Experience in social engineering by ecommerce platforms in Kenya
Date
2016Author
Mwasambo, Lawrence M
Moturi, Christopher A.
Type
ArticleLanguage
enMetadata
Show full item recordAbstract
eCommerce systems have been targeted by cyber criminals as they receive and use the money,
rely on technology, outsourced services and use of payment technologies like mobile money and
online banking channels to carry out their day-to-day transactions. This study sought to
investigate social engineering and its mitigation in eCommerce platforms in Kenya. An
existing Social Engineering Defensive Framework was adopted and its dimensions were used to
create questionnaires and interview guides. The study used 30 out of the 34 pure-play eCommerce
firms operating in Nairobi, Kenya. The results indicate that phishing/spear phishing as the leading
threat followed by baiting/Trojan Horse, social media/fraudulent websites, search engine poisoning
among others. Mitigation measures indicate organizations need to regularly check their website
listing in hacking sites (such as pastebin.com and ghostbin.com) and periodically document and
update new policies regarding social engineering and information security. This paper proposes
social engineering mitigation best practices, emphasizing the need for organizations using the
derived best practices and incorporating security culture.
Citation
Mwasambo and Moturi; BJAST, 18(2): 1-12, 2016; Article no.BJAST.30312Publisher
University of Nairobi
Rights
Attribution-NonCommercial-NoDerivs 3.0 United StatesUsage Rights
http://creativecommons.org/licenses/by-nc-nd/3.0/us/Collections
The following license files are associated with this item: