Importance Intended for stealing confidential information, social engineering is manipulation of people's actions without any technical means, playing upon biases of the human factor. In finance and banking, it causes breaches in data protection that threaten to the business continuity and security. This subject arises from the improper preparation of customers using electronic financial services that results in thefts from bank accounts. Objectives The research explores the mutual relation of actions undertaken by data generating functions. We also analyze social engineering techniques for swindling a victim, and undertaking appropriate countermeasures. We also devise methods to reinforce cybersecurity. Methods The research involves mathematical computations and methods of a systems analysis of scientific literature on theoretical and applied researches. We also applied a pedagogical approach to studying and summarizing the existing experience. The article analyzes the cause-and-effect relations from cyber criminal–victim perspectives. Results We refer to particular examples of social engineering crimes and countermeasures. We substantiate the importance of conventional training for countering cyber crimes. We devise intellectual development methods, organizational and legal methods for countering social engineering. The article describes how the user's social engineering legitimacy correlates with information security violations. Conclusions and Relevance The value and novelty of this research are that it provides recommendations for elevating users' literacy with respect to remote banking so to mitigate cyber crime risks. The findings can be used by financial and educational institutions to corroborate the dependence of cybercrimes on the users' literacy and intellectual development methods.
Keywords: online banking, cybersecurity, risk, human factor, commercial bank, social engineering
References:
Mezhdunarodnoe i zarubezhnoe finansovoe regulirovanie: instituty, sdelki, infrastruktura: monografiya [International and foreign financial regulation: Institutes, transactions, infrastructure: a monograph]. Moscow, KnoRus Publ., 2014, 640 p.
Sychev A.M., Revenkov P.V., Dudka A.B. Bezopasnost' elektronnogo bankinga [E-banking security]. Moscow, Intellektual'naya literatura Publ., 2017, 318 p.
King B. Bank 3.0. Pochemu segodnya bank – eto ne to, kuda vy khodite, a to, chto vy delaete [Bank 3.0: Why Banking is No Longer Somewhere You Go But Something You Do]. Moscow, Olimp-Biznes Publ., 2014, 520 p.
Edwards M., Larson R., Green B. et al. Panning for Gold: Automatically Analysing Online Social Engineering Attack Surfaces. Computers & Security, 2017, vol. 69, pp. 18–34. URL: Link
Lyamin L.V. Primenenie tekhnologii elektronnogo bankinga: risk-orientirovannyi podkhod [The use of e-banking technologies: A risk-based approach]. Moscow, KnoRus Publ., 2011, 336 p.
Krombholz K., Hobel H., Huber M., Weippl E. Advanced Social Engineering Attacks. Journal of Information Security and Applications, 2015, vol. 22, pp. 113–122. URL: Link
Mouton F., Leenen L., Venter H.S. Social Engineering Attack Examples, Templates and Scenarios. Computers & Security, 2016, vol. 59, pp. 186–209. URL: Link
Safa N.S., von Solms R., Futcher L. Human Aspects of Information Security in Organizations. Computer Fraud & Security, 2016, vol. 2016, iss. 2, pp. 15–18. URL: Link30017-3
Hadnagy Ch., Wilson P. Social Engineering: The Art of Human Hacking. Wiley Publishing, Inc., 2010, 416 p.
Mouton F., Malan M.M., Kimppa K.K., Venter H.S. Necessity for Ethics in Social Engineering Research. Computers & Security, 2015, vol. 55, pp. 114–127. URL: Link
Rogozin D.O., Sheremet I.A., Garbuk S.V., Guba A.M. Vysokie tekhnologii v SShA: opyt ministerstva oborony i drugikh vedomstv [High technology in the United States: The experience of the Ministry of Defense and other agencies]. Moscow, Moscow State University Publ., 2013, 384 p.
Revenkov P.V., Berdyugin A.A. [Expansion of the operational risk profile in banks under increase of DDoS-threats]. Voprosy kiberbezopasnosti = Cybersecurity Issues, 2017, no. 3, pp. 16–23. (In Russ.)
Sun Tzu. Iskusstvo voiny [The Art of War]. Moscow, AST Publ., 2017, 192 p.