Recent trends in Social Engineering Scams and Case study of Gift Card Scam

Social engineering scams (SES) has been existed since the adoption of the telecommunications by humankind. An earlier version of the scams include leveraging premium phone service to charge the consumers and service providers but not limited to. There are variety of techniques being considered to scam the people due to the advancements in digital data access capabilities and Internet technology. A lot of research has been done to identify the scammer methodologies and characteristics of the scams. However, the scammers finding new ways to lure the consumers and stealing their financial assets. An example would be a recent circumstance of Covid-19 unemployment, which was used as a weapon to scam the US citizens. These scams will not be stopping here, and will keep appearing with new social engineering strategies in the near future. So, to better prepare these kind of scams in ever-changing world, we describe the recent trends of various social engineering scams targeting the innocent people all over the world, who oversight the consequences of scams,and also give detailed description of recent social engineering scams including Covid scams. The social engineering scan threat model architecture is also proposed to map various scams. In addition, we discuss the case study of real-time gift card scam targeting various enterprise organization customers to steal their money and put the organization reputation in stake. We also provide recommendations to internet users for not falling a victim of social engineering scams. In the end, we provide insights on how to prepare/respond to the social engineering scams by following the security incident detection and response life cycle in enterprises

[1]  Rana Alabdan,et al.  Phishing Attacks Survey: Types, Vectors, and Technical Approaches , 2020, Future Internet.

[2]  Monark Bag,et al.  A Comprehensive Study of Social Engineering Based Attacks in India to Develop a Conceptual Model , 2012 .

[3]  Ahthasham Sajid,et al.  A Survey on Modern Cloud Computing Security over Smart City Networks: Threats, Vulnerabilities, Consequences, Countermeasures, and Challenges , 2021, Electronics.

[4]  RYAN HEARTFIELD,et al.  A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks , 2015, ACM Comput. Surv..

[5]  Ville Leppänen,et al.  “You have a Potential Hacker’s Infection”: A Study on Technical Support Scams , 2017, 2017 IEEE International Conference on Computer and Information Technology (CIT).

[6]  Ali Abdallah Alalwan,et al.  Investigating the impact of social media advertising features on customer purchase intention , 2018, Int. J. Inf. Manag..

[7]  Mustaque Ahamad,et al.  Phoneypot: Data-driven Understanding of Telephony Threats , 2015, NDSS.

[8]  Micky Lee,et al.  Google ads and the blindspot debate , 2011 .

[9]  Adam Doupé,et al.  SoK: Everyone Hates Robocalls: A Survey of Techniques Against Telephone Spam , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[10]  Nick Nikiforakis,et al.  Dial One for Scam: A Large-Scale Analysis of Technical Support Scams , 2016, NDSS.

[11]  Alice Hutchings,et al.  Measuring eWhoring , 2019, Internet Measurement Conference.

[12]  Naci Akdemir,et al.  How Phishers Exploit the Coronavirus Pandemic: A Content Analysis of COVID-19 Themed Phishing Emails , 2021, SAGE Open.

[13]  Monica T. Whitty,et al.  Anatomy of the online dating romance scam , 2015 .

[14]  Miltos Petridis,et al.  Seen the villains: Detecting Social Engineering Attacks using Case-based Reasoning and Deep Learning , 2019, ICCBR Workshops.

[15]  Noor Zaman,et al.  Ten Deadly Cyber Security Threats Amid COVID-19 Pandemic , 2020 .

[16]  Damon McCoy,et al.  There Are No Free iPads: An Analysis of Survey Scams as a Business , 2013, LEET.

[17]  Lin Liu,et al.  Contemplating social engineering studies and attack scenarios: A review study , 2019, Secur. Priv..

[18]  Sanghee Oh,et al.  Why do social network site users share information on Facebook and Twitter? , 2015, J. Inf. Sci..

[19]  Georgios Kambourakis,et al.  Automatic Detection of Online Recruitment Frauds: Characteristics, Methods, and a Public Dataset , 2017, Future Internet.

[20]  Naima Kaabouch,et al.  Social Engineering Attacks: A Survey , 2019, Future Internet.

[21]  Nikolaos Pitropakis,et al.  Towards Lightweight URL-Based Phishing Detection , 2021, Future Internet.

[22]  Li Li,et al.  Dating with Scambots: Understanding the Ecosystem of Fraudulent Dating Applications , 2018, IEEE Transactions on Dependable and Secure Computing.

[23]  B. R. Chandavarkar,et al.  Social Engineering Attacks During the COVID-19 Pandemic , 2021, SN Comput. Sci..

[24]  Markus Jakobsson,et al.  Case Study: Romance Scams , 2016, Understanding Social Engineering Based Scams.

[25]  Nikolaos Polatidis,et al.  SEADer++: social engineering attack detection in online environments using machine learning , 2020, Journal of Information and Telecommunication.

[26]  Gary Wills,et al.  Analysis of threats on a VoIP based PBX honeypot , 2019 .

[27]  Ponnurangam Kumaraguru,et al.  Under the Shadow of Sunshine: Characterizing Spam Campaigns Abusing Phone Numbers Across Online Social Networks , 2018, WebSci.

[28]  Elaine Shi,et al.  Understanding Craigslist Rental Scams , 2016, Financial Cryptography.

[29]  Antesar M. Shabut,et al.  A literature review on phishing crime, prevention review and investigation of gaps , 2016, 2016 10th International Conference on Software, Knowledge, Information Management & Applications (SKIMA).

[30]  Markus Jakobsson,et al.  Scambaiter: Understanding Targeted Nigerian Scams on Craigslist , 2014, NDSS.

[31]  William K. Robertson,et al.  Surveylance: Automatically Detecting Online Survey Scams , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[32]  Qian Cui,et al.  Tracking Phishing Attacks Over Time , 2017, WWW.

[33]  Gianluca Stringhini,et al.  Automatically Dismantling Online Dating Fraud , 2019, IEEE Transactions on Information Forensics and Security.

[34]  Aurélien Francillon,et al.  SoK: Fraud in Telephony Networks , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[35]  Ahmed A. Alzahrani,et al.  Coronavirus Social Engineering Attacks: Issues and Recommendations , 2020 .

[36]  Terry Nelms Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud , 2017 .