بررسی تأثیر روش‌های مهندسی‌ اجتماعی بر آسیب‌پذیری کارکنان (نمونه موردی: کارمندان شهرداری تهران)

[1] K.Mitnick,W.Simon and S.Wozniak,”The Art of Deception: Controlling the  Human Element of Security”, NJ: Wiley, 2002.

[2] Social Engineer, “Security though education”, Retrieved March 29, 2016, from The Social Engineering Framework: http://www.social-engineer. org/framework/psychological, 2016.

[3] Symantec Corporation,”INTERNET SECURITY THREAT REPORT”,Retrieved 31 03,2016,from http://www.symantec.com/content/en/us/enterprise/other_resources/bistr_main_report_v19_21291018.en-us.pdf, 2014. 

[4] R.Ballagas, M.Rohs, J.Sheridan and J.Borchers, “Byod: Bring your own device”, In Proceedings of the Workshop on Ubiquitous Display Environments, Ubicomp, 2004.

[5] W.Shen, “Active Social Engineering Defense (ASED)”, Defense Advanced Research Projects Agency Program Information. Accessed February 1, 2019. https://www.darpa.mil/program/active-social engineering-defense, 2019.

[6] A.Chantler and R.Broadhurst, “Social Engineering and Crime Prevention in Cyberspace”, Queensland University of Technology, 2006.

[7] C.Hadnagy, “Social Engineering: The Art of Human Hacking”, NJ: Wiley, 2011.

[8] T.Qin and J.Burgoon, “An Investigation of Heuristics of Human Judgment in Detecting Deception and Potential Implications in Countering Social Engineering. Intelligence and Security Informatics”, IEEE, pp. 152–159, 2007.

[9] N.Verma, “Social Engineering: A Means to Violate a Computer System”, Publisher Global Vision Publishing House, 2011.

[10] K.D.Mitnick, “The Art of Deception - Controlling the Human Element of Security”,  Indiana,Wiley Publishing, p.16, 2003.

[11] B.Oosterloo, “Managing Social Engineering Risk”, University of Twente, 2008

[12] N.Pavkovic and L.Perkov, “Social Engineering Toolkit—A systematic approach to social engineering”, 34th IEEE International Convention MIPRO, Opatija, Croatia, pp.1485–1489, 2011.

[13] A.V.Grebmer, “Information and IT Risk Management in a Nutshell: A Pragmatic Approach to Information Security”. Publisher. BoD – Books on Demand. pp.58-74, 2008.

[14] M.Erbschloe, “Social Engineering-Hacking systems,nations and societies”, Translated by Seyyedhasan Hoseiny, Tehran, Sabah, 1400.(In Persian)

[15] H.Kim, D.Yoo, J.Kang and Y.Yeom,  “Dynamic ransomware protection using deterministic random bit generator”, In Proceedings of the IEEE Conference on Applications, Information and Network Security, Miri, Malaysia, pp.1–6, 2017.

[16] S.Wang, S.Zhu and Y.Zhang, “Blockchain-based mutual authentication security protocol for distributed RFID systems”, In Proceedings of the IEEE Symposium on Computers and Communications, Natal, Brazil, pp.74–77, 2018.

[17] L.Segovia, F.Torres, M.Rosillo, E.Tapia, F.Albarado and D.Saltos, “Social engineering as an attack vector for ransomware”, In Proceedings of the Conference on Electrical Engineering and Information Communication Technology, Pucon, Chile, pp.1–6, 2017.

[18] D.F.Sittig and H.Singh, “Asocio-technical approach to preventing, mitigating and recovering from ransomware attacks”, Appl. Clin. Inform, pp. 624–632, 2016.

[19] B.Arya and K.Chandrasekaran, “A client-side anti-pharming (CSAP) approach”, In Proceedings of the IEEE International Conference on Circuit, Power and Computing Technologies (ICCPCT), Nagercoil, India, pp.1–10, 2016. 

[20] Kaspersky, “Pharming definition”, https://www.kaspersky.com/resource-center/definitions/pharming, 2021.

[21] E.Aharoni, “What is a Watering Hole attack and how to prevent them” https://blog.cymulate.com/watering-hole-attack-dont-drink-water, 2021

[22] N.Pokrovskaia, “Social engineering and digital technologies for the security of the social capital’development”, In Proceedings of the International Conference of Quality Management, Transport and Information Security, Petersburg, Russia, pp.16–19, 2017.

[23] K.Krombholz, H.Hobel, M.Huber and  E.Weippl, “Advanced social engineering attacks”. J. Inf. Secur. Appl, pp. 113–122, 2014

[24] K.Axelton, “what is shoulder surfing” https://www.experian.com/blogs/ask-experian/what-is-shoulder-surfing/, 2020

[25] L.Xiangyu, L.Qiuyang and S.Chandel, “Social engineering and Insider threats”, In Proceedings of the International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, Nanjing, China, pp.25–34, 2017.

[26] Y.Diogenes and E.Ozkaya, “Cybersecurity –Attack and Defense Strategies”, https://www.oreilly.com/library/view/cybersecurity-attack/9781788475297/6a6d16cf-64bb-411e-bba2-ecbd10ad2d88.xhtml, 2021

[27] P.Patil and P.Devale, “A literature survey of phishing attack technique”, Int. J. Adv. Res. Comput. Commun. Eng, pp.198–200, 2016.

[28] S.Granger, “Social engineering fundamentals”, www.securityfocus.com/infocus/1527 and 1533, 2006.

[29] S.A.Moosavi, “Social Engineering,Art of Psychological War, Human Hacking,Persuation and Deception”, Tehran.Nasleroshan, 2020.(In Persian)

[30] S.Aslany and H.Eskandary, “An overview of the Importance of Compassion in Community Security”, Rooyesh-e-Ravanshenasi, vol.7, no.11, Serial no.32, pp.341-354, 2019. (In Persian)

[31] G.Seidman, “Why Do We Like People Who Are Similar to Us?”,  https://www.psychologytoday.com/us/blog/close-encounters/201812/why-do-we-people-who-are-similar-us, 2021.

[32] R.Cialdini, “Influence: The Psychology of Persuasion”, New York,Harper Business, 2006

[33] US Commodity Futures Trading Commission, “Foreign Currency Trading (Forex) Fraud”,  https://www.cftc.gov/ConsumerProtection/FraudAwarenessPrevention/CFTCFraudAdvisories/fraudadv_forex.html, 2019

[34] D.Gragg, “A Multi-Level Defense Against Social Engineering”, SANS Institute, InfoSec Reading Room, pp.13-18, 2003.

[35] S.Stasiukoni, “ Social Engineering, the USB Way”, http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=208803634,  2013.

[36] L.J.Janczewski and  A.Colarik, “Cyber Warfare and Cyber Terrorism”, Pennsylvania, Idea Group Inc, 2008.

[37] K.Beckers, S.Pape, “A serious game for eliciting social engineering security requirements”, In Proceedings of the International Requirements Engineering Conference, Beijing, China,pp.16–25, 2016.

[38] L.Peotta, M.D.Holtz, B.M.David, F.G.Deus and R.T.De Sousa, “A formal classification of internet banking attacks and vulnerabilities”,Int. J. Comput. Sci. Inf. Technol. 3,pp.186–197, 2011.

[39] G.Ho, A.Sharma, M.Javed, V.Paxson and  D.Wagner, “Detecting credential spearphishing in enterprise settings”, In Proceedings of the 26th USENIX Security Symposium, Vancouver, BC, Canada, pp.469–485, 2017.

[40] Techopedia Dictionary, “Whaling Definition”, https://www.techopedia.com/definition/28643/whaling, 2016.

[41] E.O.YeboahBoateng and P.M.Amanor, “Phishing,SMiShing&Vishing:Anassessment of threats against mobile devices” J. Emerg. Trends Comput. Inf. Sci. 5, pp.297–307, 2014

[42] H.Tu, A.Doupé, Z.Zhao and G.J.Ahn, “Everyone hates robocalls: A survey of techniques against telephone spam”, In Proceedings of the IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA. pp. 320–338, 2016.

[43] T.Braun, B.C.Fung, F.Iqbal and B.Shah, “Security and privacy challenges in smart cities”, Sustain. Cities Soc, pp.39,499-507, 2018

[44] Sophos, “Sophos facebook id probe shows 41% of users happy to reveal all to potential identity thieve”. http://www.sophos.com/en-us/press, 2007

[45] I.Ghafir, “Social engineering attack strategies and defence approaches”, In Proceedings of the IEEE International Conference on Future Internet of Things and Cloud, Vienna, Austria,PP.1–5, 2016

[46] G.Costantino, A.La Marra, F.Martinelli, and I.Matteucci, “CANDY: A social engineering attack to leak information from infotainment system”, In Proceedings of the IEEE Vehicular Technology Conference, Porto, Portugal, pp.1– 5, 2018.

[47] Federal Financial Institutions Examination Council, “Security Culture”, https://ithandbook.ffiec.gov/it-booklets/information-security/i-governance-of-the-information-security-program/ia-security-culture.aspx, 2019

[48] S.Abraham, “An overview of social engineering malware: Trends, tactics, and implications”, Technology in Society, p.183, 2010.

[49] D.Ashenden, “Information Security management: A human challenge?”,  Information Security Technical Report, 2008.

[50] R.Heartfield and G.Loukas, “ A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks”, ACM Comput, Surv, pp.48, 1–37, 2016.