How social engineers use persuasion principles during vishing attacks. (7th December 2020)
- Record Type:
- Journal Article
- Title:
- How social engineers use persuasion principles during vishing attacks. (7th December 2020)
- Main Title:
- How social engineers use persuasion principles during vishing attacks
- Authors:
- Jones, Keith S.
Armstrong, Miriam E.
Tornblad, McKenna K.
Siami Namin, Akbar - Abstract:
- Abstract : Purpose: This study aims to examine how social engineers use persuasion principles during vishing attacks. Design/methodology/approach: In total, 86 examples of real-world vishing attacks were found in articles and videos. Each example was coded to determine which persuasion principles were present in that attack and how they were implemented, i.e. what specific elements of the attack contributed to the presence of each persuasion principle. Findings: Authority (A), social proof (S) and distraction (D) were the most widely used persuasion principles in vishing attacks, followed by liking, similarity and deception (L). These four persuasion principles occurred in a majority of vishing attacks, while commitment, reciprocation and consistency (C) did not. Further, certain sets of persuasion principles (i.e. authority, distraction, liking, similarity, and deception and social proof;, authority, commitment, reciprocation, and consistency, distraction, liking, similarity and deception, and social proof; and authority, distraction and social proof) were used more than others. It was noteworthy that despite their similarities, those sets of persuasion principles were implemented in different ways, and certain specific ways of implementing certain persuasion principles (e.g. vishers claiming to have authority over the victim) were quite rare. Originality/value: To the best of authors' knowledge, this study is the first to investigate how social engineers use persuasionAbstract : Purpose: This study aims to examine how social engineers use persuasion principles during vishing attacks. Design/methodology/approach: In total, 86 examples of real-world vishing attacks were found in articles and videos. Each example was coded to determine which persuasion principles were present in that attack and how they were implemented, i.e. what specific elements of the attack contributed to the presence of each persuasion principle. Findings: Authority (A), social proof (S) and distraction (D) were the most widely used persuasion principles in vishing attacks, followed by liking, similarity and deception (L). These four persuasion principles occurred in a majority of vishing attacks, while commitment, reciprocation and consistency (C) did not. Further, certain sets of persuasion principles (i.e. authority, distraction, liking, similarity, and deception and social proof;, authority, commitment, reciprocation, and consistency, distraction, liking, similarity and deception, and social proof; and authority, distraction and social proof) were used more than others. It was noteworthy that despite their similarities, those sets of persuasion principles were implemented in different ways, and certain specific ways of implementing certain persuasion principles (e.g. vishers claiming to have authority over the victim) were quite rare. Originality/value: To the best of authors' knowledge, this study is the first to investigate how social engineers use persuasion principles during vishing attacks. As such, it provides important insight into how social engineers implement vishing attacks and lays a critical foundation for future research investigating the psychological aspects of vishing attacks. The present results have important implications for vishing countermeasures and education. … (more)
- Is Part Of:
- Information and computer security. Volume 29:Number 2(2021)
- Journal:
- Information and computer security
- Issue:
- Volume 29:Number 2(2021)
- Issue Display:
- Volume 29, Issue 2 (2021)
- Year:
- 2021
- Volume:
- 29
- Issue:
- 2
- Issue Sort Value:
- 2021-0029-0002-0000
- Page Start:
- 314
- Page End:
- 331
- Publication Date:
- 2020-12-07
- Subjects:
- Persuasion -- Social engineering -- Attacks -- Persuasion principles -- Social engineering attacks -- Vishing
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-07-2020-0113 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 23361.xml