Skip to main content

Method of Obtaining Data from Open Scientific Sources and Social Engineering Attack Simulation

  • 114 Accesses

Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT,volume 135)

Abstract

Anti-spam software is constantly being improved. User behavior algorithms—the ability to recognize and correctly respond to phishing messages are widely known. The task of our research is to elaborate a way of effective dataset preparation from open scientific sources and test the efficacy of phishing attacks on a sample of respondents who represent the scientific community, as well as cybersecurity specialists. We developed and tested a method of mining data necessary for effective phishing attacks from open scientific sources. Authors suggest automated scripts to check the legitimacy of gathered data before use and to automate mailing bypassing spam detection algorithms. Elaborated scripts can be used not only for simulated attacks but for legitimate datasets cleaning and mass mailing. The experiment results confirm that successful phishing mailing is possible. Both scholars and cybersecurity specialists are vulnerable to this type of phishing attack based solely on open data. The study shows the way of effective testing and bypassing existing spam filters in the “black box” mode without knowledge of their algorithms. Even though these attacks are well-known and studied from the psychological perspective, we show that the scientific community and, in particular, the study demonstrates no difference in the vulnerability level to this type of attack between cybersecurity specialists and other scholars. We conclude that existing spam filters do not prevent phishing messages’ mass delivery and require further improvement. The degree of users who still trust emails from an unknown source masquerading as legitimate ones and sending their data in return without caution remains relatively high in the scientific community and, particularly in a community of academic cybersecurity scholars.

Keywords

  • Social engineering
  • Spam filter
  • Phishing
  • Deduplication
  • ORCID
  • Email validation

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-031-04809-8_53
  • Chapter length: 12 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   189.00
Price excludes VAT (USA)
  • ISBN: 978-3-031-04809-8
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   249.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.

References

  1. Lallie, H.S., et al.: Cyber security in the age of COVID-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Comput. Secur. 105, 102–248 (2021). https://doi.org/10.1016/j.cose.2021.102248

    CrossRef  Google Scholar 

  2. Khweiled, R., Jazzar, M., Eleyan, D.: Cybercrimes during COVID-19 Pandemic. Int. J. Inf. Eng. Electron. Bus. 13(2), 1–10 (2021). https://doi.org/10.5815/ijieeb.2021.02.01

    CrossRef  Google Scholar 

  3. Jazzar, M., Yousef, R.F., Eleyan, D.: Evaluation of machine learning techniques for email spam classification. Int. J. Educ. Manag. Eng. 11(4), 35–42 (2021). https://doi.org/10.5815/ijeme.2021.04.04

    CrossRef  Google Scholar 

  4. Fan, W., Lwakatare, K., Rong, R.: Social engineering: I-E based model of human weakness for attack and defense investigations. Int. J. Comput. Netw. Inf. Secur. 9(1), 1–11 (2017). https://doi.org/10.5815/ijcnis.2017.01.01

    CrossRef  Google Scholar 

  5. ISO/IEC 27032:2012. Information technology—security techniques—guidelines for cybersecurity. https://www.iso.org/standard/44375.html. Accessed 31 Oct 2021

  6. Cialdini, R.B.: Influence: The Psychology of Persuasion. Rev. Ed. Harper Collins, New York (2017)

    Google Scholar 

  7. Zielinska, O., et al.: The persuasive phish. In: Proceedings of the Symposium and Bootcamp on the Science of Security (2016). https://doi.org/10.1145/2898375.2898382

  8. Arabia-Obedoza, M.R., et al.: Social engineering attacks a reconnaissance synthesis analysis. In: 2020 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (2020). https://doi.org/10.1109/uemcon51285.2020.9298100

  9. Benavides, E., Fuertes, W., Sanchez, S., Sanchez, M.: Classification of phishing attack solutions by employing deep learning techniques: a systematic literature review. In: Rocha, Á., Pereira, R.P. (eds.) Developments and Advances in Defense and Security. SIST, vol. 152, pp. 51–64. Springer, Singapore (2020). https://doi.org/10.1007/978-981-13-9155-2_5

    CrossRef  Google Scholar 

  10. Ona, D., et al.: Phishing attacks: detecting and preventing infected e-mails using machine learning methods. In: 2019 3rd Cyber Security in Networking Conference (2019). https://doi.org/10.1109/csnet47905.2019.9108961

  11. FBI: internet crime report 2020. Comput. Fraud Secur. 2021(4), 4 (2021). https://doi.org/10.1016/s1361-3723(21)00038-5

  12. Internet crime report (2020). https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf. Accessed 31 Oct 2021

  13. Nicholson, J., et al.: Investigating teenagers’ ability to detect phishing messages. In: 2020 IEEE European Symposium on Security and Privacy Workshops (2020). https://doi.org/10.1109/eurospw51379.2020.00027

  14. Gomes, V., Reis, J., Alturas, B.: Social engineering and the dangers of phishing. In: 2020 15th Iberian Conference on Information Systems and Technologies (2020). https://doi.org/10.23919/cisti49556.2020.9140445

  15. Thomas theorem. https://www.oxfordreference.com/view/10.1093/oi/authority.20110803104247382. Accessed 31 Oct 2021

  16. Li, T., Wang, X., Ni, Y.: Aligning social concerns with information system security: A fundamental ontology for social engineering. Inf. Syst. 104, 101699 (2020). https://doi.org/10.1016/j.is.2020.101699

    CrossRef  Google Scholar 

  17. Ferreira, A., Teles, S.: Persuasion: how phishing emails can influence users and bypass security measures. Int. J. Hum.-Comput. Stud. 125, 19–31 (2019). https://doi.org/10.1016/j.ijhcs.2018.12.004

    CrossRef  Google Scholar 

  18. Marusenko, R., Sokolov, V., Buriachok, V.: Experimental evaluation of phishing attack on high school students. In: Hu, Z., Petoukhov, S., Dychka, I., He, M. (eds.) ICCSEEA 2020. AISC, vol. 1247, pp. 668–680. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-55506-1_59

    CrossRef  Google Scholar 

  19. Marusenko, R., et al.: Social engineering penetration testing in higher education institutions. In: Proceedings of the 2nd International Workshop on Cyber Hygiene & Conflict Management in Global Information Networks, pp. 1–12 (2021). [Preprint]

    Google Scholar 

  20. CEUR workshop proceedings. http://ceur-ws.org/. Accessed 31 Oct 2021

  21. Development public API. https://pub.orcid.org/v3.0/#/Development_Public_API_v3.0. Accessed 31 Oct 2021

  22. Sokolov, V., Kurbanmuradov, D.: Method of counteraction in social engineering on information activity objectives. Cybersecur. Educ. Sci. Tech. 1, 6–16 (2018). https://doi.org/10.28925/2663-4023.2018.1.616

    CrossRef  Google Scholar 

  23. Süzen, A.A.: A risk-assessment of cyber attacks and defense strategies in industry 4.0 ecosystem. Int. J. Comput. Netw. Inf. Secur. 12(1), 1–12 (2020). https://doi.org/10.5815/ijcnis.2020.01.01

    CrossRef  Google Scholar 

  24. Anzodev: Mailer. Simple script for making email campaign. https://github.com/anzodev/mailer. Accessed 26 Jan 2022

  25. Annual state of phishing report (2021). https://cofense.com/wp-content/uploads/2021/02/cofense-annual-report-2021.pdf. Accessed 31 Oct 2021

  26. 2021 data breach investigations report. https://enterprise.verizon.com/business/resources/reports/2021-data-breach-investigations-report.pdfx. Accessed 31 Oct 2021

  27. Pilkey, A.: Spam is still the choice of online criminals, 40 years later. https://www.f-secure.com/gb-en/press/p/spam-is-still-the-choice-of-online-criminals-40-years-later. Accessed 31 Oct 2021

  28. Shipley, D.: The hard truths about phishing simulation click rates. https://www.linkedin.com/pulse/hard-truths-phishing-simulation-click-rates-david-shipley. Accessed 31 Oct 2021

  29. Spitzner, L.: Why a phishing click rate of 0% is bad. https://www.sans.org/blog/why-a-phishing-click-rate-of-0-is-bad/. Accessed 31 Oct 2021

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Volodymyr Sokolov .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Marusenko, R., Sokolov, V., Bogachuk, I. (2022). Method of Obtaining Data from Open Scientific Sources and Social Engineering Attack Simulation. In: Hu, Z., Zhang, Q., Petoukhov, S., He, M. (eds) Advances in Artificial Systems for Logistics Engineering. ICAILE 2022. Lecture Notes on Data Engineering and Communications Technologies, vol 135. Springer, Cham. https://doi.org/10.1007/978-3-031-04809-8_53

Download citation