DOI QR코드

DOI QR Code

전자금융사기의 사회공학적 진화: FGI를 통한 실제 피해자 분석

Social Engineering Evaluation of Electronic Financial Fraud: Analysis of Actual Victims through FGI

  • 박종필 (경남대학교 경영정보학과) ;
  • 류재관 (성균관대학교 일반대학원 경영학과)
  • Park, Jong-Pil (Management Information Systems, School of Business, Kyungnam University) ;
  • Ryu, Jae Kwan (Business Administration, SKK Business School, Sungkyunkwan University)
  • 투고 : 2018.02.06
  • 심사 : 2018.07.20
  • 발행 : 2018.07.28

초록

최근 전자금융사기에 대한 관심이 증가되고 있다. 특히, 전자금융사기는 사회공학적 양상으로 진화하고 있다. 이러한 높은 관심에도 불구하고 전자금융사기를 방지하기 위한 적절한 가이드라인은 거의 없는 실정이다. 더군다나, 실제피해자들을 대상으로 관련 연구가 거의 이루어지지 않고 있다. 본 연구의 목적은 실제 피해자들을 대상으로 왜 전자금융사기가 발생하는지에 대한 근원적 접근을 시도하고자 한다. 보다 실제적인 현실세계를 반영하기 위해, 본 연구에서는 피해자들을 대상으로 초점면접기법(FGI)을 활용해 분석하였다. 분석결과, 전자금융사기를 당하는 데에는 일정한 피해패턴이 있음을 발견할 수 있었다. 또한 왜 전자금융사기가 발생하는지에 대한 근본적인 물음에 대한 해답은 행동경제학에 바탕으로 둔 인간의 낙관적 편향이라는 심리적 인지오류로 인해 피해가 발생함을 확인할 수 있었다. 이 연구의 수행을 통해 위기관리 관점으로 향후 전자금융사기를 방지하기 위한 의미 있는 가이드라인과 방향성을 제공하며, 궁극적으로는 정부 및 산업계의 효과적 정책을 개발하기 위한 중요한 기초자료로서 활용되기를 기대한다.

Recently, much attention in electronic financial fraud has been dramatically increased. In particular, the electronic financial fraud has been transforming to social engineering. Despite the growing interest in electronic financial fraud, few guidelines exist how to effectively avoid the serious damage from electronic financial fraud. Moreover, it is rarely investigated cases of victims from financial fraud. Therefore, the purpose of this study is to investigate why financial fraud crime victims occurs. To enhance mundane realism, we conducted Focus Group Interview(FGI) with actual victims from financial fraud crime. Drawing analysis of FGI with actual victims, we found that there are certain damage patterns. Further, we found that the reason why financial fraud crime victims occurs is optimistic biases of humans rooted in behavioral economics. Therefore, this study provides the valuable guidelines and directions to prevent electronic financial fraud based on risk and crisis management perspective. Ultimately, this study is able to help the establishment and implementation of a comprehensive electronic financial fraud prevention policy.

키워드

참고문헌

  1. S. E. Kim & Y. J. Yang. (2008). The Evolution of Tele-financial Fraud: An Analysis of Offender-Victim Interaction Structures and Respondence to 'Voice Phising'. Korean Academy of Public Safety and Criminal Justice, 17(3), 101-149.
  2. KISA. (2008). Changes in Social Engineering Hacking. Seoul: Korea Internet & Security Agency.
  3. E. J. Kim & E. M. Kim. (2014). The Types of the Financial Fraud and Characteristics of Victims Focused on the Middle-aged and Elderly Consumers. Journal of Consumer Policy Studies, 45(2), 23-46. https://doi.org/10.15723/jcps.45.2.201408.23
  4. D. Y. Jeong, G. Kim & S. Lee. (2017). A Study on Risk Analysis and Countermeasures of Electronic Financial Fraud. Journal of the Korea Institute of Information Security & Cryptology, 27(1), 115-128. https://doi.org/10.13089/JKIISC.2017.27.1.115
  5. H. G. Koo & J. Y. Rha. (2015). Which Factors Cloud Affect Financial Consumer Problems Experience? - Convergence Approach of both Technical Information and Subjective Competency. Journal of Digital Convergence, 13(5), 31-39. https://doi.org/10.14400/JDC.2015.13.5.31
  6. C. S. Park, J. T. Hwang & S. D. Yang. (2011). An Empirical Study on the Types of the Investment Fraud. Korean Criminpological Review, 88, 287-314.
  7. J. Lee. (2011). An Empirical Study on the Types of the Investment Fraud. Korean Criminpological Review, 90, 280-304.
  8. H. J. Lee. (2009). A Study on Voice Phishing Victims and Counterm easures of the police. Korean Association of Victimology, 17(2), 217-244.
  9. S. E. Kim & Y. J. Yang. (2008). The Evolution of Tele-financial Fraud: An Analysis of Offender-Victim Interaction Structures and Respondence to 'Voice Phishing'. Korean Association Of Public Safety And Criminal Justice, 17(3), 102-149.
  10. B. H. Lee. (2008). A Study on Victimization Factors of Internet Fraud. Korean Association of Public Safety and Criminal Justice Review, 17(1), 112-137.
  11. Y. M. Cha. (2014). A Study on Recovery of Voice Phishing Crime. The Legal Studies Institute of Chosun University, 21(2), 535-559.
  12. Ransomware Computer Emergency Response Team Coordination Center. (2007). Ransomware Infringement Analysis Report. Seoul: RanCERT.
  13. Y. J. Choi. (2005). Research About the Individual Information Infringement Which Uses the Society Engineering. Master's Thesis, Konkuk University, Seoul.
  14. M. Q. Patton. (2002). Qualitative Research and Evaluation Methods (3rd ed.). Newbury Park, CA: Sage Publications.
  15. J. W. Creswell. (2017). Qualitative Inquiry and Research Design: Choosing among Five Traditions (3rd ed.). Newbury Park, CA: Sage Publications.
  16. H. J. Lee, Y. H. Lee, S. R. Park & I. J. Park. (2017). Improvement of ICT SMEs Technology Support Programs using Exploratory FGI and Delphi techniques. Journal of Digital Convergence, 15(9), 35-46. https://doi.org/10.14400/JDC.2017.15.9.35
  17. K. J. Song & G. T. Yeo. (2017). A Study on Extraction of International Freight Forwarders' Service Quality Factors : the Case of South Korea. Journal of Digital Convergence, 15(8), 45-58. https://doi.org/10.14400/JDC.2017.15.1.45
  18. M. J, Hindelang, M. R. Gottfredson & J. Garofalo. (1978). Victims of personal crime: An empirical foundation for a theory of personal victimization. Cambridge, MA: Ballinger.
  19. T. C. Pratt, K. Holtfreter & M. D. Reisig. (2010). Routine online activity and internet fraud targeting: Extending the generality of routine activity theory. Journal of Research in Crime and Delinquency, 47(3), 267-296. https://doi.org/10.1177/0022427810365903
  20. D. H. Ko & Y. A. Won. (2016). A Study of Effect on Media Exposure and Cybercrime Perception. Journal of Digital Convergence, 14(5), 67-75. https://doi.org/10.14400/JDC.2016.14.5.67
  21. H. A. Simon. (1957). Models of Man, New York: John Wiley & Sons.
  22. J. P. Park. (2015). Users' Security Protection through Fear Appeals: A Behavioral Economics Approach, Doctoral dissertation. Yonsei University, Korea.
  23. C. T. Kein & M. Helweg-Larsen. (2002). Perceived Control and the Optimistic Bias: A Meta-analytic Review. Psychology and Health, 17(4), 437-446. https://doi.org/10.1080/0887044022000004920
  24. J. R. Chapin. (2000). Third-person Perception and Optimistic Bias among Urban Minority at- Risk Youth. Communication Research, 27(1), 51-81. https://doi.org/10.1177/009365000027001003
  25. H. S. Rhee, Y. U. Ryu & C. T. Kim. (2005). I Am Fine But You Are Not: Optimistic Bias and Illusion of Control on Information Security. International Conference on Information Systems, Las Vegas, NV.
  26. H. S. Rhee, Y. U. Ryu & C. T. Kim. (2012). Unrealistic Optimism on Information Security Management, Computers & Security, 31(2), 221-232. https://doi.org/10.1016/j.cose.2011.12.001