{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T15:56:24Z","timestamp":1774367784772,"version":"3.50.1"},"reference-count":34,"publisher":"MDPI AG","issue":"5","license":[{"start":{"date-parts":[[2018,5,3]],"date-time":"2018-05-03T00:00:00Z","timestamp":1525305600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Social engineering attacks are possibly one of the most dangerous forms of security and privacy attacks since they are technically oriented to psychological manipulation and have been growing in frequency with no end in sight. This research study assessed the major aspects and underlying concepts of social engineering attacks and their influence in the New Zealand banking sector. The study further identified attack stages and provided a user-reflective model for the mitigation of attacks at every stage of the social engineering attack cycle. The outcome of this research was a model that provides users with a process of having a reflective stance while engaging in online activities. Our model is proposed to aid users and, of course, financial institutions to re-think their anti-social engineering strategies while constantly maintaining a self-reflective assessment of whether they are being subjected to social engineering attacks while transacting online.<\/jats:p>","DOI":"10.3390\/info9050110","type":"journal-article","created":{"date-parts":[[2018,5,4]],"date-time":"2018-05-04T03:08:21Z","timestamp":1525403301000},"page":"110","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":45,"title":["Social Engineering Attacks and Countermeasures in the New Zealand Banking System: Advancing a User-Reflective Mitigation Model"],"prefix":"10.3390","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4701-1351","authenticated-orcid":false,"given":"David","family":"Airehrour","sequence":"first","affiliation":[{"name":"Nelson Marlborough Institute of Technology, Nelson 7010, New Zealand"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nisha","family":"Vasudevan Nair","sequence":"additional","affiliation":[{"name":"Nelson Marlborough Institute of Technology, Nelson 7010, New Zealand"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6430-9611","authenticated-orcid":false,"given":"Samaneh","family":"Madanian","sequence":"additional","affiliation":[{"name":"School of Engineering, Computer and Mathematical Sciences, Auckland University of Technology, Auckland 1010, New Zealand"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2018,5,3]]},"reference":[{"key":"ref_1","unstructured":"PriceWaterhouseCoopers (2016). Adjusting the Lens on Economic Crime, PriceWaterhouseCoopers (PWC)."},{"key":"ref_2","unstructured":"US Department of the Treasury (2015). Financial Services Sector-Specific Plan."},{"key":"ref_3","unstructured":"Software Engineering Institute (2014). Unintentional Insider Threats: Social Engineering, IEEE Security and Privacy Workshops."},{"key":"ref_4","first-page":"113","article-title":"Advanced Social Engineering attacks","volume":"22","author":"Krombholz","year":"2015","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Janczewski, L.J., and Fu, L.R. (2010, January 18\u201320). Social Engineering Attacks: Model and New Zealand Perspective. Proceedings of the 2010 International Multiconference on Computer Science and Information Technology (IMCSIT), Wisla, Poland.","DOI":"10.1109\/IMCSIT.2010.5680026"},{"key":"ref_6","unstructured":"World Economic Forum (2016). Understanding Systemic Cyber Risk, World Economic Forum."},{"key":"ref_7","first-page":"388","article-title":"Considerations Regarding the Security and Protection of E-Banking Services Consumers\u2019 Interests","volume":"12","author":"Vrancianu","year":"2010","journal-title":"Amfiteatru Econ. J."},{"key":"ref_8","unstructured":"The Hong Kong Economic Journal (2018). Cryptocurrency Exchange: Coincheck loses US$530 Mlllion in Hack, The Hong Kong Economic Journal."},{"key":"ref_9","unstructured":"(2018, March 02). Reserve Bank New Zealand, Register of Registered Banks in New Zealand, Available online: http:\/\/www.rbnz.govt.nz\/regulation-and-supervision\/banks\/register."},{"key":"ref_10","unstructured":"Du, J. (2011). An Empirical Analysis of Internet Banking Adoption in New Zealand, Lincoln University."},{"key":"ref_11","unstructured":"Taylor, K. (2002). Bank Customers Logging on, The New Zealand Herald."},{"key":"ref_12","unstructured":"Canstar (2018, May 03). Online Banking. Available online: https:\/\/cdn.canstar.co.nz\/wp-content\/uploads\/2014\/03\/nz-online-banking-apr-2013.pdf."},{"key":"ref_13","unstructured":"Hadnagy, C. (2010). Social Engineering: The Art of Human Hackin, Wiley. [1st ed.]."},{"key":"ref_14","unstructured":"SANS Institute (2016). Glossary of Security Terms, SANS."},{"key":"ref_15","unstructured":"Mitnick, D.S.W. (2003). The Art of Deception: Controlling the Human Element of Security, Wiley."},{"key":"ref_16","unstructured":"Papazov, Y. (2016). Social Engineering, North Atlantic Treaty Organization, Science and Technology Organization."},{"key":"ref_17","first-page":"1","article-title":"Protection of Computer Networks from the Social Engineering Attacks","volume":"1","author":"Molia","year":"2015","journal-title":"Int. J. Adv. Eng. Technol."},{"key":"ref_18","first-page":"179","article-title":"Security and Fraud Issues of E-banking","volume":"2","author":"Matalqa","year":"2015","journal-title":"Int. J. Comput. Netw. Appl."},{"key":"ref_19","first-page":"127","article-title":"Vulnerabilities in e-Banking: A Study of Various Security Aspects","volume":"6","author":"Brar","year":"2012","journal-title":"Int. J. Comput. Bus. Res."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"662","DOI":"10.1002\/asi.20779","article-title":"Wisecrackers: A Theory-Grounded Investigation of Phishing and Pretext Social Engineering Threats to Information Security","volume":"59","author":"Workman","year":"2008","journal-title":"J. Am. Soc. Inf. Sci. Technol."},{"key":"ref_21","unstructured":"Symantec (2016). Internet Security Threat Report, Symantec."},{"key":"ref_22","unstructured":"Radio New Zealand (2016). 108 Cyber-Crime Attacks per Day in NZ, RadioNZ."},{"key":"ref_23","unstructured":"Pallavi, P.P.R., and Dudhe, D. (2015). Detection of Websites Based on Phishing Websites Characteristics. Int. J. Innov. Res. Comput. Commun. Eng., 3."},{"key":"ref_24","unstructured":"VASCO (2015). Social Engineering: Mitigating Human Risk in Banking Transactions, Vasco Data Security."},{"key":"ref_25","unstructured":"Security Scorecard (2016). 2016 Financial Industry Cybersecurity Report, Security Scorecard."},{"key":"ref_26","unstructured":"Proofpoint (2017). Human Factor, Proofpoint."},{"key":"ref_27","unstructured":"Australian Cyber Security Centre (2017). Australian Cyber Security Centre: 2017 Threat Report."},{"key":"ref_28","unstructured":"Conference of State Bank Supervisors (2016). Cybersecurity 101: A Resource Guide for Bank Executives, Conference of State Bank Supervisors."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"242","DOI":"10.1007\/s12559-010-9042-7","article-title":"Experimental Case Studies for Investigating E-Banking Phishing","volume":"2","author":"Aburrous","year":"2010","journal-title":"J. Cogn, Comput."},{"key":"ref_30","unstructured":"E-Security Planet (2012). Social Engineering Attack Nets $2.1 Million from Wells Fargo Bank, e-Security Planet."},{"key":"ref_31","unstructured":"VASCO Data Security (2015). Social Engineering: Mitigating Human Risk in Banking Transactions, VASCO Data Security."},{"key":"ref_32","unstructured":"Longitude Research (2015). Cyberrisk in Banking: A Review of the Key Industry Threats and Responses Ahead, SAS. Available online: https:\/\/www.kroll.com\/media\/pdf\/white-papers\/cyberrisk-in-banking-106605.pdf."},{"key":"ref_33","first-page":"115","article-title":"Android Based Total Security for System Authentication","volume":"5","year":"2015","journal-title":"J. Eng. Res. Appl."},{"key":"ref_34","unstructured":"ANZ New Zealand (2018, January 24). ANZ New Zealand Facts, 07 2017. Available online: https:\/\/www.anz.co.nz\/about-us\/our-company\/anz-new-zealand\/."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/9\/5\/110\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:03:11Z","timestamp":1760194991000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/9\/5\/110"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,5,3]]},"references-count":34,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2018,5]]}},"alternative-id":["info9050110"],"URL":"https:\/\/doi.org\/10.3390\/info9050110","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,5,3]]}}}