Method of Obtaining Data from Open Scientific Sources and Social Engineering Attack Simulation

Marusenko, Roman та Sokolov, V. Y. та Bogachuk, Ivan (2022) Method of Obtaining Data from Open Scientific Sources and Social Engineering Attack Simulation Lecture Notes on Data Engineering and Communications Technologies (135). с. 583-594. ISSN 2367-4512

[thumbnail of Marusenko_R_Sokolov_V_Bogachuk_I_LNDECT_135.pdf] Текст
Marusenko_R_Sokolov_V_Bogachuk_I_LNDECT_135.pdf - Довідковий матеріал

Download (86kB)
Офіційне посилання: https://link.springer.com/chapter/10.1007/978-3-03...

Анотація

Anti-spam software is constantly being improved. User behavior algorithms—the ability to recognize and correctly respond to phishing messages are widely known. The task of our research is to elaborate a way of effective dataset preparation from open scientific sources and test the efficacy of phishing attacks on a sample of respondents who represent the scientific community, as well as cybersecurity specialists. We developed and tested a method of mining data necessary for effective phishing attacks from open scientific sources. Authors suggest automated scripts to check the legitimacy of gathered data before use and to automate mailing bypassing spam detection algorithms. Elaborated scripts can be used not only for simulated attacks but for legitimate datasets cleaning and mass mailing. The experiment results confirm that successful phishing mailing is possible. Both scholars and cybersecurity specialists are vulnerable to this type of phishing attack based solely on open data. The study shows the way of effective testing and bypassing existing spam filters in the “black box” mode without knowledge of their algorithms. Even though these attacks are well-known and studied from the psychological perspective, we show that the scientific community and, in particular, the study demonstrates no difference in the vulnerability level to this type of attack between cybersecurity specialists and other scholars. We conclude that existing spam filters do not prevent phishing messages’ mass delivery and require further improvement. The degree of users who still trust emails from an unknown source masquerading as legitimate ones and sending their data in return without caution remains relatively high in the scientific community and, particularly in a community of academic cybersecurity scholars.

Тип елементу : Стаття
Додаткова інформація: DOI: 10.1007/978-3-031-04809-8_53 EID: 2-s2.0-85129657396
Ключові слова: Deduplication; Email validation; ORCID; Phishing; Social engineering; Spam filter
Типологія: Це архівна тематика Київського університету імені Бориса Грінченка > Статті у наукометричних базах > Scopus
Підрозділи: Це архівні підрозділи Київського університету імені Бориса Грінченка > Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки імені професора Володимира Бурячка
Користувач, що депонує: Volodymyr Sokolov
Дата внесення: 20 Трав 2022 08:39
Останні зміни: 20 Трав 2022 08:39
URI: https://elibrary.kubg.edu.ua/id/eprint/41098

Actions (login required)

Перегляд елементу Перегляд елементу