Skip to main content

Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior

  • Conference paper
  • First Online:
Applied Technologies (ICAT 2021)

Abstract

One of the most effective attacks on cybersecurity is Social Engineering, in which the attacker deceives an end-user to steal its credentials and perpetrate cyber-crimes. There are hardware and software countermeasures to deal with these types of attacks. However, people themselves are the most vulnerable link in this security chain. In addition, there are influencing factors in people’s behavior, which make them more vulnerable. This study aims to determine the most common characteristics that make users vulnerable, either individually or in groups. For this, we conduct an exploratory and descriptive study on administrative, lecturers, and students of a higher education institution on four scales that consider the following behaviors: risk behavior, conservative behavior, exposure to offense, and perception of risk. The results obtained show that users with risky behavior are the most exposed to a Social Engineering attack. We also concluded that the analyzed groups of lecturers and administrators are less likely to be victims of these attacks than students. Finally, we inferred that people who spend more time in front of a computer and are more permissive of risky behaviors are more vulnerable to these attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Benavides, E., Fuertes, W., Sanchez, S., Nuñez-Agurto, D.: Caracterización de los ataques de phishing y técnicas para mitigarlos. Ataques: una revisión sistemática de la literatura. Cienc. y Tecnol. 13(1), 97–104 (2020). https://doi.org/10.18779/CYT.V13I1.357

    Article  Google Scholar 

  2. Benavides, E., Fuertes, W., Sanchez, S., Sanchez, M.: Classification of phishing attack solutions by employing deep learning techniques: a systematic literature review. In: Rocha, Á., Pereira, R.P. (eds.) Developments and Advances in Defense and Security. SIST, vol. 152, pp. 51–64. Springer, Singapore (2020). https://doi.org/10.1007/978-981-13-9155-2_5

    Chapter  Google Scholar 

  3. Aldawood, H., Skinner, G.: Educating and raising awareness on cyber security social engineering: a literature review. In: 2018 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE), pp. 62–68, December 2018. https://doi.org/10.1109/TALE.2018.8615162

  4. Ye, Z., Guo, Y., Ju, A., Wei, F., Zhang, R., Ma, J.: A risk analysis framework for social engineering attack based on user profiling. J. Organ. End User Comput. 32(3) (2020). https://doi.org/10.4018/JOEUC.2020070104

  5. Muslah Albladi, S., Weir, G.R.S.: A conceptual model to predict social engineering victims. In: Proceedings of the 12th International Conference on Global Security, Safety and Sustainability, ICGS3 2019, April 2019. https://doi.org/10.1109/ICGS3.2019.8688352

  6. Öğütçü, G., Testik, Ö.M., Chouseinoglou, O.: Analysis of personal information security behavior and awareness. Comput. Secur. 56, 83–93 (2016). https://doi.org/10.1016/j.cose.2015.10.002

    Article  Google Scholar 

  7. Analyzing Likert Data

    Google Scholar 

  8. Milne, G.R., Labrecque, L.I., Cromer, C.: Toward an understanding of the online consumer’s risky behavior and protection practices. J. Consum. Aff. 43(3), 449–473 (2009). https://doi.org/10.1111/J.1745-6606.2009.01148.X

    Article  Google Scholar 

  9. Ng, B.Y., Kankanhalli, A., (Calvin) Xu, Y.: Studying users’ computer security behavior: a health belief perspective. Decis. Support Syst. 46(4), 815–825 (2009). https://doi.org/10.1016/J.DSS.2008.11.010

  10. Horst, M., Kuttschreuter, M., Gutteling, J.M.: Perceived usefulness, personal experiences, risk perception and trust as determinants of adoption of e-government services in The Netherlands. Comput. Hum. Behav. 23(4), 1838–1852 (2007). https://doi.org/10.1016/J.CHB.2005.11.003

    Article  Google Scholar 

Download references

Acknowledgment

The authors would like to thank the Universidad de las Fuerzas Armadas-ESPE of Sangolquí, Ecuador, for the resources granted to develop the research project entitled: “Detection and Mitigation of Social Engineering attacks applying Cognitive Security”, coded as PIC-2020-SOCIAL-ENGINEERING.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Eduardo Benavides-Astudillo .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Benavides-Astudillo, E. et al. (2022). Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior. In: Botto-Tobar, M., Montes León, S., Torres-Carrión, P., Zambrano Vizuete, M., Durakovic, B. (eds) Applied Technologies. ICAT 2021. Communications in Computer and Information Science, vol 1535. Springer, Cham. https://doi.org/10.1007/978-3-031-03884-6_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-03884-6_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-03883-9

  • Online ISBN: 978-3-031-03884-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics