Abstract
The methods we have described in the last four chapters work within cyberspace and involve only an occasional human other than the attacker. But most human deception involves non-cyber interactions between people. There are plenty of semi-cyberdeception methods used by cyberattackers, for which the terms “social engineering” and “scams” are appropriate. Social media (Tsikerdekis and Zeadally 2014) are a particularly fertile ground for deception in social engineering. Untrained people are not particularly good at detecting deception, and this aids social engineering (Qin and Burgoon 2007).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Almeshekah M, Atallah M, Gutierrez C, Spafford E (2015) ErsatzPasswords: ending password cracking and detecting password leakage. In: Proceedings of annual computer security applications conference, Los Angeles, CA, 7–11 Dec, 2015. pp 311–320
Awad N, Fitzgerald K (2005) The deceptive behaviors that offend us most about spyware. Commun ACM 48(8):55–60
Boese A (2006) Hippo easts dwarf: a field guide to hoaxes and other bs. Harcourt, Orlando, FL
Bojinov H, Boneh D, Boyen X, Burszstein E (2010) Kamouflage: Loss-resistant password management. In: Proceedings of the 15th European conference on research in computer security. Springer, lecture notes in computer science 6345, pp 286–302
Bowen F, Kemerlis V, Prabhu, P, Keromytis A, Stolfo S (2010) Automating the injection of believable decoys to detect snooping. In: Proceedings of the 3rd ACM conference on wireless network security, Hoboken, NJ, 22–24 Mar. pp 81–86
Cenys A, Rainys D, Radvilavius L, Gotanin N (2005) Implementation of honeytoken module in DSMS Oracle 9iR2 Enterprise Edition for internal malicious activity detection. Proceedings of conference on detection of intrusions, malware, and vulnerability assessment, Vienna, Austria, Jul 2005
Cybenko G, Giani A, Thompson P (2002) Cognitive hacking: a battle for the mind. IEEE Comput 35(8):50–56
Dunnigan J, Nofi A (2001) Victory and deceit, second edition: deception and trickery in war. Writers Club Press, San Jose, CA
Erdie P, Michael J (2005) Network-centric strategic-level deception. In: Proceedings of the 10th International command and control research and technology symposium, McLean, VA
Gerwehr S, Rothenberg J, Anderson R (1999) An arsenal of deceptions for INFOSEC. Project Memorandum, National Defense Research Institute, Rand Corp., PM-1167-NSA, October
Gharabally N, El-Sayed N, Al-Mulla S, Ahmad I (2009) Wireless honeypots: survey and assessment. In: Proceedings of the International conference on information science, technology, and applications, Kuwait, Mar 20–22. pp 45–52
Grazioli S, Jarvenpaa S (2000) Perils of Internet fraud: An empirical investigation of deception and trust with experienced Internet consumers. IEEE Trans Syst Man Cybernetics A 30(4):395–410
Kshetri N (2014) Cyberwarfare in the Korean Peninsula: asymmetries and strategic responses. East Asia 31:183–201
Kuhnhauser W (2004) Root kits: an operating systems viewpoint. ACM SIGOPS Operat Syst Rev 38(1):12–23
Mitnick K (2002) The art of deception. Cyber Age Books, New York
Mukherjee A, Kumar A, Liu B, Wang J, Hsu M, Castellaneos M, Ghosh R (2013) Spotting opinion spammers using behavioral footprints. In: Proceedings of the 19th ACM SIGKDD international conference on knowledge discovery and data mining, Chicago, IL, 11–14 Aug 2013. pp 632–640
Qin T, Burgoon J (2007) Judgment in detecting deception on potential implications in countering social engineering. IEEE International conference on intelligence and security informatics, New Brunswick, NJ, 23–24 May, 2007. pp 152-159
Ravia F (2004) Trolling lore. www.searchlores.org/trolls.htm. Accessed 23 Nov 2004
Seife C (2015) Virtual unreality: The new era of digital deception. Penguin, New York
Spafford E (2011) More than passive defense. www.cerias.purdue.edu/site/ blog/post/more_than_passive-defense. Accessed 20 Jan, 2016
Spitzner L (2005) Honeytokens: the other honeypot. www.securityfocus.com/ infocus/1713. Accessed 30 May, 2005
Thompson R (2005) Why spyware poses multiple threats to security. Commun ACM 48(8):41–43
Tsikerdekis M, Zeadally S (2014) Online deception in social media. Commun ACM 57(9):72–80
Xiao B, Benbasat I (2007) Product-related deception in e-commerce: a theoretical perspective. MIS Q 35(1):169–195
Yuill J, Zappe M, Denning D, Feer F (2004) Honeyfiles: deceptive files for intrusion detection. In: Proceedings of the workshop on information assurance, West Point, NY, 10–11 Jun 2004
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Rowe, N.C., Rrushi, J. (2016). Defensive Social Engineering. In: Introduction to Cyberdeception. Springer, Cham. https://doi.org/10.1007/978-3-319-41187-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-41187-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-41185-9
Online ISBN: 978-3-319-41187-3
eBook Packages: Computer ScienceComputer Science (R0)