Annual Computer Security Applications Conference (ACSAC) 2018

Full Program »

Do Social Disorders Facilitate Social Engineering? A Case Study of Autism and Phishing Attacks

Social engineering is a well-established and well-studied threat especially against healthy computer users. Little studied, however, is the level of vulnerability to social engineering attacks against people with medical conditions. Social disorders in particular may make people more susceptible to such attacks. In this paper, as an initial line of investigation into this understudied research line, we launch a study of phishing, a prominent social engineering attack, against people suffering from autism spectrum disorder, a unique developmental disorder characterized by hampered social skills and communication. We present a study of phishing detection with two groups of participants each with 15 participants, one diagnosed with autism and other without autism, in which they were asked to distinguish real versions of certain websites from their fake counterparts. Given the known gullibility and social vulnerability of users with autism, our study is designed to test the hypothesis that individuals with autism will be more prone to such attacks in contrast to healthy participants of prior studies. Our results, however, do not support this hypothesis demonstrating that participants with autism are not more vulnerable to phishing attempts. We attribute this result to the unique characteristics of users with autism including attention to detail, strong memory of factual information and diverse way of thinking, which are skills that folklore assumes may actually make users with autism highly qualified for cybersecurity careers. Overall, our work serves to demonstrate that targeted (spear) phishing attacks against Internet users suffering from autism may not be more successful compared to untargeted attacks against the user population without autism. It also highlights that social disorders may not necessarily facilitate social engineering attacks.

Ajaya Neupane
University of California Riverside
United States

Kiavash Satvat
University of Alabama at Birmingham
United States

Nitesh Saxena
University of Alabama at Birmingham
United States

Despina Stavrinos
University of Alabama at Birmingham
United States

Haley Johnson Bishop
University of Alabama at Birmingham
United States

 



Powered by OpenConf®
Copyright©2002-2018 Zakon Group LLC