Fool Me Once, Shame on Me - A Qualitative Interview Study of Social Engineering Victims

Authors

  • Silje Berg NTNU / mnemonic
  • Tilde Thorvik NTNU / Netlight
  • Per Håkon Meland SINTEF / NTNU

Keywords:

social engineering, shame, victimization, romance scam, phishing, interview

Abstract

Security breaches still continue to flourish despite of the many technical measures in place. More often than not, the human users get the blame. Social engineering attacks use various manipulation techniques to fool users into giving away sensitive information or make security mistakes that are further exploited in cyber attacks. This study has investigated how common, cyber-enabled social engineering attacks, such Business Email Compromise (BEC) phishing and romance scams can be used to exploit individuals, systems or organizations. We investigate studies from the literature and apply a qualitative approach based on in-depth interviews with sample victims of such attacks. Our results contribute to the understanding of why established social engineering protection measures sometimes fail and how the victims have experienced the aftermath of such events. Based on our findings and literature comparison, we provide reflections on how mitigations can be improved to reduce the success rate of social engineering attacks.

Downloads

Download data is not yet available.
A viking ship where the sail is a Linear Feedback Shift Register, and teh shields are zeros and ones, sailing on a sea that is NISK

Downloads

Published

2023-11-28

How to Cite

[1]
S. Berg, T. Thorvik, and P. H. Meland, “Fool Me Once, Shame on Me - A Qualitative Interview Study of Social Engineering Victims”, NIKT, no. 3, Nov. 2023.

Issue

No. 3 (2023): NISK Norsk informasjonssikkerhets-konferanse

Section

Regular papers

License

Copyright (c) 2023 CC BY 4.0 Deed

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.