Hossein Siadati scite author profile

SMS-based second factor authentication is a cornerstone for many service providers, ranging from email service providers and social networks to financial institutions and online marketplaces. Attackers have not been slow to capitalize on the vulnerabilities of this mechanism by using social engineering techniques to coerce users to forward authentication codes. We demonstrate one social engineering attack for which we experimentally obtained a 50% success rate against Google's SMS-based authentication. At the heart of the problem is the messaging associated with the authentication code, and how this must not have been developed with security against social engineering in mind. Pursuing a top-down methodology, we generate alternative messages and experimentally test these against an array of social engineering attempts. Our most robust messaging approach reduces the success of the most effective social engineering attack to 8%, or a sixth of its success against Google's standard second factor verification code messages.

show abstract

Mind Your SMSes: Mitigating Social Engineering in Second Factor Authentication

Siadati

Nguyen

Gupta³

et al. 2020

View full text Add to dashboard Cite

A phishing sites blacklist generator

Sharifi

Siadati

2008

View full text Add to dashboard Cite

Lessons Learned Developing a Visual Analytics Solution for Investigative Analysis of Scamming Activities

Koven

Felix

Siadati

et al. 2019

IEEE Trans. Visual. Comput. Graphics

View full text Add to dashboard Cite

The forensic investigation of communication datasets which contain unstructured text, social network information, and metadata is a complex task that is becoming more important due to the immense amount of data being collected. Currently there are limited approaches that allow an investigator to explore the network, text and metadata in a unified manner. We developed Beagle as a forensic tool for email datasets that allows investigators to flexibly form complex queries in order to discover important information in email data. Beagle was successfully deployed at a security firm which had a large email dataset that was difficult to properly investigate. We discuss our experience developing Beagle as well as the lessons we learned applying visual analytic techniques to a difficult real-world problem.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Hossein Siadati

Detecting Structurally Anomalous Logins Within Enterprise Networks

Mind your SMSes: Mitigating social engineering in second factor authentication

Mind Your SMSes: Mitigating Social Engineering in Second Factor Authentication

A phishing sites blacklist generator

Lessons Learned Developing a Visual Analytics Solution for Investigative Analysis of Scamming Activities

Contact Info

Product

Resources

About