Using a Chatbot to Prevent Identity Fraud By Social Engineering

Sammanfattning: Social engineering is a threat that is expanding and threatens organisations existence. A social engineer can get hold of crucial business information that is vital for the organisation and by this threaten the organisation. To prevent successful fraud attempts the organisations need to educate their employees about social engineering fraud techniques that can be used for gaining information. Hence, information security education needs new educational approaches to cope with the threats. A solution to the problem is the use of an automated chatbot that gives the employees knowledge about a threat that is difficult to spot. To understand if an automated chatbot is a possible solution to educate the users, an investigation about the applicability is conducted. The investigation is based on a survey that compares traditional security education that is based on reading a written informational text and the use of an automated chatbot that simulates a fraud attempt with the purpose to steal an identity. The education with the automated chatbot is to be exposed to an identity fraud attempt in a controlled environment and then get an explanation of what have happened and way. The automated chatbot is developed with a fraud attempt that looks like a normal market research approach, the market research where conducted with question that gather information that is important for identity thefts. The result of the investigation shows that it may be possible to use an automated chatbot for educating in social engineering fraud attacks. However there is still a need to solve several major problems before there are possible to make sure the concept is fully feasible.