+7 925 966 4690, 9am6pm (GMT+3), Monday – Friday
ИД «Финансы и кредит»

JOURNALS

  

FOR AUTHORS

  

SUBSCRIBE

    
National Interests: Priorities and Security
 

Social engineering as a source of risks in online banking services

Vol. 13, Iss. 9, SEPTEMBER 2017

PDF  Article PDF Version

Received: 19 July 2017

Received in revised form: 6 August 2017

Accepted: 24 August 2017

Available online: 2 October 2017

Subject Heading: THREATS AND SECURITY

JEL Classification: G21, G39, L86

Pages: 1747–1760

https://doi.org/10.24891/ni.13.9.1747

Revenkov P.V. Financial University under Government of Russian Federation, Moscow, Russian Federation
pavel.revenkov@mail.ru

Berdyugin A.A. Financial University under Government of Russian Federation, Moscow, Russian Federation
a40546b@gmail.com

Importance Intended for stealing confidential information, social engineering is manipulation of people's actions without any technical means, playing upon biases of the human factor. In finance and banking, it causes breaches in data protection that threaten to the business continuity and security. This subject arises from the improper preparation of customers using electronic financial services that results in thefts from bank accounts.
Objectives The research explores the mutual relation of actions undertaken by data generating functions. We also analyze social engineering techniques for swindling a victim, and undertaking appropriate countermeasures. We also devise methods to reinforce cybersecurity.
Methods The research involves mathematical computations and methods of a systems analysis of scientific literature on theoretical and applied researches. We also applied a pedagogical approach to studying and summarizing the existing experience. The article analyzes the cause-and-effect relations from cyber criminal–victim perspectives.
Results We refer to particular examples of social engineering crimes and countermeasures. We substantiate the importance of conventional training for countering cyber crimes. We devise intellectual development methods, organizational and legal methods for countering social engineering. The article describes how the user's social engineering legitimacy correlates with information security violations.
Conclusions and Relevance The value and novelty of this research are that it provides recommendations for elevating users' literacy with respect to remote banking so to mitigate cyber crime risks. The findings can be used by financial and educational institutions to corroborate the dependence of cybercrimes on the users' literacy and intellectual development methods.

Keywords: online banking, cybersecurity, risk, human factor, commercial bank, social engineering

References:

  1. Mezhdunarodnoe i zarubezhnoe finansovoe regulirovanie: instituty, sdelki, infrastruktura: monografiya [International and foreign financial regulation: Institutes, transactions, infrastructure: a monograph]. Moscow, KnoRus Publ., 2014, 640 p.
  2. Sychev A.M., Revenkov P.V., Dudka A.B. Bezopasnost' elektronnogo bankinga [E-banking security]. Moscow, Intellektual'naya literatura Publ., 2017, 318 p.
  3. King B. Bank 3.0. Pochemu segodnya bank – eto ne to, kuda vy khodite, a to, chto vy delaete [Bank 3.0: Why Banking is No Longer Somewhere You Go But Something You Do]. Moscow, Olimp-Biznes Publ., 2014, 520 p.
  4. Edwards M., Larson R., Green B. et al. Panning for Gold: Automatically Analysing Online Social Engineering Attack Surfaces. Computers & Security, 2017, vol. 69, pp. 18–34. URL: Link
  5. Lyamin L.V. Primenenie tekhnologii elektronnogo bankinga: risk-orientirovannyi podkhod [The use of e-banking technologies: A risk-based approach]. Moscow, KnoRus Publ., 2011, 336 p.
  6. Krombholz K., Hobel H., Huber M., Weippl E. Advanced Social Engineering Attacks. Journal of Information Security and Applications, 2015, vol. 22, pp. 113–122. URL: Link
  7. Mouton F., Leenen L., Venter H.S. Social Engineering Attack Examples, Templates and Scenarios. Computers & Security, 2016, vol. 59, pp. 186–209. URL: Link
  8. Safa N.S., von Solms R., Futcher L. Human Aspects of Information Security in Organizations. Computer Fraud & Security, 2016, vol. 2016, iss. 2, pp. 15–18. URL: Link30017-3
  9. Hadnagy Ch., Wilson P. Social Engineering: The Art of Human Hacking. Wiley Publishing, Inc., 2010, 416 p.
  10. Mouton F., Malan M.M., Kimppa K.K., Venter H.S. Necessity for Ethics in Social Engineering Research. Computers & Security, 2015, vol. 55, pp. 114–127. URL: Link
  11. Rogozin D.O., Sheremet I.A., Garbuk S.V., Guba A.M. Vysokie tekhnologii v SShA: opyt ministerstva oborony i drugikh vedomstv [High technology in the United States: The experience of the Ministry of Defense and other agencies]. Moscow, Moscow State University Publ., 2013, 384 p.
  12. Revenkov P.V., Berdyugin A.A. [Expansion of the operational risk profile in banks under increase of DDoS-threats]. Voprosy kiberbezopasnosti = Cybersecurity Issues, 2017, no. 3, pp. 16–23. (In Russ.)
  13. Sun Tzu. Iskusstvo voiny [The Art of War]. Moscow, AST Publ., 2017, 192 p.

View all articles of issue

 

ISSN 2311-875X (Online)
ISSN 2073-2872 (Print)

Journal current issue

Vol. 20, Iss. 3
March 2024

Archive