminary tests of 16 linguistic features that can be automated to return assessments of the likely truthful or deceptiveness of a piece of text. Results from a mock theft experiment demonstrate that deceivers do utilize language differently than truth tellers and that combinations of cues can improve the ability to predict which texts may contain deception.

Shahryar Baki,Rakesh M. Verma,Arjun Mukherjee,Omprakash Gnawali

DOI: https://doi.org/10.48550/arXiv.2006.13499

2020-06-24

Abstract:Cyber attacks such as phishing, IRS scams, etc., still are successful in fooling Internet users. Users are the last line of defense against these attacks since attackers seem to always find a way to bypass security systems. Understanding users' reason about the scams and frauds can help security providers to improve users security hygiene practices. In this work, we study the users' reasoning and the effectiveness of several variables within the context of the company representative fraud. Some of the variables that we study are: 1) the effect of using LinkedIn as a medium for delivering the phishing message instead of using email, 2) the effectiveness of natural language generation techniques in generating phishing emails, and 3) how some simple customizations, e.g., adding sender's contact info to the email, affect participants perception. The results obtained from the within-subject study show that participants are not prepared even for a well-known attack - company representative fraud. Findings include: approximately 65% mean detection rate and insights into how the success rate changes with the facade and correspondent (sender/receiver) information. A significant finding is that a smaller set of well-chosen strategies is better than a large `mess' of strategies. We also find significant differences in how males and females approach the same company representative fraud. Insights from our work could help defenders in developing better strategies to evaluate their defenses and in devising better training strategies.

Cryptography and Security,Human-Computer Interaction,Social and Information Networks

Het Patel,Umair Rehman,Farkhund Iqbal

2024-06-07

Abstract:Phishing, a prevalent cybercrime tactic for decades, remains a significant threat in today's digital world. By leveraging clever social engineering elements and modern technology, cybercrime targets many individuals, businesses, and organizations to exploit trust and security. These cyber-attackers are often disguised in many trustworthy forms to appear as legitimate sources. By cleverly using psychological elements like urgency, fear, social proof, and other manipulative strategies, phishers can lure individuals into revealing sensitive and personalized information. Building on this pervasive issue within modern technology, this paper aims to analyze the effectiveness of 15 Large Language Models (LLMs) in detecting phishing attempts, specifically focusing on a randomized set of "419 Scam" emails. The objective is to determine which LLMs can accurately detect phishing emails by analyzing a text file containing email metadata based on predefined criteria. The experiment concluded that the following models, ChatGPT 3.5, GPT-3.5-Turbo-Instruct, and ChatGPT, were the most effective in detecting phishing emails.

Computation and Language,Artificial Intelligence

Anargyros Chrysanthou,Yorgos Pantis,Constantinos Patsakis

2023-10-05

Abstract:In an era dominated by digital interactions, phishing campaigns have evolved to exploit not just technological vulnerabilities but also human traits. This study takes an unprecedented deep dive into large-scale phishing campaigns aimed at Meta's users, offering a dual perspective on the technical mechanics and human elements involved. Analysing data from over 25,000 victims worldwide, we highlight the nuances of these campaigns, from the intricate techniques deployed by the attackers to the sentiments and behaviours of those who were targeted. Unlike prior research conducted in controlled environments, this investigation capitalises on the vast, diverse, and genuine data extracted directly from active phishing campaigns, allowing for a more holistic understanding of the drivers, facilitators, and human factors. Through the application of advanced computational techniques, including natural language processing and machine learning, this work unveils critical insights into the psyche of victims and the evolving tactics of modern phishers. Our analysis illustrates very poor password selection choices from the victims but also persistence in the revictimisation of a significant part of the users. Finally, we reveal many correlations regarding demographics, timing, sentiment, emotion, and tone of the victims' responses.

Cryptography and Security

Said Salloum,Tarek Gaber,Sunil Vadera,Khaled Shaalan

DOI: https://doi.org/10.1016/j.procs.2021.05.077

2021-01-01

Procedia Computer Science

Abstract:Phishing is the most prevalent method of cybercrime that convinces people to provide sensitive information; for instance, account IDs, passwords, and bank details. Emails, instant messages, and phone calls are widely used to launch such cyber-attacks. Despite constant updating of the methods of avoiding such cyber-attacks, the ultimate outcome is currently inadequate. On the other hand, phishing emails have increased exponentially in recent years, which suggests a need for more effective and advanced methods to counter them. Numerous methods have been established to filter phishing emails, but the problem still needs a complete solution. To the best of our knowledge, this is the first survey that focuses on using Natural Language Processing (NLP) and Machine Learning (ML) techniques to detect phishing emails. This study provides an analysis of the numerous state-of-the-art NLP strategies currently in use to identify phishing emails at various stages of the attack, with an emphasis on ML strategies. These approaches are subjected to a comparative assessment and analysis. This gives a sense of the problem, its immediate solution space, and the expected future research directions.

Fred Heiding,Simon Lermen,Andrew Kao,Bruce Schneier,Arun Vishwanath

2024-12-01

Abstract:In this paper, we evaluate the capability of large language models to conduct personalized phishing attacks and compare their performance with human experts and AI models from last year. We include four email groups with a combined total of 101 participants: A control group of arbitrary phishing emails, which received a click-through rate (recipient pressed a link in the email) of 12%, emails generated by human experts (54% click-through), fully AI-automated emails 54% (click-through), and AI emails utilizing a human-in-the-loop (56% click-through). Thus, the AI-automated attacks performed on par with human experts and 350% better than the control group. The results are a significant improvement from similar studies conducted last year, highlighting the increased deceptive capabilities of AI models. Our AI-automated emails were sent using a custom-built tool that automates the entire spear phishing process, including information gathering and creating personalized vulnerability profiles for each target. The AI-gathered information was accurate and useful in 88% of cases and only produced inaccurate profiles for 4% of the participants. We also use language models to detect the intention of emails. Claude 3.5 Sonnet scored well above 90% with low false-positive rates and detected several seemingly benign emails that passed human detection. Lastly, we analyze the economics of phishing, highlighting how AI enables attackers to target more individuals at lower cost and increase profitability by up to 50 times for larger audiences.

Cryptography and Security

Rakesh M. Verma,Nachum Dershowitz,Victor Zeng,Dainis Boumber,Xuting Liu

2024-02-02

Abstract:Internet-based economies and societies are drowning in deceptive attacks. These attacks take many forms, such as fake news, phishing, and job scams, which we call ``domains of deception.'' Machine-learning and natural-language-processing researchers have been attempting to ameliorate this precarious situation by designing domain-specific detectors. Only a few recent works have considered domain-independent deception. We collect these disparate threads of research and investigate domain-independent deception. First, we provide a new computational definition of deception and break down deception into a new taxonomy. Then, we analyze the debate on linguistic cues for deception and supply guidelines for systematic reviews. Finally, we investigate common linguistic features and give evidence for knowledge transfer across different forms of deception.

Computation and Language,Cryptography and Security,Computers and Society

Baha Rababah,Shang,Matthew Kwiatkowski,Carson Leung,Cuneyt Gurcan Akcora

2024-10-16

Abstract:The safety and robustness of large language models (LLMs) based applications remain critical challenges in artificial intelligence. Among the key threats to these applications are prompt hacking attacks, which can significantly undermine the security and reliability of LLM-based systems. In this work, we offer a comprehensive and systematic overview of three distinct types of prompt hacking: jailbreaking, leaking, and injection, addressing the nuances that differentiate them despite their overlapping characteristics. To enhance the evaluation of LLM-based applications, we propose a novel framework that categorizes LLM responses into five distinct classes, moving beyond the traditional binary classification. This approach provides more granular insights into the AI's behavior, improving diagnostic precision and enabling more targeted enhancements to the system's safety and robustness.

Cryptography and Security,Artificial Intelligence,Computation and Language,Emerging Technologies

Paul J. Taylor,Coral J. Dando,Thomas C. Ormerod,Linden J. Ball,Marisa C. Jenkins,Alexandra Sandham,Tarek Menacere

DOI: https://doi.org/10.1037/lhb0000032

2013-01-01

Law and Human Behavior

Abstract:The act of conducting an insider attack carries with it cognitive and social challenges that may affect an offender's day-to-day work behavior. We test this hypothesis by examining the language used in e-mails that were sent as part of a 6-hr workplace simulation. The simulation involved participants (N = 54) examining databases and exchanging information as part of a four-stage organized crime investigation. After the first stage, 25% of the participants were covertly incentivized to act as an "insider" by providing information to a provocateur. Analysis of the language used in participants' e-mails found that insiders became more self-focused, showed greater negative affect, and showed more cognitive processing compared to their coworkers. At the interpersonal level, insiders showed significantly more deterioration in the degree to which their language mimicked other team members over time. Our findings demonstrate how language may provide an indirect way of identifying employees who are undertaking an insider attack.

law,psychology, social

Schmitt, Marc

DOI: https://doi.org/10.1007/s10462-024-10973-2

IF: 9.588

2024-10-13

Artificial Intelligence Review

Abstract:The advancement of Artificial Intelligence (AI) and Machine Learning (ML) has profound implications for both the utility and security of our digital interactions. This paper investigates the transformative role of Generative AI in Social Engineering (SE) attacks. We conduct a systematic review of social engineering and AI capabilities and use a theory of social engineering to identify three pillars where Generative AI amplifies the impact of SE attacks: Realistic Content Creation, Advanced Targeting and Personalization, and Automated Attack Infrastructure. We integrate these elements into a conceptual model designed to investigate the complex nature of AI-driven SE attacks—the Generative AI Social Engineering Framework. We further explore human implications and potential countermeasures to mitigate these risks. Our study aims to foster a deeper understanding of the risks, human implications, and countermeasures associated with this emerging paradigm, thereby contributing to a more secure and trustworthy human-computer interaction.

computer science, artificial intelligence