Social Engineering

An ordinary computer user/human is usually considered as the weakest link in a security chain designed for any information system. Present research at CIMACS investigates how Social Engineering (SE) tactices are being utilized by malicious elements (data, financial or personal information thieves, hackers/crackers) using sophisiticated scenarios to compromise information security. Social engineering attacks may usually result in financial or personal loss to individuals and organizations which may fall into one of the below categories.

1. Personal information: Obtaining personal information of unsuspecting users for utilization in cyber-crimes.
2. Corporation information: Getting hold of confidential corporate data on organizations.
3. Compromising, encrypting and holding for ransom (ransomware), data vital to individual users and organizations.

The aim of present projects at CIMACS is to ascertain and educate the end-users (the weakest link) about SE tactics. A series of studies are ongoing in this regard using online as well as physical social engineering tactics to raise general cyber security awareness and provide resources to end-users to deal with SE attacks. Onging SE studies at CIMACS involve the following.

* Devising innovative methods to conduct social engineering studies.
* Raising awareness about SE attacks using surveys/questionnaires.
* Devise a counter-strategy plan to mitigate such attacks through user awareness. A series of workshops have been arranged in this regard.
* Develop a mobile application to let users determine if a possible email, USB device, website has the tell-tale signs identifying it as a possible SE attack.

Relevant publications in this regard include Social Engineering: Revisiting End-User Awareness and Susceptibility to Classical Attack Vectors winning the best paper award at IEEE ICET 2017. Further research papers/studies are in the pipeline.