Abstract: Many tools are used for phishing. Despite the different tools used in phishing, the key element involves convincing the user to give away their information willingly. In this study, researchers conducted an experiment on a small population of university students in the Eastern Province of Saudi Arabia. A group of 200 university students who had eBay accounts were recruited for the experiment. The experiment included designing a replica website for an online business and hosting it over the intranet. The students clicked on a desktop icon based on instructions from their trusted instructor and the icon took them to a phishing website where the students were asked to log in. The results indicate that 90% of the users who logged onto the website recognized only the look and feel of the login page and did not pay attention to important details such as the URL and the security features of the login page. Another important result showed that combining social engineering with phishing enhanced the experiment and influenced the users perception of the fake website. The social engineering involved a trusted instructor who influenced their trust in the authenticity of the website.
Jaafar M. Alghazo and Zafar Kazimi, 2013. Social Engineering in Phishing Attacks in the Eastern Province of Saudi Arabia. Asian Journal of Information Technology, 12: 91-98.